feat: allow to template sign.args (#1493)

Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
goreleaser · May 10, 2020 · 31fedc4 · 31fedc4
1 parent 6433f86
commit 31fedc4
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 3 deletions.
diff --git a/internal/pipe/sign/sign.go b/internal/pipe/sign/sign.go
@@ -12,8 +12,10 @@ import (
 	"github.com/goreleaser/goreleaser/internal/logext"
 	"github.com/goreleaser/goreleaser/internal/pipe"
 	"github.com/goreleaser/goreleaser/internal/semerrgroup"
+	"github.com/goreleaser/goreleaser/internal/tmpl"
 	"github.com/goreleaser/goreleaser/pkg/config"
 	"github.com/goreleaser/goreleaser/pkg/context"
+	"github.com/pkg/errors"
 )
 
 // Pipe for artifact signing.
@@ -106,7 +108,12 @@ func signone(ctx *context.Context, cfg config.Sign, a *artifact.Artifact) (*arti
 	// nolint:prealloc
 	var args []string
 	for _, a := range cfg.Args {
-		args = append(args, expand(a, env))
+		var arg = expand(a, env)
+		arg, err := tmpl.New(ctx).WithEnv(env).Apply(arg)
+		if err != nil {
+			return nil, errors.Wrapf(err, "sign failed: %s: invalid template", a)
+		}
+		args = append(args, arg)
 	}
 
 	// The GoASTScanner flags this as a security risk.

diff --git a/internal/pipe/sign/sign_test.go b/internal/pipe/sign/sign_test.go
@@ -101,6 +101,24 @@ func TestSignArtifacts(t *testing.T) {
 				},
 			),
 		},
+		{
+			desc:           "invalid args template",
+			expectedErrMsg: `sign failed: ${FOO}-{{ .foo }{{}}{: invalid template: template: tmpl:1: unexpected "}" in operand`,
+			ctx: context.New(
+				config.Project{
+					Signs: []config.Sign{
+						{
+							Artifacts: "all",
+							Cmd:       "exit",
+							Args:      []string{"${FOO}-{{ .foo }{{}}{"},
+						},
+					},
+					Env: []string{
+						"FOO=BAR",
+					},
+				},
+			),
+		},
 		{
 			desc: "sign single",
 			ctx: context.New(
@@ -226,6 +244,31 @@ func TestSignArtifacts(t *testing.T) {
 			signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig"},
 			signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig"},
 		},
+		{
+			desc: "sign all artifacts with template",
+			ctx: context.New(
+				config.Project{
+					Signs: []config.Sign{
+						{
+							Artifacts: "all",
+							Args: []string{
+								"-u",
+								"{{ .Env.SOME_TEST_USER }}",
+								"--output",
+								"${signature}",
+								"--detach-sign",
+								"${artifact}",
+							},
+						},
+					},
+					Env: []string{
+						fmt.Sprintf("SOME_TEST_USER=%s", user),
+					},
+				},
+			),
+			signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig"},
+			signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig"},
+		},
 	}
 
 	for _, test := range tests {

diff --git a/www/content/sign.md b/www/content/sign.md
@@ -47,13 +47,13 @@ signs:
     # defaults to `gpg`
     cmd: gpg2
 
-    # command line arguments for the command
+    # command line templateable arguments for the command
     #
     # to sign with a specific key use
     # args: ["-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
     #
     # defaults to `["--output", "${signature}", "--detach-sign", "${artifact}"]`
-    args: ["--output", "${signature}", "${artifact}"]
+    args: ["--output", "${signature}", "${artifact}", "{{ .ProjectName }}"]
 
 
     # which artifacts to sign