ci: update goreleaser configs

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

.goreleaser.yaml

@@ -3,29 +3,30 @@
 #
 # See also: .github/workflows/release.yml
 
+version: 2
 
 project_name: supply-chain-example
 
 # setups builds for linux and darwin on amd64 and arm64
 # https://goreleaser.com/customization/build
 builds:
-- env:
-  - CGO_ENABLED=0
-  goos:
-  - linux
-  - darwin
-  goarch:
-  - amd64
-  - arm64
-  # ensures mod timestamp to be the commit timestamp
-  mod_timestamp: '{{ .CommitTimestamp }}'
-  flags:
-    # trims path
-    - -trimpath
-  ldflags:
-    # use commit date instead of current date as main.date
-    # only needed if you actually use those things in your main package, otherwise can be ignored.
-    - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }}
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    # ensures mod timestamp to be the commit timestamp
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags:
+      # trims path
+      - -trimpath
+    ldflags:
+      # use commit date instead of current date as main.date
+      # only needed if you actually use those things in your main package, otherwise can be ignored.
+      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }}
 
 # proxies from the go mod proxy before building
 # https://goreleaser.com/customization/gomod
@@ -35,7 +36,7 @@ gomod:
 # config the checksum filename
 # https://goreleaser.com/customization/checksum
 checksum:
-  name_template: 'checksums.txt'
+  name_template: "checksums.txt"
 
 # create a source tarball
 # https://goreleaser.com/customization/source/
@@ -53,43 +54,43 @@ sboms:
 # all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to
 # https://goreleaser.com/customization/sign
 signs:
-- cmd: cosign
-  env:
-  - COSIGN_EXPERIMENTAL=1
-  certificate: '${artifact}.pem'
-  args:
-    - sign-blob
-    - '--output-certificate=${certificate}'
-    - '--output-signature=${signature}'
-    - '${artifact}'
-    - "--yes" # needed on cosign 2.0.0+
-  artifacts: checksum
-  output: true
+  - cmd: cosign
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    certificate: "${artifact}.pem"
+    args:
+      - sign-blob
+      - "--output-certificate=${certificate}"
+      - "--output-signature=${signature}"
+      - "${artifact}"
+      - "--yes" # needed on cosign 2.0.0+
+    artifacts: checksum
+    output: true
 
 # create a docker image
 # https://goreleaser.com/customization/docker
 dockers:
-- image_templates:
-  - 'ghcr.io/goreleaser/supply-chain-example:{{ .Tag }}'
-  dockerfile: Dockerfile
-  build_flag_templates:
-  - "--pull"
-  - "--label=org.opencontainers.image.created={{.Date}}"
-  - "--label=org.opencontainers.image.name={{.ProjectName}}"
-  - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-  - "--label=org.opencontainers.image.version={{.Version}}"
-  - "--label=org.opencontainers.image.source={{.GitURL}}"
+  - image_templates:
+      - "ghcr.io/goreleaser/supply-chain-example:{{ .Tag }}"
+    dockerfile: Dockerfile
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
 
 # signs our docker image
 # https://goreleaser.com/customization/docker_sign
 docker_signs:
   - cmd: cosign
     env:
-    - COSIGN_EXPERIMENTAL=1
+      - COSIGN_EXPERIMENTAL=1
     artifacts: images
     output: true
     args:
-    - 'sign'
-    - '${artifact}'
-    - "--yes" # needed on cosign 2.0.0+
+      - "sign"
+      - "${artifact}"
+      - "--yes" # needed on cosign 2.0.0+