diff --git a/.github/workflows/main.yml b/.github/workflows/ci.yml similarity index 98% rename from .github/workflows/main.yml rename to .github/workflows/ci.yml index 84f141e..c74ad9c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: GoSec CI +name: CI on: push: branches: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..5945148 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,38 @@ +name: Release +on: + push: + tags: + - 'v*' +jobs: + build: + runs-on: ubuntu-latest + env: + GO111MODULE: on + steps: + - name: Checkout Source + uses: actions/checkout@v2 + - name: Unshallow + run: git fetch --prune --unshallow + - name: Set up Go + uses: actions/setup-go@v1 + with: + go-version: 1.14.x + - name : Get release version + id: get_version + run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10}) + - name: Release Binaries + uses: goreleaser/goreleaser-action@v1 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Release Docker Image + uses: elgohr/Publish-Docker-Github-Action@master + with: + name: securego/gosec + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + buildargs: GO_VERSION=1.14 + tags: "latest,${{ env.RELEASE_VERSION }}" + tag_names: true diff --git a/.goreleaser.yml b/.goreleaser.yml index 9951a96..4f8fc41 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -18,8 +18,3 @@ builds: ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}} env: - CGO_ENABLED=0 - -archive: - files: - - README.md - - LICENSE.txt diff --git a/Dockerfile b/Dockerfile index 7e8fe02..a874697 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.13 +ARG GO_VERSION FROM golang:${GO_VERSION}-alpine AS builder RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev RUN mkdir -p /build diff --git a/Makefile b/Makefile index 82e6b05..217651c 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,7 @@ GOBIN ?= $(GOPATH)/bin GOLINT ?= $(GOBIN)/golint GOSEC ?= $(GOBIN)/gosec GINKGO ?= $(GOBIN)/ginkgo +GO_VERSION = 1.14 default: $(MAKE) build @@ -58,7 +59,7 @@ build-linux: image: @echo "Building the Docker image..." - docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) . + docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) --build-arg GO_VERSION=$(GO_VERSION) . docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest touch image diff --git a/README.md b/README.md index cf795c8..3443673 100644 --- a/README.md +++ b/README.md @@ -240,9 +240,9 @@ gosec -tag debug,ignore ./... ### Output formats -gosec currently supports text, json, yaml, csv, sonarqube, JUnit XML and golint output formats. By default +gosec currently supports `text`, `json`, `yaml`, `csv`, `sonarqube`, `JUnit XML`, `html` and `golint` output formats. By default results will be reported to stdout, but can also be written to an output -file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows: +file. The output format is controlled by the `-fmt` flag, and the output file is controlled by the `-out` flag as follows: ```bash # Write output in json format to results.json @@ -253,51 +253,39 @@ $ gosec -fmt=json -out=results.json *.go ### Build +You can build the binary with: ```bash make ``` ### Tests +You can run all unit tests using: ```bash make test ``` -### Release Build +### Release -Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows: +You can create a release by tagging the version as follows: -```bash -git tag v1.0.0 -export GITHUB_TOKEN= -make release +``` bash +git tag v1.0.0 -m "Release version v1.0.0" +git push origin v1.0.0 ``` -The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text. - -```bash -./dist/darwin_amd64/gosec -h -gosec - Golang security checker - -gosec analyzes Go source code to look for common programming mistakes that - - -VERSION: 1.0.0 -GIT TAG: v1.0.0 -BUILD DATE: 2018-04-27T12:41:38Z -``` - -Note that all released archives are also uploaded to GitHub. +The GitHub [release workflow](.github/workflows/release.yml) triggers immediately after the tag is pushed upstream. This flow will +release the binaries using the [goreleaser](https://goreleaser.com/actions/) action and then it will build and publish the docker image into Docker Hub. ### Docker image -You can build the docker image as follows: +You can also build locally the docker image by using the command: ```bash make image ``` -You can run the `gosec` tool in a container against your local Go project. You just have to mount the project +You can run the `gosec` tool in a container against your local Go project. You only have to mount the project into a volume as follows: ```bash