Fix env vars

Fix CI for docker images (login)

Author: scheibling

.github/workflows/release.yml

@@ -18,6 +18,27 @@ jobs:
       with:
         go-version: 1.24.2
         cache-dependency-path: go.mod
+    
+    - name: Login to ghcr.io
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ossign
+        password: ${{ secrets.GITHUB_TOKEN }}
+    
+    - name: Login to docker hub
+      uses: docker/login-action@v2
+      with:
+        registry: docker.io
+        username: ossign
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
+    
+    - name: Install dependencies
+      run: |
+        curl https://pkg.ossign.org/debian/repository.key -o /etc/apt/keyrings/gitea-ossign.asc
+        echo "deb [signed-by=/etc/apt/keyrings/gitea-ossign.asc] https://pkg.ossign.org/debian all main" >> /etc/apt/sources.list.d/ossign.list
+        apt-get update
+        apt-get install -y goast
 
     - name: Goreleaser
       uses: goreleaser/goreleaser-action@v6
@@ -36,4 +57,3 @@ jobs:
         name: release
         path: dist/**
 
-  

.goreleaser.yaml

@@ -6,11 +6,19 @@ builds:
       - CGO_ENABLED=0
     goos:
       - linux
-      - windows
       - darwin
     goarch:
       - amd64
       - arm64
+  - id: winbuild
+    main: ./cmd/
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - windows
+    goarch:
+      - amd64
+      - arm64
 
 
 archives:
@@ -53,6 +61,18 @@ nfpms:
       - rpm
     bindir: /usr/local/bin
 
+binary_signs:
+  - id: goest
+    ids:
+      - winbuild
+    cmd: goest
+    args:
+      - sign
+      - azurekv
+      - --config
+      - ./config.yaml
+      - ${artifact}
+
 release:
   github:
     owner: ossign
@@ -65,21 +85,47 @@ dockers:
     goarch: amd64
     dockerfile: Dockerfile
     image_templates:
-    - ghcr.io/ossign/goest:{{ .Tag }}
+    - ghcr.io/ossign/goest:{{ .Tag }}-linux-amd64
+    - ossign/goest:{{ .Tag }}-linux-amd64
   - id: goest-linux-arm64
     use: docker
     goos: linux
     goarch: arm64
     dockerfile: Dockerfile
     image_templates:
-    - ghcr.io/ossign/goest:{{ .Tag }}-arm64
+    - ghcr.io/ossign/goest:{{ .Tag }}-linux-arm64
+    - ossign/goest:{{ .Tag }}-linux-arm64
   - id: goest-windows-amd64
     use: docker
     goos: windows
     goarch: amd64
     dockerfile: windows.Dockerfile
     image_templates:
+    - ghcr.io/ossign/goest:{{ .Tag }}-windows-amd64
     - ghcr.io/ossign/goest:{{ .Tag }}-windows
+    - ossign/goest:{{ .Tag }}-windows-amd64
+    - ossign/goest:{{ .Tag }}-windows
+
+docker_manifests:
+  - name_template: ghcr.io/ossign/goest:latest
+    image_templates:
+      - ghcr.io/ossign/goest:{{ .Tag }}-linux-amd64
+      - ghcr.io/ossign/goest:{{ .Tag }}-linux-arm64
+  
+  - name_template: ghcr.io/ossign/goest:{{ .Tag }}
+    image_templates:
+      - ghcr.io/ossign/goest:{{ .Tag }}-linux-amd64
+      - ghcr.io/ossign/goest:{{ .Tag }}-linux-arm64
+  
+  - name_template: ossign/goest:latest
+    image_templates:
+      - ossign/goest:{{ .Tag }}-linux-amd64
+      - ossign/goest:{{ .Tag }}-linux-arm64
+  
+  - name_template: ossign/goest:{{ .Tag }}
+    image_templates:
+      - ossign/goest:{{ .Tag }}-linux-amd64
+      - ossign/goest:{{ .Tag }}-linux-arm64
 
 uploads:
   - name: "debpkg"

README.md

@@ -51,10 +51,10 @@ To sign a file with Azure Key Vault, use the following command:
 goest sign azurekv --url https://<your-key-vault-name>.vault.azure.net/certificates/your-certificate/certificate-hash/ --tenant <your-tenant-uuid> --client <your-client-id> --secret <your-client-secret> file1.ps1 file2.exe file3.dll
 
 # Using environment variables
-export goest_AZUREKV_URL="https://<your-key-vault-name>.vault.azure.net/certificates/your-certificate/certificate-hash/"
-export goest_AZUREKV_TENANT="<your-tenant-uuid>"
-export goest_AZUREKV_CLIENT="<your-client-id>"
-export goest_AZUREKV_SECRET="<your-client-secret>"
+export GOEST_AZUREKV_URL="https://<your-key-vault-name>.vault.azure.net/certificates/your-certificate/certificate-hash/"
+export GOEST_AZUREKV_TENANT="<your-tenant-uuid>"
+export GOEST_AZUREKV_CLIENT="<your-client-id>"
+export GOEST_AZUREKV_SECRET="<your-client-secret>"
 
 goest sign azurekv file1.ps1 file2.exe file3.dll
 

cmd/main.go

@@ -28,7 +28,7 @@ var rootCmd = &cobra.Command{
 
 			Viper.SetConfigFile(configFile)
 			Viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
-			Viper.SetEnvPrefix("goest")
+			Viper.SetEnvPrefix("GOEST")
 			Viper.AutomaticEnv()
 
 			if err := Viper.ReadInConfig(); err != nil {

lib/vaults/azurekeyvault.go

@@ -35,17 +35,17 @@ func (v *AzureKeyVault) GetCommand() *cobra.Command {
 			}
 
 			if v.Url == "" {
-				fmt.Println("Azure Key Vault URL is required. Use --url, -u or env goest_AZUREKV_URL to specify the URL. Example: --url https://myvault.vault.azure.net/certificates/MyCertificate/1234567890abcdef1234567890abcdef")
+				fmt.Println("Azure Key Vault URL is required. Use --url, -u or env GOEST_AZUREKV_URL to specify the URL. Example: --url https://myvault.vault.azure.net/certificates/MyCertificate/1234567890abcdef1234567890abcdef")
 			}
 
 			if v.Tenant == "" {
-				fmt.Println("Azure Tenant ID is required. Use --tenant, -t or env goest_AZUREKV_TENANT to specify the Tenant ID. Example: --tenant 12345678-1234-1234-1234-123456789012")
+				fmt.Println("Azure Tenant ID is required. Use --tenant, -t or env GOEST_AZUREKV_TENANT to specify the Tenant ID. Example: --tenant 12345678-1234-1234-1234-123456789012")
 			}
 			if v.Client == "" {
-				fmt.Println("Azure Client ID is required. Use --client, -c or env goest_AZUREKV_CLIENT to specify the Client ID. Example: --client 12345678-1234-1234-1234-123456789012")
+				fmt.Println("Azure Client ID is required. Use --client, -c or env GOEST_AZUREKV_CLIENT to specify the Client ID. Example: --client 12345678-1234-1234-1234-123456789012")
 			}
 			if v.Secret == "" {
-				fmt.Println("Azure Key Vault Secret Name is required. Use --secret, -s or goest_AZUREKV_SECRET to specify the Secret Name. Example: --secret MySecretName")
+				fmt.Println("Azure Key Vault Secret Name is required. Use --secret, -s or GOEST_AZUREKV_SECRET to specify the Secret Name. Example: --secret MySecretName")
 			}
 
 			if len(args) == 0 {