{"id":13411289,"url":"https://github.com/nikogura/gomason","last_synced_at":"2026-02-10T21:12:38.616Z","repository":{"id":57491790,"uuid":"111165010","full_name":"nikogura/gomason","owner":"nikogura","description":"A tool for testing, building, signing, and publishing binaries.","archived":false,"fork":false,"pushed_at":"2025-09-12T18:47:17.000Z","size":1722,"stargazers_count":66,"open_issues_count":3,"forks_count":9,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-28T00:40:58.054Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nikogura.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-11-18T00:59:11.000Z","updated_at":"2025-09-12T18:47:21.000Z","dependencies_parsed_at":"2024-01-30T04:05:36.485Z","dependency_job_id":"6f7aee0d-afe1-44bf-b54a-4d75d3de1337","html_url":"https://github.com/nikogura/gomason","commit_stats":null,"previous_names":[],"tags_count":49,"template":false,"template_full_name":null,"purl":"pkg:github/nikogura/gomason","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikogura%2Fgomason","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikogura%2Fgomason/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikogura%2Fgomason/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikogura%2Fgomason/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nikogura","download_url":"https://codeload.github.com/nikogura/gomason/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikogura%2Fgomason/sbom","scorecard":{"id":687534,"data":{"date":"2025-08-11","repo":{"name":"github.com/nikogura/gomason","commit":"8a89c22d1f0dcaca8c0681a5412f89f03bbd6adf"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T01:20:01.453Z","repository_id":57491790,"created_at":"2025-08-22T01:20:01.453Z","updated_at":"2025-08-22T01:20:01.453Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29316789,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T20:44:44.282Z","status":"ssl_error","status_checked_at":"2026-02-10T20:44:43.393Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T20:01:12.687Z","updated_at":"2026-02-10T21:12:38.605Z","avatar_url":"https://github.com/nikogura.png","language":"Go","funding_links":[],"categories":["持续集成","Continuous Integration","持续集成(CI)","持续集成`持续集成的辅助工具`","Uncategorized"],"sub_categories":["标准CLI","Advanced Console UIs","Standard CLI","标准 CLI"],"readme":"# gomason\n\n[![Current Release](https://img.shields.io/github/release/nikogura/gomason.svg)](https://img.shields.io/github/release/nikogura/gomason.svg)\n\n[![CI](https://github.com/nikogura/gomason/actions/workflows/ci.yml/badge.svg)](https://github.com/nikogura/gomason/actions/workflows/ci.yml)\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/nikogura/gomason/v2)](https://goreportcard.com/report/github.com/nikogura/gomason/v2)\n\n[![Go Doc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square)](https://pkg.go.dev/github.com/nikogura/gomason/v2)\n\n[![Coverage Status](https://codecov.io/gh/nikogura/gomason/branch/master/graph/badge.svg)](https://codecov.io/gh/nikogura/gomason)\n\n[![Mentioned in Awesome Go](https://awesome.re/mentioned-badge.svg)](https://github.com/avelino/awesome-go) \n\nTool for testing, building, signing and publishing binaries. Think of it as an on-premises CI/CD system that also performs code signing and publishing of artifacts.\n\n## Historical Context\n\n**Note:** Gomason was originally created in the pre-Go modules era (before Go 1.11, released September 2018) when Go dependency management was less deterministic and required tools like `dep`, `godep`, or manual `GOPATH` management. Many of gomason's core features—such as clean workspace builds, dependency isolation, and reproducible builds—addressed pain points that have since been largely solved by Go modules and the modern Go toolchain.\n\nWhile Go modules now provide deterministic builds and better dependency management, gomason still offers significant value for:\n- **Template-based artifact generation** - Dynamic creation of install scripts, documentation, and configuration files from templates\n- **Sophisticated publishing workflows** - Automated upload of binaries, signatures, checksums, and generated artifacts to multiple repository types\n- **Code signing with provenance** - GPG signing of binaries with proper author attribution\n- **Multi-platform release automation** - Cross-compilation and publishing in a single command\n- **Legacy project support** - Projects that haven't migrated to modules\n\nThe templating and publishing functions remain highly useful even in the modern Go ecosystem, where they can complement standard tooling (`go build`, `go test`, GitHub Actions, etc.) to provide a complete release pipeline.\n\nYou could do this via a CI/CD System and an artifact repository of some flavor. But wiring that up properly takes time, experience, and tends to be very specific to your particular system and repository. \n\nGomason attempts to abstract all of that. It will:\n\n1. Run tests and report on results\n\n2. Build binaries for the target OS/Arch and other files based on templates.\n\n3. Sign the binaries and files thus built.\n\n4. Publish the files, their signatures, and their checksums to the destination of your choice.\n\nIt does all of this based on config file called 'metadata.json' which you place in the root of your repository.\n\nNone of this is exactly rocket science, but I have done it enough times, in enough different ways, that it was finally time to say 'enough' and be done with it. \n\nGomason comes from an experience I had where management was so astounding **anti-testing** that I needed to come up with a way to do clean-room CI testing quickly, easily and transparently, but also fly under the radar. They didn't need to know I was 'wasting time' testing my work. *(yeah, I couldn't believe it either. Blew my mind.)* \n\nWhat started out as a sort of subversive method of continuing to test my own code expanded after we parted ways. See, signing binaries and uploading the various bits to a repo isn't exactly rocket science, but it's also *dreadfully boring* once you've done it a few times. I figured DRY, so I made a 'one and done' means for doing so.\n\nCI systems like Artifactory Pro can sign binaries, but they don't really have provenance on who the author was. The bits arrived there, presumably after authentication (but that depends on the config), but you don't really know who did the signing.\n\nEnter gomason, which can do the building and signing locally with personal keys and then upload. Presumably you'd also require authentication on upload, but now you've actually established 2 things- someone with credentials has uploaded this, *and* they've personally signed what they uploaded. Whether you trust that signature is up to you, but we've provided an easy means to extend what a traditional CI system can do.\n\nGomason uses ```gox``` the Go cross compiler to do it's compiling. It builds whatever versions you like, but they need to be specified in the metadata file detailed below in gox-like format.\n\nCode is downloaded via ```go get``` (or `go mod download` in module-aware builds). If you have your VCS configured so that you can do that without authentication, then everything will *just work*.\n\nSigning is currently done via GPG. I intend to support other signing methods such as Keybase.io, but at the moment, gpg is all you get. If your signing keys are in gpg, and you have the gpg-agent running, it should *just work*.\n\n## Language Suppport\n\nAt present, `gomason` only supports golang, but it turns out automating the whole test/build/sign/publish steps and making the UX painless is a really attractive thing, and it would be nice to have when working in other languages.\n\nBasically, the authors have gotten so used to the painless UX that when we have to do things in other languages, we found ourselves missing `gomason`. \n\nNecessity being the mother of invention, stay tuned...\n\n## Installation\n\n go install github.com/nikogura/gomason/v2@latest\n\n## Modern Usage Patterns\n\nFor new projects, gomason excels at:\n\n**Release Automation:**\n```bash\n# Complete test, build, sign, and publish pipeline\ngomason publish\n\n# Test and build only (useful in CI)\ngomason build\n```\n\n**Template-Driven Artifacts:**\n- Generate install scripts, documentation, and configuration files\n- Template variables populated from `metadata.json` at build time\n- Perfect for creating distribution artifacts alongside binaries\n\n**Multi-Repository Publishing:**\n- Upload to multiple artifact repositories simultaneously \n- Support for Artifactory, S3, and HTTP endpoints\n- Separate tool repositories from main binary repositories\n\nCombined with modern CI/CD (GitHub Actions, etc.), gomason provides the signing and publishing capabilities that standard Go tooling doesn't offer.\n \n## Usage Examples\n\nTest the master branch in a clean GOPATH return success/failure:\n\n gomason test\n \nTest the master branch and see what's going on behind the scenes:\n\n gomason test -v\n \nTest another branch verbosely:\n\n gomason test -v -b \u003cbranch name\u003e\n \n \nPublish the master branch after building:\n\n gomason publish -v\n \n \nBuild and publish a branch without testing (I know, I know, don't test?!!?!) \n\nThis can be occasionally useful for publishing 3rd party tools internally when you need to make internal tweaks to support your use case.\n\nSometimes you don't have the wherewithal to build and maintain a full test suite for a 3rd party tool. \n\n gomason publish -vs -b \u003cbranch name\u003e\n \nOther options can be found by running:\n\n gomason help\n \n## Project Config\n\nProjects are configured by the file ```metadata.json``` in the root of the project being tested/built/published by gomason. This file is intended to be checked into the project and contains information required for gomason to function. See below for examples and [Project Config Reference](#project-config-reference) for full details.\n\nAs of v2.6.1, `gomason` supports S3 urls of the 'virtual host' variety. (i.e. `https://\u003cbucket\u003e.s3.\u003cregion\u003e.amazonaws.com/\u003ckey\u003e`). It's assumed AWS credentials are configured in the environment used to run `gomason`. If other AWS programs and tools work, `gomason` should too - so long as you have permission to write to the configured bucket(s).\n\nSome information in ```metadata.json```, such as signing info can be overwritten by the [User Config](#user-config) detailed below.\n\nExample metadata file:\n\n {\n \"version\": \"1.0.0\",\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"description\": \"A tool for testing, building, signing, and publishing your project from a clean workspace.\",\n \"repository\": \"http://localhost:8081/artifactory/generic-local\",\n \"tool-repository\": \"http://localhost:8081/artifactory/generic-local-tools\",\n \"insecure_get\": false,\n \"language\": \"golang\",\n \"building\": {\n \"prepcommands\": [\n \"go get k8s.io/client-go/...\",\n \"cd ${GOPATH}/src/k8s.io/client-go \u0026\u0026 git checkout v10.0.0\",\n \"cd ${GOPATH}/src/k8s.io/client-go \u0026\u0026 godep restore ./...\"\n ],\n \"targets\": [\n {\n \"name\": \"darwin/amd64\",\n \"cgo\": true,\n \"flags\": {\n \"CC\": \"o64-gcc\",\n \"CXX\": \"o64-g++\"\n },\n \"ldflags\": \"-X github.com/nikogura/dbt/pkg/dbt.METADATA_TEMPLATE=${METADATA_TEMPLATE}\"\n\n {\n \"name\": \"linux/amd64\"\n }\n ]\n },\n \"signing\": {\n \"program\": \"gpg\",\n \"email\": \"gomason-tester@foo.com\"\n },\n \"publishing\": {\n \"targets\": [\n {\n \"src\": \"gomason_darwin_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/darwin/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n },\n {\n \"src\": \"gomason_linux_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/linux/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n }\n ]\n }\n }\n\n## User Config\n\nUser configuration is accomplished by the file ```~/.gomason```. This is an *ini* formatted file that contains user level information such as the identity of the signer for use when signing binaries.\n\nAn example ```~/.gomason```:\n\n [user]\n email = nik.ogura@gmail.com\n username = nikogura\n passwordfunc = lpass show --notes gomason-test\n\n [signing]\n program = gpg\n email = nik.ogura@gmail.com\n \nThis config would use the gpg program to sign binaries with the author's private key. Obviously a key for the listed user must exist within gpg's keychain for this to function. \n\nThis example also uses the LastPass cli to get the publishing password. Neat huh?\n\nUser config, if set, overrides any project config.\n\nSee [User Config Reference](#user-config-reference) for more details.\n \n## Usage\n\n* NOTE: you must have a ```metadata.json``` in your project as described in [Project Config Reference](#project-config-reference) below.\n\n### Testing\n\nExample Minimum Config:\n\n {\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"version\": \"0.1.0\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\"\n }\n\nRun:\n\n gomason test\n \n### Building\n\nExample Minimum Config:\n\n {\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"version\": \"0.1.0\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\",\n \"building\": {\n \"targets\": [\n {\n \"name\": \"darwin/amd64\",\n {\n \"name\": \"linux/amd64\"\n }\n ]\n }\n }\n \nRun:\n\n gomason build\n \nThe binaries will be moved into the current working directory.\n \n### Signing\n\nExample Config (Shared Key Signing):\n\n {\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"version\": \"0.1.0\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\",\n \"building\": {\n \"targets\": [\n \"darwin/amd64\",\n \"linux/amd64\"\n ]\n },\n \"signing\": {\n \"program\": \"gpg\",\n \"email\": \"gomason-tester@foo.com\"\n },\n }\n \nRun:\n\n gomason sign\n \nThe binaries and their signatures will be dumped into the current working directory.\n\nExample Config (Personal Key Signing):\n\n {\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"version\": \"0.1.0\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\",\n \"building\": {\n \"targets\": [\n \"darwin/amd64\",\n \"linux/amd64\"\n ]\n }\n }\n \n```~/.gomason```:\n\n\n [user]\n email = nik.ogura@gmail.com\n \n [signing]\n program = gpg\n \nRun:\n\n gomason sign\n \nThe binaries and their signatures will be dumped into the current working directory.\n\n### Publishing\n\nExample Config (Personal Key Signing, Personal Credentials):\n\n {\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"version\": \"0.1.0\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\",\n \"repository\": \"http://localhost:8081/artifactory/generic-local\",\n \"building\": {\n \"targets\": [\n {\n \"name\": \"darwin/amd64\",\n {\n \"name\": \"linux/amd64\"\n }\n ]\n },\n \"publishing\": {\n \"targets\": [\n {\n \"src\": \"gomason_darwin_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/darwin/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n },\n {\n \"src\": \"gomason_linux_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/linux/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n }\n ]\n }\n }\n \n```~/.gomason```:\n\n\n [user]\n email = nik.ogura@gmail.com\n username = nikogura\n password = $ecretY0uNoR3ad!\n \n [signing]\n program = gpg\n \nRun:\n\n gomason publish\n\nExample Config (Shared Key Signing, Shared Credentials):\n\n {\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"version\": \"0.1.0\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\",\n \"repository\": \"http://localhost:8081/artifactory/generic-local\",\n \"building\": {\n \"targets\": [\n {\n \"name\": \"darwin/amd64\",\n {\n \"name\": \"linux/amd64\"\n }\n ]\n },\n \"signing\": {\n \"program\": \"gpg\",\n \"email\": \"gomason-tester@foo.com\"\n },\n \"publishing\": {\n \"targets\": [\n {\n \"src\": \"gomason_darwin_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/darwin/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n },\n {\n \"src\": \"gomason_linux_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/linux/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n }\n ],\n \"username\": \"nikogura\",\n \"password\": \"$ecretY0uNoR3ad!\"\n }\n }\n \nRun:\n\n gomason publish\n \n### Publishing without Signing.\n \nOccasionally, it might be useful to test and publish, but not sign. Internal use for instance, where you don't really have a web of trust set up.\n\nIn that case, set \"skip-signing\": true in the publishing section and gomason will publish without bothering with the signatures.\n\nExample:\n\n {\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"version\": \"0.1.0\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\",\n \"repository\": \"http://localhost:8081/artifactory/generic-local\",\n \"building\": {\n \"targets\": [\n {\n \"name\": \"darwin/amd64\",\n {\n \"name\": \"linux/amd64\"\n }\n ]\n },\n \"publishing\": {\n \"skip-signing\": true,\n \"targets\": [\n {\n \"src\": \"gomason_darwin_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/darwin/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n },\n {\n \"src\": \"gomason_linux_amd64\",\n \"dst\": \"{{.Repository}}/gomason/{{.Version}}/linux/amd64/gomason\",\n \"sig\": true,\n \"checksums\": false\n }\n ]\n }\n }\n\n### Building and Publishing Without Testing\n\nThis is generally not a great idea, but one common use case for `gomason` is to make your own builds of some third party code with some custom flags. In this case you often don't want or need the full range of testing or test targets, or don't have access to the author's test system.\n\nSometimes you just want to build the damn code and publish it somewhere. In those cases, run:\n\n gomason [build | publish] -s [--skip-tests]\n \nPlease don't do this with your own code. It makes \u003cinsert deity here\u003e cry.\n\n---\n \n## Project Config Reference\n\nGomason depends on a metadata file imaginatively named 'metadata.json'. It's expected to be in the root of the repo.\n\nThe metadata file contains such information as the version. (Yes, I'm old fashioned that way. I like human readable version numbers.)\n\nExample:\n\n {\n \"version\": \"0.1.0\",\n \"package\": \"github.com/nikogura/gomason/v2\",\n \"description\": \"A tool for building and testing your project in a clean GOPATH.\",\n \"repository\": \"http://localhost:8081/artifactory/generic-local\",\n \"tool-repository\": \"http://localhost:8081/artifactory/generic-local-tools\",\n \"language\": \"golang\",\n \"building\": {\n \"prepcommands\": [\n \"go get k8s.io/client-go/...\",\n \"cd ${GOPATH}/src/k8s.io/client-go \u0026\u0026 git checkout v10.0.0\",\n \"cd ${GOPATH}/src/k8s.io/client-go \u0026\u0026 godep restore ./...\"\n ],\n \"targets\": [\n {\n \"name\": \"darwin/amd64\",\n },\n {\n \"name\": \"linux/amd64\"\n }\n ]\n }\n }\n\n### Version\n\nSemantic version string of your package. I realize go's github dependency mechanism provides commit-level granularity, but honestly? Is that really useful? \n\nWhen's the last time you looked at a commit hash and derived any meaning around how much this version has changed from the last one you depended on? I'm a fan of the idea that the major/minor/patch contract of semantic versioning can help you estimate, at a glance, how much of a change that upgrade you're pondering will be.\n\nSure, it needs to be tested. (Trust but verify, right?) But it's really nice to be able to have that estimate in a glance before you devote resources to the upgrade, even if it's just a quick estimate in your head.\n\n### Package\n\nThe name of the Go package as used by 'go get'. Used to actually check out the code in the clean build environment.\n\n\n### Description\n\nA nice, human readable description for your module, cos that's really nice. Having it in a parsable location as a simple string is also useful for other things, as you can probably imagine.\n\n### Repository\n\nThe url of the repository to which you're planning to publish your binaries.\n\n### Tool-Repository\n\nThe url of a secondary repository to which you're planning to publish your binaries. Primarily intended for use by (dbt)[https://github.com/nikogura/dbt]. \n\n### Insecure_Get\n\nSometimes you've got a code repo that has a self signed cert. Set this to true, and it'll pass ```-insecure``` to ```go get``` and ```govendor sync``` so you can still run- even if your internal repo has a self signed cert on it.\n\n### Language\n\nOptional at this point, and the only legal value is `golang`. We plan to support other languages that can compile to single binaries in the future.\n\n### Building\n\nInformation specifically for building the project.\n\n#### Prepcommands\n\nThese are a list of bash commands that will be run prior to running any command that acutally uses your code, such as `go test'.\n\nThese commands are run one at a time, in a bash shell via `bash -c \"\u003ccommand\"`. This can be dangerous. Use it with care. Obviously, bash has to exist on the system for things to work. \n\nThis is primarily intended for situations like the Kubernetes Golang client, which needs special setup commands to pre-configure the dependencies in the GOPATH before actually testing and building your code.\n\n#### Targets\n\nThis is used to determine which OSes and architectures to compile for. It's gotta be Gox's way of expressing the version and arch (os/arch), as the strings will simply be passed along to gox to build your toys.\n\nTargets can take an optional 'cgo' flag to build with CGO, and a map of compiler flags (ENV Vars) that will be passed on to gox at build time.\n\nYou can also pass through a string for use by `-ldflags` if you need to pass special information into the compiler or set internal variables at build time.\n\nTargets can also take an optional 'legacy' flag to build with GO111MODULE=off, for older projects that have not been converted yet.\n\nThis can be useful for cases where different targets require different options.\n\nFor example, the following will build 64 bit binaries for MacOS and Linux:\n\n \"targets\": [\n {\n \"name\": \"darwin/amd64\",\n \"cgo\": true,\n \"flags\": {\n \"CC\": \"o64-gcc\",\n \"CXX\": \"o64-g++\"\n },\n \"ldflags\": \"-X github.com/nikogura/dbt/pkg/dbt.METADATA_TEMPLATE=${METADATA_TEMPLATE}\"\n {\n \"name\": \"linux/amd64\"\n }\n ]\n \nThis of course, assumes you have gcc built able to cross-compile with something like https://github.com/tpoechtrager/osxcross. The above works fine with MacOSX10.11 for the author.\n \n#### Extras\n\nExtra artifacts such as scripts and such you'd like built along side your go binaries.\n\nFiles are built from templates using the ```metadata.json``` as an information source. Any field of the Metadata object created from ```metadata.json``` can be included in the template. See golang's text/template documentation at [https://dlintw.github.io/gobyexample/public/text-template.html](https://dlintw.github.io/gobyexample/public/text-template.html) for examples.\n\nEach 'extra' is a map with the following information:\n\n* **template** String The template file to use.\n\n* **filename** String The name of the file to write from the template\n\n* **executable** Bool Whether to make the written file executable.\n \n### Signing\n\nInformation related to signing.\n\n#### Program\n\nDefaults to 'gpg'. Others such as keybase.io will be added depending on time and user interest.\n\n#### Email\n\nThe email of the entity (generally a person) who's doing the signing. This entity, and their attendant keys must be available to the signing program. \n\nFor instance, with the default 'gpg' program, gomason merely calls ```gpg -bau \u003cemail\u003e \u003cfile\u003e``` on the binaries. If gpg doesn't already have a key registered for the email, an error will occur.\n\n### Publishing\n\nInformation related to publishing.\n\n#### Targets\n\nEach target represents a file that will be uploaded. Targets have the following attributes:\n\n* **src** String. This is the file name as gomason would see it after running ```gox``` in the checked out code directory. \n\n* **dst** String. This is the upload path on the repository server. Template fields of the form ```{{{.Field}}``` are supported. The data being fed to the template is the Metadata object created from ```metadata.json```. It's particularly useful for interpolating the *version* (```{{.Version}}```) and the *repository* ```{{.Repository}}``` into the upload path.\n\n* **sig** Boolean. Whether or not to upload the signature of the file you're publishing. Generally you would want this to be true.\n\n* **checksums** Boolean Whether or not to upload the checksum files for your published file. Artifactory generates these files automatically, but if you're using something that supports a PUT, but can't generate the checksums, setting this to true will handle it for you.\n\n#### Username\n\nThe username to use when authenticating to your artifact repository. This can be set here, or in the per-user config. Setting it in the per-user config is recommended.\n\n#### Password\n\nThe password to use when authenticating to your artifact repository. You can set it here (not recommended), or you can set it in the per-user config.\n\n#### Usernamefunc\n\nA shell function that will return the username to use. Enables getting username info from a service. Use carefully. It's executing a command on your system.\n\n#### Passwordfunc\n\nA shell function that will return the password to use when publishing. Enables getting the password from a service such as AWS Parameter store or Vault.\n\n---\n\n## User Config Reference\n\nPer-user config. Primarily used to set per-user information that would not make sense to have in the project config. \n\nWhich identity and key to use for signing is a good example. While you can set and distribute a shared key for *everyone* to use, it's a better practice to have each publisher use their own key. \n\nThe user config file gives you a place to do this. You can, however set a group shared signing entity in ```metadata.json``` if you like. \n\n### User\n\nThe user using gomason.\n\n### Username\n\nUsername for your user. This is used when publishing to an artifact repository.\n\nexample:\n\n [user]\n username = nikogura\n email = nik.ogura@gmail.com\n \n#### Usernamefunc\n\nA shell function that will return the username to use. Enables getting username info from a service. Use carefully. It's executing a command on your system. Probably not that useful, but supported for completenes sake.\n\nexample:\n\n [user]\n usernamefunc = curl -s http://url/of/config/service/where/we/store/the/username\n\n### Password\n\nPassword for your user. This is used when publishing to an artifact server.\n\nexample:\n \n [user]\n password = $ecretY0uNoR3ad!\n\n#### Passwordfunc\n\nA shell function that will return the password to use when publishing. Really useful if you have a password manager with a cli such as LastPass. You'll have to login separately though. You won't be able to do it transparently via gomason... yet. *(sometimes it takes a few tries to work out the magic)*\n\nexample:\n\n [user]\n passwordfunc = lpass show --notes gomason-test\n\n#### Email\n\nThe email address of the person using gomason and signing binaries. \n\nexample:\n\n [user]\n email = nik.ogura@gmail.com\n \n### Signing\n\nUser specific configuration information related to signing. Supported configuration keys:\n\n#### Program\n\nThe program used to sign your binaries. Set here it overrides any setting in ```metadata.json```\n\n#### Email\n\nThe email address of the key used to perform signing. Set here it overrides any setting in ```metadata.json```\n\nexample:\n\n [signing]\n program = gpg\n email = nik.ogura@gmail.com\n \n \n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikogura%2Fgomason","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnikogura%2Fgomason","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikogura%2Fgomason/lists"}