chore(deps): update dependency goreleaser/goreleaser to v2.7

This MR contains the following updates:

Package	Update	Change
goreleaser/goreleaser	minor	2.6.1 -> 2.7

View the Renovate pipeline for this MR

---

Release Notes

goreleaser/goreleaser (goreleaser/goreleaser)

v2.7

Compare Source

Changelog

New Features

• 6005c5f: feat(cmd): filter check filename completion to YAML files (#​5515) (@​scop)
• a428222: feat(http/artifactory): skip configuration (#​5500) (@​caarlos0)
• 8824f9b: feat: allow oss to use pro configurations when --snapshot is set (#​5501) (@​caarlos0)

Bug fixes

• 303503b: fix(build): --output completion usage (#​5516) (@​scop)
• c69da06: fix(go): build env overrides (#​5492) (@​caarlos0)
• faa1953: fix(go): ppc64le should use GOPPC64 as well (@​caarlos0)
• bb3d80e: fix(nfpm): missing deb scripts config (@​caarlos0)
• 0ea02b9: fix: better build errors (@​caarlos0)
• b6db2c4: fix: improve config version warning message phrasing (#​5510) (@​scop)
• 1607083: fix: simplify test a bit (@​caarlos0)
• a66104c: fix: small lint issue (@​caarlos0)
• bcf21c4: fix: use oxford comma (@​caarlos0)
• fb008a7: refactor: use math/rand/v2 (#​5507) (@​alexandear)

Dependency updates

• 981d6c3: Revert "chore(deps): bump golang from 1.23.5-alpine to 1.24rc2-alpine" (#​5534) (@​caarlos0)
• 4e1d38d: chore(deps): bump actions/checkout from 3 to 4 (#​5475) (@​dependabot[bot])
• cea420a: chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (#​5483) (@​dependabot[bot])
• 56aa477: chore(deps): bump codecov/codecov-action from 5.1.2 to 5.2.0 (#​5477) (@​dependabot[bot])
• e473a13: chore(deps): bump codecov/codecov-action from 5.2.0 to 5.3.0 (#​5482) (@​dependabot[bot])
• 2879963: chore(deps): bump codecov/codecov-action from 5.3.0 to 5.3.1 (#​5488) (@​dependabot[bot])
• fa85922: chore(deps): bump dagger/dagger-for-github from 7.0.4 to 7.0.5 (#​5530) (@​dependabot[bot])
• e9fd631: chore(deps): bump dependabot/fetch-metadata from 2.2.0 to 2.3.0 (#​5490) (@​dependabot[bot])
• 65a4dcd: chore(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#​5529) (@​dependabot[bot])
• e30470b: chore(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0 (#​5531) (@​dependabot[bot])
• 32e1c0a: chore(deps): bump github.com/agnivade/levenshtein from 1.2.0 to 1.2.1 (#​5495) (@​dependabot[bot])
• 83cb529: chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3 (#​5476) (@​dependabot[bot])
• 437e9f6: chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 (#​5481) (@​dependabot[bot])
• 36b4028: chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 (#​5489) (@​dependabot[bot])
• 8c75f4c: chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6 (#​5494) (@​dependabot[bot])
• 7ed6b9f: chore(deps): bump github/codeql-action from 3.28.6 to 3.28.8 (#​5502) (@​dependabot[bot])
• 629bf24: chore(deps): bump gitlab.com/gitlab-org/api/client-go from 0.120.0 to 0.121.0 (#​5518) (@​dependabot[bot])
• 05686de: chore(deps): bump gitlab.com/gitlab-org/api/client-go from 0.121.0 to 0.122.0 (#​5525) (@​dependabot[bot])
• 005526f: chore(deps): bump golang from 1.23.5-alpine to 1.24rc2-alpine (#​5527) (@​dependabot[bot])
• fa1b518: chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#​5524) (@​dependabot[bot])
• c1c11b3: chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#​5526) (@​dependabot[bot])
• abf2bad: chore(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 (#​5523) (@​dependabot[bot])
• 093e296: chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 (#​5521) (@​dependabot[bot])
• 139a5a1: chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#​5522) (@​dependabot[bot])
• c57ca5a: chore(deps): update go-github (@​caarlos0)

Documentation updates

• fb003f1: docs(docker_sign): ${artifact} does not contain the digest (#​5513) (@​scop)
• 317763c: docs(docker_sign): bring args defaults up to date (#​5514) (@​scop)
• b05e985: docs(sbom): fix default artifact info (#​5509) (@​scop)
• a3d4625: docs: add go report card badge (#​5486) (@​jessp01)
• 6abf2cd: docs: add vedant as a maintainer (#​5471) (@​caarlos0)
• a6c8ca3: docs: attestations (#​5474) (@​caarlos0)
• a0557c0: docs: fix install (@​caarlos0)
• 8aacb19: docs: preparing for v2.7 (@​caarlos0)
• c7c9fdc: docs: remove unreleased for v2.6 (#​5479) (@​vedantmgoyal9)
• 2b17ba5: docs: update (@​caarlos0)
• 1489ad9: docs: update (@​caarlos0)
• d626626: docs: update (@​caarlos0)
• 894cf38: docs: update (@​caarlos0)

Build process updates

• d5efdc8: ci: attest release artifacts (@​caarlos0)
• 9e55ae0: ci: avoid duplicated nightly builds (@​caarlos0)
• 44abf9b: ci: codecov only on linux (@​caarlos0)
• e3b0e8f: ci: fix rev-parse (@​caarlos0)
• 751fd3b: ci: missing perm (@​caarlos0)
• b38ba19: ci: testing attestations (@​caarlos0)

Other work

• a812525: chore: auto-update generated files (@​actions-user)
• 196dd0d: chore: auto-update generated files (@​actions-user)
• 7cecfdf: chore: discussions first? (#​5506) (@​caarlos0)
• 199354a: chore: fix comment (@​caarlos0)
• 049c385: chore: fix fake misspell warning (@​caarlos0)
• cbc04a7: chore: schema update (@​caarlos0)
• 38344e7: chore: set token (@​caarlos0)
• f514d68: chore: update docs (@​caarlos0)
• 9fc0b8c: chore: update security policy (#​5478) (@​vedantmgoyal9)

Full Changelog: https://github.com/goreleaser/goreleaser/compare/v2.6.1...v2.7.0

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them? You can sponsor, get a Pro License or contribute with code.

Where to go next?

• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻️ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.