update

Signed-off-by: Benji Visser <benji@093b.org>

.goreleaser.yaml

@@ -15,46 +15,41 @@ builds:
     goarch:
       - amd64
       - arm64
+    mod_timestamp: '{{ .CommitTimestamp }}'
     ldflags:
       - -X main.AppVersion={{.Env.VERSION}} -w -extldflags static
+
 archives:
   - format: binary
     name_template: "{{ .ProjectName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}"
 
 checksum:
   name_template: 'checksums.txt'
 
+gomod:
+  proxy: true
+
 source:
   enabled: true
 
 sboms:
-  - id: archive
-    artifacts: archive
+  - artifacts: archive
   - id: source
     artifacts: source
 
 signs:
-  - cmd: cosign
-    env:
-    - COSIGN_EXPERIMENTAL=1
-    signature: "${artifact}-keyless.sig"
-    certificate: "${artifact}-keyless.pem"
-    args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "--output-certificate", "${artifact}-keyless.pem", "${artifact}"]
-    artifacts: binary
-
-  - id: checksum-keyless
-    signature: "${artifact}-keyless.sig"
-    certificate: "${artifact}-keyless.pem"
-    cmd: ./dist/cosign-linux-amd64
-    args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "--output-certificate", "${artifact}-keyless.pem", "${artifact}"]
-    artifacts: checksum
-
-  - id: packages-keyless
-    signature: "${artifact}-keyless.sig"
-    certificate: "${artifact}-keyless.pem"
-    cmd: ./dist/cosign-linux-amd64
-    args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "--output-certificate", "${artifact}-keyless.pem", "${artifact}"]
-    artifacts: package
+- cmd: cosign
+  env:
+  - COSIGN_EXPERIMENTAL=1
+  certificate: '${artifact}.pem'
+  args:
+    - sign-blob
+    - '--output-certificate=${certificate}'
+    - '--output-signature=${signature}'
+    - '${artifact}'
+    - "--yes" # needed on cosign 2.0.0+
+  artifacts: checksum
+  output: true
 
 snapshot:
   name_template: "{{ incpatch .Tag }}-next"