Use the goreleaser tool to perform releases

.gitignore

@@ -8,6 +8,7 @@
 _obj
 _test
 vendor
+dist
 
 # Architecture specific extensions/prefixes
 *.[568vq]

.goreleaser.yml

@@ -0,0 +1,17 @@
+builds:
+  - main : ./cmd/gosec/
+    binary: gosec
+    goos:
+      - darwin
+      - linux
+      - windows
+    goarch:
+      - amd64
+    ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
+    env:
+      - CGO_ENABLED=0
+
+archive:
+  files:
+    - README.md
+    - LICENSE.txt

Dockerfile

@@ -2,7 +2,7 @@ FROM golang:1.9.4-alpine3.7
 
 ENV BIN=gosec
 
-COPY build/*-linux-amd64 /go/bin/$BIN
+COPY dist/linux_amd64/$BIN /go/bin/$BIN
 COPY docker-entrypoint.sh /usr/local/bin
 
 ENTRYPOINT ["docker-entrypoint.sh"]

Makefile

@@ -1,7 +1,5 @@
 GIT_TAG?= $(shell git describe --always --tags)
-BUILD_DATE = $(shell date +%Y-%m-%d)
 BIN = gosec
-BUILD_CMD = go build -ldflags "-X main.Version=${VERSION} -X main.GitTag=${GIT_TAG} -X main.BuildDate=${BUILD_DATE}" -o build/$(BIN)-$(VERSION)-$${GOOS}-$${GOARCH} ./cmd/gosec/ &
 FMT_CMD = $(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)
 IMAGE_REPO = docker.io
 
@@ -9,40 +7,38 @@ default:
 	$(MAKE) bootstrap
 	$(MAKE) build
 
+bootstrap:
+	dep ensure
+
 test: bootstrap
 	test -z '$(FMT_CMD)'
 	go vet $(go list ./... | grep -v /vendor/)
 	golint -set_exit_status $(shell go list ./... | grep -v vendor)
 	gosec ./...
 	ginkgo -r -v
-bootstrap:
-	dep ensure
+
 build:
 	go build -o $(BIN) ./cmd/gosec/
+
 clean:
-	rm -rf build vendor
+	rm -rf build vendor dist
 	rm -f release image bootstrap $(BIN)
+
 release: bootstrap
-ifndef VERSION
-	$(error VERSION flag is not set. Run 'make release VERSION=<YOUR VERSION>'.)
-endif
-	@echo "Running build command..."
-	bash -c '\
-		export GOOS=linux; export GOARCH=amd64; export CGO_ENABLED=0; $(BUILD_CMD) \
-		wait \
-	'
-	touch release
+	@echo "Releasing the gosec binary..."
+	goreleaser release
 
 image: release
 	@echo "Building the Docker image..."
-	docker build -t $(IMAGE_REPO)/$(BIN):$(VERSION) .
-	docker tag $(IMAGE_REPO)/$(BIN):$(VERSION) $(IMAGE_REPO)/$(BIN):latest
+	docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
+	docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
 	touch image
 
 image-push: image
 	@echo "Pushing the Docker image..."
-	docker push $(IMAGE_REPO)/$(BIN):$(VERSION)
+
+docker push $(IMAGE_REPO)/$(BIN):$(GIT_TAG)
 	docker push $(IMAGE_REPO)/$(BIN):latest
 
-.PHONY: test build clean image-push
+.PHONY: test build clean release image image-push
 

README.md

@@ -143,34 +143,35 @@ make test
 
 #### Release Build
 
-gosec can be released as follows:
+Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows:
+git tag 1.0.0
+export GITHUB_TOKEN=<YOUR GITHUB TOKEN>
+make release
 
-```bash
-make release VERSION=2.0.0
-```
-
-The released version of the tool is available in the `build` folder. The build information should be displayed in the usage text.
+The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text.
 
 ```
-./build/gosec-2.0.0-linux-amd64 -h
-
+./dist/darwin_amd64/gosec -h
 gosec  - Golang security checker
 
 gosec analyzes Go source code to look for common programming mistakes that
 can lead to security problems.
 
-VERSION: 2.0.0
-GIT TAG: 96489ff
-BUILD DATE: 2018-02-21
-
+VERSION: 1.0.0
+GIT TAG: 1.0.0
+BUILD DATE: 2018-04-27T12:41:38Z
 ```
 
+Note that all released archives are also uploaded to GitHub.
+
 #### Docker image
 
 You can execute a release and build the docker image as follows:
 
 ```
-make image VERSION=2.0.0
+git tag <VERSION>
+export GITHUB_TOKEN=<Your GitHub token>
+make image
 ```
 
 Now you can run the gosec tool in a container against your local workspace: