Configuration Reference
Complete configuration file reference
Anodizer uses .anodizer.yaml (or .anodizer.toml) in your project root.
Top-Level Fields
| Field | Type | Default | Description |
|---|---|---|---|
after | HooksConfig | — | Hooks run after the release pipeline completes. |
announce | AnnounceConfig | — | Announcement configuration (Slack, Discord, email, etc.). |
artifactories | list of ArtifactoryConfig | — | Artifactory upload configurations. |
aur_sources | list of AurSourceConfig | — | AUR source package publishing configurations (source-only PKGBUILD, not -bin). |
before | HooksConfig | — | Hooks run before the release pipeline starts. |
binary_signs | list of SignConfig | [] | Binary-specific signing configs (same shape as signs but only for binary artifacts). The artifacts field on each entry is constrained at parse time to binary / none (or omitted) — a broader filter on binary_signs would silently match nothing because the loop only iterates Binary artifacts. Constraint lives in deserialize_binary_signs. |
changelog | ChangelogConfig | — | Changelog generation configuration. |
cloudsmiths | list of CloudSmithConfig | — | CloudSmith publisher configurations. |
crates | list of CrateConfig | [] | List of crates in this project. |
defaults | Defaults | — | Default values applied to all crates unless overridden. |
dist | string | ./dist | Output directory for build artifacts (default: ./dist). |
docker_signs | list of DockerSignConfig | — | Docker image signing configurations. |
dockerhub | list of DockerHubConfig | — | DockerHub description sync configurations. |
env | list of string | — | Environment variables available to all template expressions. |
List of KEY=VALUE strings (matches GoReleaser): env: ["MY_VAR=hello", "DEPLOY_ENV=staging"]. Order is preserved so chained env applications (sign + sbom + notarize) see entries in declared order. Values are rendered through the template engine before being set, so expressions like {{ .Tag }} or {{ .Date }} are expanded. |
| env_files | EnvFilesConfig | — | Environment file configuration. Accepts either: - A list of .env file paths: [".env", ".release.env"] - A struct with token file paths: { github_token: "~/.config/goreleaser/github_token" } |
| force_token | ForceTokenKind | — | Force a specific token type for authentication. When set, overrides automatic token detection from environment variables. |
| git | GitConfig | — | Git-level tag discovery and sorting settings. |
| gitea_urls | GiteaUrlsConfig | — | Custom Gitea API/download URLs for self-hosted Gitea installations. |
| github_urls | GitHubUrlsConfig | — | Custom GitHub API/upload/download URLs for GitHub Enterprise installations. |
| gitlab_urls | GitLabUrlsConfig | — | Custom GitLab API/download URLs for self-hosted GitLab installations. |
| homebrew_casks | list of HomebrewCaskConfig | — | Top-level Homebrew Cask configurations. homebrew_casks is a top-level array with its own repository, commit_author, directory, skip_upload, hooks, dependencies, conflicts, completions, manpages, structured uninstall/zap, etc. |
| includes | list of IncludeSpec | — | Additional config files to merge into this config. Supports plain string paths, from_file: for structured file paths, and from_url: for fetching configs from URLs with optional headers. |
| makeselfs | list of MakeselfConfig | [] | Makeself self-extracting archive configurations. |
| mcp | McpConfig | {"auth":{"type":"none"},"description":null,"homepage":null,"name":null,"packages":[],"registry":null,"repository":{"id":"","source":"","subfolder":"","url":""},"skip":null,"title":null,"transports":[]} | MCP (Model Context Protocol) server registry publishing configuration. When name is empty (the default), the publisher is skipped. Mirrors GoReleaser's mcp: block. |
| metadata | MetadataConfig | — | Project metadata configuration (applied to metadata.json output files). |
| milestones | list of MilestoneConfig | — | Milestone closing configurations. |
| monorepo | MonorepoConfig | — | GoReleaser Pro monorepo configuration. When configured, tag discovery filters by tag_prefix and the working directory is scoped to dir. |
| nightly | NightlyConfig | — | Nightly release configuration. |
| notarize | NotarizeConfig | — | macOS code signing and notarization configuration. |
| partial | PartialConfig | — | Partial/split build configuration for fan-out CI pipelines. |
| project_name | string | — | Human-readable project name used in templates and release titles. |
| publishers | list of PublisherConfig | — | Generic artifact publisher configurations. |
| release | ReleaseConfig | — | GitHub release configuration shared by all crates. |
| report_sizes | bool | — | When true, log artifact file sizes after building. |
| retry | RetryConfig | — | Top-level retry configuration applied to network-bound operations (announcers, git providers, HTTP uploads, docker pipes). When omitted, RetryConfig::default() is used (10 attempts, 10s base, 5m cap — matching GoReleaser Project.Retry). |
| sboms | list of SbomConfig | [] | Software bill of materials (SBOM) generation configurations. |
| signs | list of SignConfig | [] | Signing configurations for binaries, archives, and checksums. |
| snapshot | SnapshotConfig | — | Snapshot release configuration (local/non-tag builds). |
| source | SourceConfig | — | Source archive configuration. |
| srpms | SrpmConfig | — | Source RPM configuration. Renamed from srpm: (singular) for spelling parity with Defaults.srpms and the rest of the plural-name packaging fields. The srpm: spelling is still accepted via serde alias for back-compat. |
| tag | TagConfig | — | Automatic semantic version tagging configuration. |
| template_files | list of TemplateFileConfig | — | Template files to render and include as release artifacts. File contents are processed through the template engine. |
| uploads | list of UploadConfig | — | Generic HTTP upload configurations. |
| upx | list of UpxConfig | [] | UPX binary compression configurations. |
| variables | map | — | Custom template variables accessible as {{ .Var.key }} in templates. Provides a way to define reusable values, especially useful with config includes. |
| version | integer | — | Schema version. Currently supports 1 (implicit default) and 2. |
| workspaces | list of WorkspaceConfig | — | Independent workspace roots in a monorepo. |
after
Top-level lifecycle hooks for before and after blocks. Each block has pre and post lists of hook commands that run around the entire pipeline (not individual stages).
| Field | Type | Default | Description |
|---|---|---|---|
hooks | list of HookEntry | — | Commands to run before the pipeline or stage starts. Matches GoReleaser before.hooks canonically. |
post | list of HookEntry | — | Commands to run after the pipeline or stage completes. Anodizer extension (GoReleaser has no top-level after: block). |
announce
| Field | Type | Default | Description |
|---|---|---|---|
bluesky | BlueskyAnnounce | — | Bluesky announcement configuration. |
discord | DiscordAnnounce | — | Discord announcement configuration. |
discourse | DiscourseAnnounce | — | Discourse announcement configuration. |
email | EmailAnnounce | — | Email announcement configuration. SCH-34 (WAVE 5.6) — accepts the historical smtp: key as an alias because GR itself renamed smtp: -> email: in v1.21+ and kept the alias for migration. Mirroring GR's own alias keeps "use what GR uses today" consistent without forcing a re-yaml of legacy GR configs. |
gate_on | AnnounceGate | required_publishers | Selects when AnnounceStage runs vs. skips based on the PublishReport written by PublishStage/BlobStage. Default is required_publishers (announce only if every required publisher succeeded). See [AnnounceGate] for the other variants. |
linkedin | LinkedInAnnounce | — | LinkedIn announcement configuration. |
mastodon | MastodonAnnounce | — | Mastodon announcement configuration. |
mattermost | MattermostAnnounce | — | Mattermost announcement configuration. |
opencollective | OpenCollectiveAnnounce | — | OpenCollective announcement configuration. |
reddit | RedditAnnounce | — | Reddit announcement configuration. |
skip | StringOrBool | — | Template-conditional skip: if rendered to "true", skip the entire announce stage. |
slack | SlackAnnounce | — | Slack announcement configuration. |
teams | TeamsAnnounce | — | Microsoft Teams announcement configuration. |
telegram | TelegramAnnounce | — | Telegram announcement configuration. |
twitter | TwitterAnnounce | — | Twitter/X announcement configuration. |
webhook | WebhookConfig | — | Generic webhook announcement configuration. |
artifactories
Artifactory upload configuration. Uploads artifacts to JFrog Artifactory repositories.
| Field | Type | Default | Description |
|---|---|---|---|
checksum | bool | — | Include checksums in uploaded artifacts. |
checksum_header | string | — | Header name used for checksum verification (e.g. X-Checksum-Sha256). |
client_x509_cert | string | — | Path to client X.509 certificate for mTLS authentication. |
client_x509_key | string | — | Path to client X.509 private key for mTLS authentication. |
custom_artifact_name | bool | — | Use custom artifact naming instead of default. |
custom_headers | map | — | Custom HTTP headers sent with each upload request. |
extra_files | list of ExtraFileSpec | — | Extra files to upload alongside build artifacts. |
extra_files_only | bool | — | When true, upload only extra_files (skip normal artifacts). |
exts | list of string | — | File extension filter: only upload artifacts matching these extensions. |
ids | list of string | — | Build IDs filter: only upload artifacts from builds whose id is in this list. |
meta | bool | — | Include metadata artifacts in uploaded artifacts. |
method | string | — | HTTP method to use for uploads (default: "PUT"). |
mode | string | — | Upload mode: "archive" (upload archives) or "binary" (upload binaries). |
name | string | — | Human-readable name for this publisher (used in logs). |
password | string | — | Artifactory password or API key (or env var reference). |
signature | bool | — | Include signatures in uploaded artifacts. |
skip | StringOrBool | — | Template-conditional skip: if rendered result is "true", skip this publisher. |
target | string | — | Target URL template for uploads (supports template variables). |
trusted_certificates | string | — | PEM-encoded trusted CA certificates for TLS verification. Appended to the system certificate pool. |
username | string | — | Artifactory username for authentication. |
aur_sources
| Field | Type | Default | Description |
|---|---|---|---|
amd64_variant | Amd64Variant | — | x86_64 micro-architecture variant — v1 (baseline), v2, v3 (AVX2), or v4. Equivalent to GR AurSource.Goamd64. Constrained to a typed enum because AUR source pkgs build from the upstream tarball (no binary artifacts to filter), so the value's only role is as the Amd64 template var consumed by prepare: / build: / package: script bodies — typos must fail at parse time, not silently render an invalid string into the PKGBUILD. When unset, defaults to v1 at template-render time. |
arches | list of string | — | Explicit architecture list (default: auto-detect from artifacts). |
backup | list of string | — | Backup files to preserve on upgrade. |
build | string | — | Custom build() function body for PKGBUILD. |
commit_author | CommitAuthorConfig | — | Commit author with optional signing. |
commit_msg_template | string | — | Custom commit message template. |
conflicts | list of string | — | Packages this PKGBUILD conflicts with. |
contributors | list of string | — | Contributors listed in PKGBUILD comments. |
depends | list of string | — | Runtime dependencies. |
description | string | — | Short description of the package. |
directory | string | — | Subdirectory in the git repo for committed files. |
git_ssh_command | string | — | Custom SSH command for git operations. |
git_url | string | — | AUR SSH git URL. |
homepage | string | — | Project homepage URL. |
ids | list of string | — | Build IDs filter. |
license | string | — | SPDX license identifier. |
maintainers | list of string | — | PKGBUILD maintainer entries. |
makedepends | list of string | — | Build-time dependencies (source packages need these). |
name | string | — | Override the package name (default: crate name, no -bin suffix). |
optdepends | list of string | — | Optional dependencies. |
package | string | — | Custom package() function body for PKGBUILD. |
prepare | string | — | Custom prepare() function body for PKGBUILD. |
private_key | string | — | Path to SSH private key file. |
provides | list of string | — | Packages this PKGBUILD provides. |
rel | string | — | Package release number (default: "1"). |
skip | StringOrBool | — | Skip this config. |
skip_upload | StringOrBool | — | Skip publishing. "true" always skips; "auto" skips for prereleases. |
url_template | string | — | Custom URL template for download URLs. |
before
Top-level lifecycle hooks for before and after blocks. Each block has pre and post lists of hook commands that run around the entire pipeline (not individual stages).
| Field | Type | Default | Description |
|---|---|---|---|
hooks | list of HookEntry | — | Commands to run before the pipeline or stage starts. Matches GoReleaser before.hooks canonically. |
post | list of HookEntry | — | Commands to run after the pipeline or stage completes. Anodizer extension (GoReleaser has no top-level after: block). |
binary_signs
| Field | Type | Default | Description |
|---|---|---|---|
args | list of string | — | Arguments passed to the signing command (supports templates with ${artifact} and ${signature}). |
artifacts | string | — | Artifact types to sign: "all", "archive", "binary", "checksum", "package", "sbom" (default: "none"). |
certificate | string | — | Certificate file to embed in the signature (Cosign bundle signing). |
cmd | string | — | Signing command to invoke (default: "cosign" or "gpg"). |
env | list of string | — | Environment variables passed to the signing command. |
id | string | — | Unique identifier for this sign config. |
ids | list of string | — | Build IDs filter: only sign artifacts from builds whose id is in this list. |
if | string | — | Template-conditional: skip this sign config if rendered result is "false" or empty. |
output | StringOrBool | — | Capture and log stdout/stderr of the signing command. Accepts bool or template string (e.g., "{{ .IsSnapshot }}"). |
signature | string | — | Signature output filename template (supports templates). |
stdin | string | — | Content written to the signing command's stdin. |
stdin_file | string | — | Path to a file whose content is written to the signing command's stdin. |
changelog
| Field | Type | Default | Description |
|---|---|---|---|
abbrev | integer | — | Hash abbreviation length. Default: 0 (no truncation, emit the full SHA). Set to -1 to omit the hash entirely; positive values truncate to N chars. Values below -1 are clamped to -1 for parity with GoReleaser (whose git log --abbrev=N panics for -2, -3, ...). Mirrors GoReleaser internal/pipe/changelog/changelog.go's abbrevEntry. |
ai | ChangelogAiConfig | — | AI-powered changelog enhancement configuration. |
divider | string | — | Divider string inserted between changelog groups (e.g. "---"). Supports templates. |
filters | ChangelogFilters | — | Commit message filters to include or exclude from the changelog. |
footer | ContentSource | — | Text appended to the changelog. Same shape as header. |
format | string | — | Template for each changelog commit line. Available variables: SHA (full hash), ShortSHA (abbreviated), Message (commit subject), AuthorName, AuthorEmail, Login (per-commit GitHub username, github backend only), Logins (per-entry comma-separated list of GitHub usernames for that commit, github backend only), AllLogins (comma-separated list of all GitHub usernames across the entire release, github backend only).Default depends on backend (mirrors GoReleaser internal/pipe/changelog/changelog.go's formatEntry, which uses the full SHA):• git backend (default): "{{ SHA }} {{ Message }}"• github/gitlab/gitea backend: "{{ SHA }}: {{ Message }} (@Login or AuthorName <AuthorEmail>)" — falls back to AuthorName <AuthorEmail> when Login is empty.When abbrev < 0, the default reduces to "{{ Message }}" (no hash prefix). |
groups | list of ChangelogGroup | — | Groups for organizing changelog entries by commit message prefix. |
header | ContentSource | — | Text prepended to the changelog. Inline string, from_file: <path>, or from_url: <url> — symmetric with the release block's header/footer so users can compose headers from a templated file or remote endpoint (GoReleaser uses a plain string here; anodizer extends to ContentSource for consistency with release.header). |
paths | list of string | — | File paths to filter commits by. Only commits touching files under these paths are included. Works with use: git for precise per-commit filtering. With use: github, only the first path is used for API queries; multi-path filtering is coarse. Supports template rendering. |
skip | StringOrBool | — | Skip changelog generation. Accepts bool or template string (e.g. "{{ if IsSnapshot }}true{{ endif }}" for conditional skip). |
snapshot | bool | — | When true, render the changelog even in snapshot mode. Anodizer matches GoReleaser's default (skip changelog on ctx.Snapshot) and lets users opt back in here for local preview / draft generation. Wired in crates/stage-changelog/src/lib.rs::ChangelogStage::run. |
sort | string | — | Sort order for changelog entries: "asc" or "desc" (default: "asc"). |
title | string | — | Title heading for the changelog. Default: "Changelog". Supports templates. |
use | string | — | Changelog source: "git" (default), "github", or "github-native". "github" fetches commits via the GitHub API, enriching entries with author login information (available as the {{ Logins }} per-entry template variable and the {{ AllLogins }} release-wide variable). "github-native" delegates entirely to GitHub's auto-generated notes. |
cloudsmiths
CloudSmith publisher configuration. Pushes packages to CloudSmith repositories.
| Field | Type | Default | Description |
|---|---|---|---|
component | string | — | Debian component name (e.g. "main"). |
distributions | map | — | Distribution mapping per format (e.g. deb: "ubuntu/focal"). |
formats | list of string | — | Package format filter: only publish artifacts matching these formats. |
ids | list of string | — | Build IDs filter: only publish artifacts from builds whose id is in this list. |
organization | string | — | CloudSmith organization slug. |
repository | string | — | CloudSmith repository slug. |
republish | StringOrBool | — | When true, allow republishing over existing package versions. |
secret_name | string | — | Environment variable name containing the CloudSmith API key. |
skip | StringOrBool | — | Template-conditional skip: if rendered result is "true", skip this publisher. |
crates
| Field | Type | Default | Description |
|---|---|---|---|
app_bundles | list of AppBundleConfig | — | macOS app bundle configurations for this crate. |
archives | list of ArchiveConfig | [] | Archive configurations for this crate. Set to false to disable archiving, or provide an array of archive configs. |
binstall | BinstallConfig | — | cargo-binstall metadata configuration for this crate. |
blobs | list of BlobConfig | — | Cloud storage (S3/GCS/Azure) upload configurations for this crate. |
builds | list of BuildConfig | — | Build configurations for this crate. One entry per binary by default. |
checksum | ChecksumConfig | — | Checksum configuration for this crate. |
cross | CrossStrategy | — | Cross-compilation strategy for this crate: auto, zigbuild, cross, or cargo. |
depends_on | list of string | — | Other crates this crate depends on; ensures release ordering. |
dmgs | list of DmgConfig | — | macOS DMG disk image configurations for this crate. |
docker_digest | DockerDigestConfig | — | Docker image digest file configuration for this crate. |
docker_manifests | list of DockerManifestConfig | — | Docker multi-platform manifest configurations for this crate. |
docker_v2 | list of DockerV2Config | — | Docker V2 image build configurations for this crate (canonical API: images+tags, annotations, build_args, sbom, disable). The legacy docker: block was removed; this is the only docker surface. |
flatpaks | list of FlatpakConfig | — | Linux Flatpak bundle configurations for this crate. |
msis | list of MsiConfig | — | Windows MSI installer configurations for this crate. |
name | string | — | Crate name as published (must match the Cargo.toml package name). |
nfpms | list of NfpmConfig | — | Linux package (deb, rpm, apk) configurations for this crate. Renamed from nfpm: (singular) for spelling parity with Defaults.nfpms and the rest of the plural-name per-crate packaging lists (dmgs, msis, pkgs, nsis, ...). The nfpm: spelling is still accepted via serde alias for back-compat. |
no_unique_dist_dir | StringOrBool | — | When true (or template evaluating to "true"), all build outputs are placed in a flat dist/ directory instead of dist/{target}/. |
nsis | list of NsisConfig | — | NSIS installer configurations for this crate. |
path | string | — | Relative path to the crate directory from the project root. |
pkgs | list of PkgConfig | — | macOS PKG installer configurations for this crate. |
publish | PublishConfig | — | Publishing targets (Homebrew, Scoop, AUR, etc.) for this crate. |
release | ReleaseConfig | — | GitHub release configuration for this crate. |
snapcrafts | list of SnapcraftConfig | — | Snapcraft package configurations for this crate. |
tag_template | string | — | Git tag template used to tag and identify releases (supports templates). |
universal_binaries | list of UniversalBinaryConfig | — | macOS universal binary (fat binary) configurations for this crate. |
version | string | — | Pinned semver version. When set, anodizer bump --strict refuses to edit this crate's Cargo.toml to anything other than this value; without --strict, the bump proceeds with a warning. Lets a release captain freeze a crate's version while still running broad --workspace bumps. |
version_sync | VersionSyncConfig | — | Automatic version number synchronization configuration for this crate. |
defaults
Workspace-level defaults that path-mirror the CrateConfig (and select top-level Config) shape. Each field here is folded into every resolved crate by defaults_merge::apply_defaults according to the deep-merge / merge-by-identity semantics documented in defaults_merge.
Multi-publisher fields are single-struct on both sides today: defaults supplies one struct per publisher, and per-crate publish.* fields are also single-struct. A future change may introduce list-or-scalar via OneOrMany<T> on the per-crate side so a crate can declare multiple homebrew taps / scoop buckets / etc.; the defaults side would stay single-struct and merge into the first per-crate entry by identity.
| Field | Type | Default | Description |
|---|---|---|---|
app_bundles | AppBundleConfig | — | Default app-bundle settings applied to all crates. |
archives | ArchiveConfig | — | Default archive settings applied to all crates. |
binary_signs | SignConfig | — | Default binary-signing settings. |
builds | BuildConfig | — | Default build settings applied to every crate's builds (deep-merged into each CrateConfig.builds[] entry by identity on id/binary). |
checksum | ChecksumConfig | — | Default checksum settings applied to all crates. Mirrors CrateConfig.checksum so checksum config can be hoisted to defaults. |
crates | DefaultsCrateBlock | — | Crate-axis defaults marker. Only valid when top-level crates: is set. Reserved for per-crate overrides keyed by crate id (future waves). |
cross | CrossStrategy | — | Default cross-compilation strategy: auto, zigbuild, cross, or cargo. Mirrors CrateConfig.cross so the strategy can be hoisted to defaults. |
dmgs | DmgConfig | — | Default DMG settings applied to all crates. |
docker_signs | DockerSignConfig | — | Default Docker image signing settings. |
docker_v2 | DockerV2Config | — | Default Docker (V2 API) image settings applied to all crates. |
env | list of string | — | Default environment variables (KEY=VALUE strings) hoisted across crates. |
flatpaks | FlatpakConfig | — | Default flatpak settings applied to all crates. |
makeselves | MakeselfConfig | — | Default makeself settings applied to all crates. |
msis | MsiConfig | — | Default MSI settings applied to all crates. |
nfpms | NfpmConfig | — | Default nfpm (deb/rpm/apk) settings applied to all crates. |
notarize | NotarizeConfig | — | Default macOS notarization settings. |
nsis | NsisConfig | — | Default NSIS settings applied to all crates. |
pkgs | PkgConfig | — | Default macOS PKG settings applied to all crates. |
publish | PublishDefaults | — | Default publisher configurations (single-struct per publisher). Per-crate publish.* entries are merged into these by identity. |
sbom | SbomConfig | — | Default SBOM generation settings. |
sign | SignConfig | — | Default artifact signing settings. |
snapcrafts | SnapcraftConfig | — | Default snapcraft settings applied to all crates. |
source | SourceConfig | — | Default source-archive settings applied to all crates. |
srpms | SrpmConfig | — | Default SRPM settings applied to all crates. |
targets | list of string | — | Default build targets (e.g., ["x86_64-unknown-linux-gnu", "aarch64-apple-darwin"]). |
upx | UpxConfig | — | Default UPX compression settings applied to all crates. |
workspaces | DefaultsWorkspaceBlock | — | Workspace-axis defaults marker. Only valid when top-level workspaces: is set. Reserved for per-workspace overrides keyed by workspace name (future waves). |
docker_signs
| Field | Type | Default | Description |
|---|---|---|---|
args | list of string | — | Arguments passed to the signing command (supports templates). |
artifacts | string | — | Docker artifact types to sign: "all", "image", or "manifest" (default: "none"). |
certificate | string | — | Certificate file to embed in the signature (Cosign bundle signing). |
cmd | string | — | Signing command to invoke (default: "cosign"). |
env | list of string | — | Environment variables passed to the signing command. |
id | string | — | Unique identifier for this docker sign config. |
ids | list of string | — | Docker config IDs filter: only sign images from configs whose id is in this list. |
if | string | — | Template-conditional: skip this docker sign config if rendered result is "false" or empty. |
output | StringOrBool | — | Capture and log stdout/stderr of the docker signing command. |
signature | string | — | Signature output filename template (supports templates). |
stdin | string | — | Content written to the signing command's stdin. |
stdin_file | string | — | Path to a file whose content is written to the signing command's stdin. |
dockerhub
DockerHub description sync configuration. Pushes image descriptions and README content to DockerHub repositories.
| Field | Type | Default | Description |
|---|---|---|---|
description | string | — | Short description for the DockerHub repository (max 100 chars). |
full_description | DockerHubFullDescription | — | Full description (README) source for the DockerHub repository. |
images | list of string | — | DockerHub image names to update (e.g. myorg/myapp). |
secret_name | string | — | Environment variable name containing the DockerHub token. |
skip | StringOrBool | — | Skip this publisher. Accepts bool or template string. |
username | string | — | DockerHub username for authentication. |
git
Git-level tag discovery and sorting settings.
Controls how anodizer discovers and orders tags when determining the current and previous versions. This is separate from TagConfig, which controls version bumping logic.
| Field | Type | Default | Description |
|---|---|---|---|
ignore_tag_prefixes | list of string | — | Tag prefixes to ignore during version detection (supports templates). Tags starting with any prefix in this list are excluded. Mirrors GoReleaser Pro's ignore_tag_prefixes feature. |
ignore_tags | list of string | — | Tag patterns to ignore during version detection (supports templates). Tags matching any pattern in this list are excluded from version detection entirely. |
prerelease_suffix | string | — | Suffix that identifies pre-release tags for sorting purposes. When set, tags ending with this suffix are treated as pre-releases and sorted accordingly during tag discovery. |
tag_sort | string | — | How to sort git tags when determining the latest version. |
Accepted values: - "-version:refname" (default) — lexicographic version sort on the tag name. - "-version:creatordate" — sort by the tag's creation date (newest first). |
gitea_urls
Custom Gitea API/download URLs for self-hosted Gitea installations. Matches GoReleaser's GiteaURLs struct.
| Field | Type | Default | Description |
|---|---|---|---|
api | string | — | Gitea API base URL (e.g. https://gitea.example.com/api/v1/). |
download | string | — | Gitea download URL for release assets. |
skip_tls_verify | bool | — | When true, skip TLS certificate verification for the custom URLs. |
github_urls
Custom GitHub API/upload/download URLs for GitHub Enterprise installations. Matches GoReleaser's GitHubURLs struct.
| Field | Type | Default | Description |
|---|---|---|---|
api | string | — | GitHub API base URL (e.g. https://github.example.com/api/v3/). |
download | string | — | GitHub download URL for release assets (e.g. https://github.example.com/). |
skip_tls_verify | bool | — | When true, skip TLS certificate verification for the custom URLs. |
upload | string | — | GitHub upload URL for release assets (e.g. https://github.example.com/api/uploads/). |
gitlab_urls
Custom GitLab API/download URLs for self-hosted GitLab installations. Matches GoReleaser's GitLabURLs struct.
| Field | Type | Default | Description |
|---|---|---|---|
api | string | — | GitLab API base URL (e.g. https://gitlab.example.com/api/v4/). |
download | string | — | GitLab download URL for release assets. |
skip_tls_verify | bool | — | When true, skip TLS certificate verification for the custom URLs. |
use_job_token | bool | — | When true, use the CI_JOB_TOKEN for authentication instead of a personal token. |
use_package_registry | bool | — | When true, use the GitLab Package Registry for uploads instead of Generic Packages. |
homebrew_casks
Unified Homebrew Cask configuration (WAVE 4).
Used at both call-sites: - homebrew_casks: — top-level array; carries repository, commit_author, directory, ids, url, structured uninstall/zap, etc. - crates[].publish.homebrew_cask: — per-crate override; same shape, with url_template as the simpler URL alternative.
Fields from both original types are present; any field may be None at either call-site. The union avoids a two-type bifurcation while keeping both axes.
| Field | Type | Default | Description |
|---|---|---|---|
alternative_names | list of string | — | Alternative cask names (aliases). |
app | string | — | macOS .app bundle name (e.g. "MyApp.app"). |
binaries | list of HomebrewCaskBinary | — | Binary stubs to create in /usr/local/bin. |
Each entry is either a bare string ("my-cli" → emits binary "my-cli") or a structured { name, target } object ({ name: "my-cli", target: "mycli" } → emits binary "my-cli", target: "mycli"). The target: form mirrors the Homebrew Ruby cask DSL for binary renames — without it, a wrapped binary installs at the wrong path. Mirrors GoReleaser internal/pipe/brew/templates/cask.rb.tmpl. |
| caveats | string | — | Custom caveats shown after install. |
| commit_author | CommitAuthorConfig | — | Commit author with optional signing. |
| commit_msg_template | string | — | Custom commit message template. Default: "Brew cask update for {{ .ProjectName }} version {{ .Tag }}" |
| completions | HomebrewCaskCompletions | — | Shell completion definitions. |
| conflicts | list of HomebrewCaskConflictEntry | — | Conflicting casks or formulae. |
| custom_block | string | — | Arbitrary Ruby code inserted into the cask block. |
| dependencies | list of HomebrewCaskDependencyEntry | — | Cask dependencies (other casks or formulae). |
| description | string | — | Cask description. |
| directory | string | — | Subdirectory in the tap repo for cask placement (default: "Casks"). |
| generate_completions_from_executable | HomebrewCaskGeneratedCompletions | — | Auto-generate shell completions from an executable. |
| homepage | string | — | Project homepage URL. |
| hooks | HomebrewCaskHooks | — | Pre/post install/uninstall hooks. |
| ids | list of string | — | Build IDs filter: only include artifacts from builds whose id is in this list. |
| license | string | — | License identifier (SPDX). |
| manpages | list of string | — | Manual page references to install. |
| name | string | — | Cask name (default: crate / project name). |
| repository | RepositoryConfig | — | Unified repository config for the Homebrew tap. |
| service | string | — | Homebrew service definition. |
| skip_upload | StringOrBool | — | Skip publishing the cask. "true" always skips; "auto" skips for prerelease versions. Accepts bool or template string. |
| uninstall | HomebrewCaskUninstall | — | Structured uninstall stanza configuration. |
| url | HomebrewCaskURL | — | Structured download URL configuration (top-level axis). |
| url_template | string | — | Simple URL template for the .dmg/.zip download (per-crate shorthand).
Cannot be combined with url.template: — set one or the other. If both are present, config validation rejects the config at parse time. Use url: for the structured form (verified domain, custom headers, etc.) or url_template: for a bare string shorthand — never both simultaneously. |
| zap | HomebrewCaskUninstall | — | Deep uninstall (zap) stanza configuration. |
makeselfs
| Field | Type | Default | Description |
|---|---|---|---|
compression | string | — | Compression algorithm: gzip, bzip2, xz, lzo, compress, or none. |
description | string | — | Description for LSM metadata. |
extra_args | list of string | — | Extra arguments passed to the makeself command. |
filename | string | — | Output filename template (default includes project, version, os, arch). |
files | list of MakeselfFile | — | Additional files to include in the archive. |
goarch | list of string | — | Target architecture filter. |
goos | list of string | — | Target OS filter (default: ["linux", "darwin"]). |
homepage | string | — | Homepage URL for LSM metadata. |
id | string | — | Unique identifier for this makeself config (default: "default"). |
ids | list of string | — | Build IDs filter: only include artifacts whose id is in this list. |
keywords | list of string | — | Keywords for LSM metadata. |
license | string | — | License for LSM metadata. |
maintainer | string | — | Maintainer for LSM metadata. |
name | string | — | Display name embedded in the self-extracting archive. |
script | string | — | Startup script to run when the archive is extracted and executed. Required — the archive will not be created without this. |
skip | StringOrBool | — | Skip this config. Accepts bool or template string. |
metadata
| Field | Type | Default | Description |
|---|---|---|---|
commit_author | CommitAuthorConfig | — | Commit author identity for Pro commit workflows (GoReleaser Pro v2.12+). Reuses the shared CommitAuthorConfig (name + email + optional signing). Exposed as {{ .Metadata.CommitAuthor.Name }} / {{ .Metadata.CommitAuthor.Email }}. |
description | string | — | Human-readable project description (exposed as {{ .Metadata.Description }}). |
full_description | ContentSource | — | Long-form project description (GoReleaser Pro v2.1+). Supports inline string, from_file, or from_url. Exposed as {{ .Metadata.FullDescription }}. FromUrl is resolved lazily (requires the release stage); FromFile is resolved at context-populate time with template-rendered path. |
homepage | string | — | Project homepage URL (exposed as {{ .Metadata.Homepage }}). |
license | string | — | Project license identifier, e.g. "MIT" or "Apache-2.0" (exposed as {{ .Metadata.License }}). |
maintainers | list of string | — | List of project maintainers (exposed as {{ .Metadata.Maintainers }}). |
mod_timestamp | string | — | Global modification timestamp for metadata output files (metadata.json and artifacts.json). Template string (e.g. "{{ .CommitTimestamp }}") or unix timestamp. When set, rendered late in the pipeline and applied as file mtime. Exposed as {{ .Metadata.ModTimestamp }}. |
milestones
| Field | Type | Default | Description |
|---|---|---|---|
close | bool | — | Close the milestone on release. Default: false. |
fail_on_error | bool | — | Fail the pipeline if milestone close fails. Default: false. |
name_template | string | — | Milestone name template (default: "{{ .Tag }}"). |
repo | ScmRepoConfig | — | Repository owner/name. Auto-detected from git remote if not set. |
monorepo
GoReleaser Pro monorepo configuration.
When configured, tag discovery filters by tag_prefix and the working directory is scoped to dir.
This is DIFFERENT from TagConfig.tag_prefix: - MonorepoConfig.tag_prefix: tags in git already HAVE the prefix (e.g. subproject1/v1.2.3). The prefix is STRIPPED for {{ .Tag }} while {{ .PrefixedTag }} retains the full tag. - TagConfig.tag_prefix: a prefix to PREPEND when constructing {{ .PrefixedTag }} from a plain tag.
When monorepo is configured, it takes precedence over tag.tag_prefix for PrefixedTag / PrefixedPreviousTag behavior.
| Field | Type | Default | Description |
|---|---|---|---|
dir | string | — | Working directory for this subproject. |
Used for changelog path filtering (when no explicit changelog.paths or crate.path is configured) and as the default build dir. |
| tag_prefix | string | — | Tag prefix for this subproject (e.g. "subproject1/").
Tags matching this prefix are selected during tag discovery, and the prefix is stripped from {{ .Tag }} while {{ .PrefixedTag }} retains the full tag. |
nightly
| Field | Type | Default | Description |
|---|---|---|---|
name_template | string | — | Template for the release name. Default: "{{ .ProjectName }}-nightly" |
tag_name | string | — | Tag name used for the nightly release. Default: "nightly". |
notarize
Top-level notarization configuration supporting both cross-platform (rcodesign) and native macOS (codesign + xcrun notarytool) modes.
| Field | Type | Default | Description |
|---|---|---|---|
macos | list of MacOSSignNotarizeConfig | — | Cross-platform signing/notarization (rcodesign-based, works on any OS). |
macos_native | list of MacOSNativeSignNotarizeConfig | — | Native signing/notarization (codesign + xcrun, macOS only). |
skip | StringOrBool | — | Skip all notarization. Accepts bool or template string. |
partial
| Field | Type | Default | Description |
|---|---|---|---|
by | string | — | How to split builds: "goos" (by OS, default) or "target" (by full triple). "goos" groups all arch variants for the same OS into one split job. "target" gives each unique target triple its own split job. |
publishers
| Field | Type | Default | Description |
|---|---|---|---|
args | list of string | — | Arguments passed to the publish command (supports templates). |
artifact_types | list of string | — | Artifact type filter: only publish artifacts of these types (e.g., "archive", "binary"). |
checksum | bool | — | Include checksums in published artifacts. |
cmd | string | — | Command to invoke for publishing. |
dir | string | — | Working directory for the publisher command. |
env | list of string | — | Environment variables passed to the publish command. |
extra_files | list of ExtraFileSpec | — | Extra files to include in publishing (glob patterns with optional name override). |
ids | list of string | — | Build IDs filter: only publish artifacts from builds whose id is in this list. |
meta | bool | — | Include metadata artifacts in published artifacts. |
name | string | — | Human-readable name for this publisher (used in logs). |
signature | bool | — | Include signatures in published artifacts. |
skip | StringOrBool | — | Template-conditional skip: if rendered result is "true", skip this publisher. Accepts bool or template string (e.g. "{{ if .IsSnapshot }}true{{ endif }}"). |
templated_extra_files | list of TemplatedExtraFile | — | Extra files whose contents are rendered through the template engine before publishing. Unlike extra_files which copy as-is, template variables like {{ .Tag }} are expanded. GoReleaser Pro feature. |
release
| Field | Type | Default | Description |
|---|---|---|---|
discussion_category_name | string | — | GitHub Discussion category name for the release. |
draft | bool | — | When true, create the release as a draft (unpublished). |
extra_files | list of ExtraFileSpec | — | Extra files to upload to the release beyond build artifacts. |
footer | ContentSource | — | Text appended to the release body (inline string, from_file, or from_url). |
gitea | ScmRepoConfig | — | Gitea repository to release to (owner and name). |
github | ScmRepoConfig | — | GitHub repository to release to (owner and name). |
gitlab | ScmRepoConfig | — | GitLab repository to release to (owner and name). |
header | ContentSource | — | Text prepended to the release body (inline string, from_file, or from_url). |
ids | list of string | — | Artifact IDs filter for uploads. |
include_meta | bool | — | Upload metadata.json and artifacts.json as release assets. |
make_latest | object | — | Mark release as latest: true, false, or "auto" (latest non-prerelease). |
mode | string | — | Release mode: "keep-existing", "append", "prepend", or "replace". |
name_template | string | — | Release title template (supports templates). |
prerelease | object | — | Mark release as pre-release: true, false, or "auto" (inferred from tag). |
replace_existing_artifacts | bool | — | When true, replace existing release artifacts with the same name. |
replace_existing_draft | bool | — | When true, replace an existing draft release instead of failing. |
skip | StringOrBool | — | Skip the release stage. Accepts bool or template string (e.g. "{{ if IsSnapshot }}true{{ endif }}" for conditional skip). GoReleaser supports template strings here since v1.15.0. Accepts the legacy disable: spelling via serde alias for back-compat with imported GoReleaser configs (GR's release config field is pkg/config/config.go:909 Disable string). |
skip_upload | StringOrBool | — | Skip uploading artifacts: true, false, or "auto" (skip for snapshots). Accepts bool or template string (GoReleaser uses string type). |
tag | string | — | Override the release tag (template string). When set, this tag is used as the tag_name in the GitHub release API instead of the crate's tag_template. Useful in monorepo setups to strip a tag prefix (e.g. "{{ .Tag }}" to publish v1.0.0 instead of myapp/v1.0.0). This is a GoReleaser Pro feature provided for free by anodizer. |
target_commitish | string | — | Target branch or SHA for the release tag. |
templated_extra_files | list of TemplatedExtraFile | — | Extra files whose contents are rendered through the template engine before upload. Unlike extra_files which copy as-is, template variables like {{ .Tag }} are expanded. GoReleaser Pro feature. |
upload_concurrency | integer | — | Maximum number of asset-upload requests in flight simultaneously. |
GitHub's secondary rate-limit is triggered by burst traffic. Keeping this value low avoids tripping the limit even for releases with many artifacts. Default: 4. Override at runtime with ANODIZER_GITHUB_UPLOAD_CONCURRENCY. |
| use_existing_draft | bool | — | Reuse an existing draft release instead of creating a new one. |
retry
User-facing retry configuration block (retry: at config root).
All fields are optional in YAML; missing fields fall back to GoReleaser's defaults (10 attempts, 10s base delay, 5m cap).
| Field | Type | Default | Description |
|---|---|---|---|
attempts | integer | 10 | Total attempts (including the first). Default 10. Values < 1 are clamped up to 1 by the policy layer. |
delay | HumanDuration | 10s | Initial delay before the second attempt. Default 10s. Subsequent delays grow exponentially (delay × 2^(n-2)) up to [Self::max_delay]. |
max_delay | HumanDuration | 5m | Upper bound on any individual sleep between attempts. Default 5m. Without this cap, an exponential backoff with delay=10s would stretch attempt 9 to ~42 minutes. |
sboms
| Field | Type | Default | Description |
|---|---|---|---|
args | list of string | — | Command-line arguments (supports templates and $artifact, $document vars). |
artifacts | string | — | Which artifacts to catalog: "source", "archive", "binary", "package", "diskimage", "installer", "any" (default: "archive"). |
cmd | string | — | Command to run for SBOM generation (default: "syft"). |
documents | list of string | — | Output document path templates (supports templates). |
env | list of string | — | Environment variables to pass to the command, as KEY=VALUE strings. Order is preserved. Values are template-rendered before being set. |
id | string | — | Unique identifier for this SBOM config (default: "default"). |
ids | list of string | — | Filter by artifact IDs (ignored if artifacts="source"). |
skip | StringOrBool | — | Skip this SBOM config. Accepts bool or template string. |
signs
| Field | Type | Default | Description |
|---|---|---|---|
args | list of string | — | Arguments passed to the signing command (supports templates with ${artifact} and ${signature}). |
artifacts | string | — | Artifact types to sign: "all", "archive", "binary", "checksum", "package", "sbom" (default: "none"). |
certificate | string | — | Certificate file to embed in the signature (Cosign bundle signing). |
cmd | string | — | Signing command to invoke (default: "cosign" or "gpg"). |
env | list of string | — | Environment variables passed to the signing command. |
id | string | — | Unique identifier for this sign config. |
ids | list of string | — | Build IDs filter: only sign artifacts from builds whose id is in this list. |
if | string | — | Template-conditional: skip this sign config if rendered result is "false" or empty. |
output | StringOrBool | — | Capture and log stdout/stderr of the signing command. Accepts bool or template string (e.g., "{{ .IsSnapshot }}"). |
signature | string | — | Signature output filename template (supports templates). |
stdin | string | — | Content written to the signing command's stdin. |
stdin_file | string | — | Path to a file whose content is written to the signing command's stdin. |
snapshot
| Field | Type | Default | Description |
|---|---|---|---|
version_template | string | — | Version string template for snapshot builds (e.g., "{{ .Commit }}-SNAPSHOT"). F3: accepts the deprecated name_template: GR alias (renamed to version_template upstream). GR ref: internal/pipe/snapshot/snapshot.go:25-28 — if NameTemplate != "" { VersionTemplate = NameTemplate }. A deprecation warning is emitted at config-load time when the alias is hit (see apply_snapshot_legacy_aliases). |
source
| Field | Type | Default | Description |
|---|---|---|---|
enabled | bool | — | When true, generate a source code archive for the release. |
files | list of SourceFileEntry | [] | Extra files to include in the source archive. Accepts strings (glob patterns) or objects with src/dst/info. |
format | string | — | Archive format for the source tarball: tar.gz, tgz, tar, or zip (default: tar.gz). |
name_template | string | — | Filename template for the source archive (supports templates). |
prefix_template | string | — | Prefix prepended to all paths inside the archive (supports templates). Defaults to name_template value. Use this to set a different prefix than the archive name. |
srpms
| Field | Type | Default | Description |
|---|---|---|---|
bins | list of string | — | Build IDs whose binaries are bundled into the source RPM. When set, only artifacts produced by builds with these IDs are packaged. Mirrors GR NFPM.Builds. |
build_host | string | — | Override the build host recorded in the RPM header. Useful for reproducible builds where the actual hostname leaks build-env detail. |
compression | string | — | Compression algorithm (gzip, xz, zstd, none). |
contents | list of NfpmContent | — | Additional contents to include in the source RPM. Shares the unified [NfpmContent] type with nFPM contents; SRPM-style source: / destination: / type: keys are accepted via serde aliases. |
description | string | — | Package description. |
docs | list of string | — | Documentation files to include. |
enabled | bool | — | Enable source RPM generation. Default: false. |
epoch | string | — | RPM epoch. |
file_name_template | string | — | Output filename template. |
group | string | — | RPM group. |
import_path | string | — | Project import path (Go-style; for Rust this is the canonical repository URL, e.g. github.com/owner/repo). Used in spec file generation for downstream tooling that expects a vcs-rooted path. |
license | string | — | License identifier. |
license_file_name | string | — | License file name to include. |
maintainer | string | — | Package maintainer. |
package_name | string | — | Package name (default: project_name). |
packager | string | — | RPM packager field. |
posttrans | string | — | %posttrans scriptlet — executed after all packages in the transaction have been installed. Path to a script file. |
prefixes | list of string | — | Filesystem prefixes the package may install to (RPM Prefix: tag). Each entry becomes one Prefix: directive — relocatable RPMs need at least one prefix declared. |
prerelease | string | — | Prerelease suffix appended to the version (e.g. rc1, beta2). Mirrors GR NFPM.Prerelease. |
pretrans | string | — | %pretrans scriptlet — executed on the package transaction before any package in the transaction is installed. Path to a script file. |
section | string | — | RPM section. |
signature | NfpmSignatureConfig | — | RPM signature configuration. Shares the unified [NfpmSignatureConfig] type with nFPM. |
skip | StringOrBool | — | Skip this config. Accepts bool or template string. |
spec_file | string | — | Path to the RPM spec file template. |
summary | string | — | Summary line. |
url | string | — | Homepage URL. |
vendor | string | — | Package vendor. |
version_metadata | string | — | Build metadata appended to the version (e.g. git commit hash). Mirrors GR NFPM.VersionMetadata. |
tag
| Field | Type | Default | Description |
|---|---|---|---|
branch_history | string | — | Branch history mode for determining the previous tag: "full" or "last". |
custom_tag | string | — | Custom version tag to use instead of auto-incrementing. |
default_bump | string | — | Default version bump type when no conventional commit token is found: "major", "minor", "patch", or "none". |
force_without_changes | bool | — | When true, create a new tag even if no commits have changed since the last tag. |
force_without_changes_pre | bool | — | Like force_without_changes but only for pre-release versions. |
git_api_tagging | bool | — | When true, use the GitHub/GitLab API for tagging instead of git CLI. |
initial_version | string | — | Version string to use when no previous tag exists (default: "0.1.0"). |
major_string_token | string | — | Conventional commit token triggering a major bump (default: "major"). |
minor_string_token | string | — | Conventional commit token triggering a minor bump (default: "minor" or "feat"). |
none_string_token | string | — | Conventional commit token suppressing a version bump entirely (default: "none"). |
patch_string_token | string | — | Conventional commit token triggering a patch bump (default: "patch" or "fix"). |
prerelease | bool | — | When true, apply a pre-release suffix to the generated version. |
prerelease_suffix | string | — | Suffix appended to pre-release versions (e.g., "beta"). |
release_branches | list of string | — | Branch name patterns (supports wildcards) that trigger releases (default: ["master", "main"]). |
tag_context | string | — | Source for determining the previous tag: "repo" (default) or "branch". |
tag_post_hooks | list of HookEntry | — | Commands to run after anodizer tag successfully creates and pushes the tag. Env and template vars same as tag_pre_hooks. |
tag_pre_hooks | list of HookEntry | — | Commands to run before anodizer tag creates the tag. Useful for updating lockfiles or committing sibling changes that must be part of the tagged commit. Env: ANODIZER_CURRENT_TAG, ANODIZER_PREVIOUS_TAG are set; template vars {{ .Tag }}, {{ .PreviousTag }}, {{ .Version }}, {{ .PrefixedTag }} are available. |
tag_prefix | string | — | Prefix prepended to version tags (e.g., "v" produces "v1.2.3"). |
verbose | bool | — | When true, print verbose tag calculation output. |
template_files
Configuration for a template file that is rendered through the template engine and placed in the dist directory as a release artifact.
GoReleaser Pro feature: all rendered template files are uploaded to the release by default. Both src and dst paths support template rendering.
| Field | Type | Default | Description |
|---|---|---|---|
dst | string | — | Destination filename, prefixed with the dist directory. Templates: allowed. |
id | string | — | Identifier for this template file entry (default: "default"). |
mode | string | — | File permissions in octal notation as a string, e.g. "0755" (default: "0655"). Parsed at runtime via parse_octal_mode() to avoid YAML interpreting as decimal. |
src | string | — | Source template file path. The file contents are rendered through the template engine. Templates: allowed (in path itself). |
uploads
| Field | Type | Default | Description |
|---|---|---|---|
checksum | bool | — | Include checksums in uploaded artifacts. |
checksum_header | string | — | Header name for the SHA256 checksum of the artifact. |
client_x509_cert | string | — | Path to PEM-encoded client X.509 certificate for mTLS. |
client_x509_key | string | — | Path to PEM-encoded client X.509 key for mTLS. |
custom_artifact_name | bool | — | When true, use the artifact name as-is (don't append to target URL). |
custom_headers | map | — | Custom HTTP headers (each value is template-expanded). |
extra_files | list of ExtraFileSpec | — | Extra files to include in uploading. |
extra_files_only | bool | — | Upload only extra files, skip normal artifacts. |
exts | list of string | — | File extension filter: only upload artifacts with these extensions. |
ids | list of string | — | Build IDs filter: only upload artifacts whose id is in this list. |
meta | bool | — | Include metadata artifacts in uploaded artifacts. |
method | string | — | HTTP method: PUT or POST (default: PUT). |
mode | string | — | Upload mode: "archive" (default) or "binary". |
name | string | — | Human-readable name for this upload config. |
password | string | — | Password for HTTP basic auth (env var template strongly recommended; in-config plaintext leaves the value in dist/config.yaml after dry-run). Resolution order: rendered password template → env UPLOAD_{NAME}_SECRET. Mirrors GoReleaser's Upload.Password cascade (added in upstream v2.12). |
signature | bool | — | Include signatures in uploaded artifacts. |
skip | StringOrBool | — | Skip condition template (if rendered to "true", skip this upload). |
target | string | — | Target URL template (supports template variables like {{ .ProjectName }}, {{ .Version }}). |
trusted_certificates | string | — | Path to PEM-encoded trusted CA certificates. |
username | string | — | Username for HTTP basic auth. Resolution order: rendered username template → env UPLOAD_{NAME}_USERNAME. Set this to a literal value or a {{ .Env.X }} template. |
upx
| Field | Type | Default | Description |
|---|---|---|---|
args | list of string | [] | Extra arguments passed to UPX (e.g., ["-9", "--brute"]). |
binary | string | upx | UPX executable path or name (default: "upx"). |
brute | bool | — | Use brute-force compression (--brute flag). Very slow but produces smallest output. |
compress | string | — | UPX compression level string (e.g., "1"-"9", "best"). Maps to --compress flag. |
enabled | StringOrBool | — | Whether to compress binaries with UPX. Accepts a bool or a template string that evaluates to a bool. |
id | string | — | Unique identifier for this UPX config. |
ids | list of string | — | Build IDs filter: only compress binaries from builds whose id is in this list. |
lzma | bool | — | Use LZMA compression (--lzma flag). |
required | bool | false | When true, fail the build if UPX is not found. |
targets | list of string | — | Target triples to compress binaries for (empty means all targets). |
workspaces
A workspace represents an independent project root within a monorepo. Each workspace has its own crates, changelog, and release configuration, allowing independently-versioned components that aren't Cargo workspace members.
| Field | Type | Default | Description |
|---|---|---|---|
after | HooksConfig | — | Hooks run after this workspace's pipeline completes. |
before | HooksConfig | — | Hooks run before this workspace's pipeline starts. |
binary_signs | list of SignConfig | [] | Binary-specific signing configs (same shape as signs but only for binary artifacts). The artifacts field on each entry is constrained at parse time to binary / none (or omitted) — a broader filter on binary_signs would silently match nothing because the loop only iterates Binary artifacts. Constraint lives in deserialize_binary_signs. |
changelog | ChangelogConfig | — | Changelog configuration for this workspace. |
crates | list of CrateConfig | [] | Crates belonging to this workspace. |
env | list of string | — | Environment variables scoped to this workspace. |
List of KEY=VALUE strings. Order is preserved. Values are template-rendered at pipeline startup. |
| name | string | — | Workspace identifier used in logs and template variables. |
| signs | list of SignConfig | [] | Signing configurations for binaries, archives, and checksums. |
| skip | list of string | [] | Pipeline stages to skip when releasing this workspace. Stage names match the CLI --skip flag (e.g., announce, publish). |