From 0dd846d271db15326d2d81402640fe9d929f2503 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Tue, 23 Apr 2024 14:08:15 -0400
Subject: [PATCH] fix sbom generation

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---
 .binny.yaml                    | 9 +++++----
 .github/workflows/release.yaml | 4 ++--
 .goreleaser.yaml               | 1 -
 Taskfile.yaml                  | 3 ++-
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/.binny.yaml b/.binny.yaml
index 67a4a2d..1cc41fb 100644
--- a/.binny.yaml
+++ b/.binny.yaml
@@ -12,6 +12,7 @@ tools:
         - -X main.gitDescription={{ .Version }}
         # note: sprig functions are available: http://masterminds.github.io/sprig/
         - -X main.buildDate={{ now | date "2006-01-02T15:04:05Z07:00" }}
+
   - name: binny
     version:
       want: v0.6.2
@@ -57,14 +58,14 @@ tools:
   # used for signing the checksums file at release
   - name: cosign
     version:
-      want: v2.2.3
+      want: v2.2.4
     method: github-release
     with:
       repo: sigstore/cosign
 
   - name: goreleaser
     version:
-      want: v1.21.1
+      want: v1.25.1
     method: github-release
     with:
       repo: goreleaser/goreleaser
@@ -78,7 +79,7 @@ tools:
 
   - name: bouncer
     version:
-      want: v0.1.0
+      want: v0.4.0
     method: github-release
     with:
       repo: wagoodman/go-bouncer
@@ -92,7 +93,7 @@ tools:
 
   - name: syft
     version:
-      want: v0.95.0
+      want: v1.2.0
     method: github-release
     with:
       repo: anchore/syft
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c8fd9fe..31d8f97 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -47,8 +47,8 @@ jobs:
     permissions:
       contents: write
       packages: write
-      issues: read
-      pull-requests: read
+      # required for goreleaser signs section with cosign
+      id-token: write
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 1187526..5e446d5 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -42,7 +42,6 @@ builds:
           env:
             - QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log
 
-
 archives:
   - id: linux-archives
     builds:
diff --git a/Taskfile.yaml b/Taskfile.yaml
index 3bcb007..b011ce4 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -56,6 +56,7 @@ tasks:
       - "{{ .TOOL_DIR }}/chronicle"
       - "{{ .TOOL_DIR }}/glow"
       - "{{ .TOOL_DIR }}/goreleaser"
+      - "{{ .TOOL_DIR }}/bouncer"
     status:
       - "{{ .TOOL_DIR }}/binny check -v"
     cmd: "{{ .TOOL_DIR }}/binny install -v"
@@ -141,7 +142,7 @@ tasks:
       - cmd: "mkdir -p {{ .TMP_DIR }}"
         silent: true
       - cmd: |
-          cat .goreleaser.yaml >> {{ .TMP_DIR }}/goreleaser.yaml
+          cat .goreleaser.yaml > {{ .TMP_DIR }}/goreleaser.yaml
           echo "dist: {{ .SNAPSHOT_DIR }}" >> {{ .TMP_DIR }}/goreleaser.yaml
       - cmd: "{{ .TOOL_DIR }}/goreleaser release --clean --skip=publish --skip=sign --snapshot --config {{ .TMP_DIR }}/goreleaser.yaml"