actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Automate the release process using a GitHub workflow

Browse source 
The release will trigger when a new tag is pushed.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar 2020-04-09 13:01:40 +02:00 committed by Cosmin Cojocar
parent 341059e11a
commit 51e4317f09
6 changed files with 55 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/main.yml → .github/workflows/ci.yml vendored
View file

@ -1,4 +1,4 @@
name: GoSec CI name: CI
on: on:
push: push:
branches: branches:

38
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,38 @@
name: Release
on:
push:
tags:
- 'v*'
jobs:
build:
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v2
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v1
with:
go-version: 1.14.x
- name : Get release version
id: get_version
run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10})
- name: Release Binaries
uses: goreleaser/goreleaser-action@v1
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Release Docker Image
uses: elgohr/Publish-Docker-Github-Action@master
with:
name: securego/gosec
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
buildargs: GO_VERSION=1.14
tags: "latest,${{ env.RELEASE_VERSION }}"
tag_names: true

5
.goreleaser.yml
View file

@ -18,8 +18,3 @@ builds:
ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}} ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
env: env:
- CGO_ENABLED=0 - CGO_ENABLED=0
archive:
files:
- README.md
- LICENSE.txt

2
Dockerfile
View file

@ -1,4 +1,4 @@
ARG GO_VERSION=1.13 ARG GO_VERSION
FROM golang:${GO_VERSION}-alpine AS builder FROM golang:${GO_VERSION}-alpine AS builder
RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev
RUN mkdir -p /build RUN mkdir -p /build

3
Makefile
View file

@ -11,6 +11,7 @@ GOBIN ?= $(GOPATH)/bin
GOLINT ?= $(GOBIN)/golint GOLINT ?= $(GOBIN)/golint
GOSEC ?= $(GOBIN)/gosec GOSEC ?= $(GOBIN)/gosec
GINKGO ?= $(GOBIN)/ginkgo GINKGO ?= $(GOBIN)/ginkgo
GO_VERSION = 1.14
default: default:
$(MAKE) build $(MAKE) build
@ -58,7 +59,7 @@ build-linux:
image: image:
@echo "Building the Docker image..." @echo "Building the Docker image..."
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) . docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) --build-arg GO_VERSION=$(GO_VERSION) .
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
touch image touch image

38
README.md
View file

@ -240,9 +240,9 @@ gosec -tag debug,ignore ./...
### Output formats ### Output formats
gosec currently supports text, json, yaml, csv, sonarqube, JUnit XML and golint output formats. By default gosec currently supports `text`, `json`, `yaml`, `csv`, `sonarqube`, `JUnit XML`, `html` and `golint` output formats. By default
results will be reported to stdout, but can also be written to an output results will be reported to stdout, but can also be written to an output
file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows: file. The output format is controlled by the `-fmt` flag, and the output file is controlled by the `-out` flag as follows:
```bash ```bash
# Write output in json format to results.json # Write output in json format to results.json
@ -253,51 +253,39 @@ $ gosec -fmt=json -out=results.json *.go
### Build ### Build
You can build the binary with:
```bash ```bash
make make
``` ```
### Tests ### Tests
You can run all unit tests using:
```bash ```bash
make test make test
``` ```
### Release Build ### Release
Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows: You can create a release by tagging the version as follows:
```bash ``` bash
git tag v1.0.0 git tag v1.0.0 -m "Release version v1.0.0"
export GITHUB_TOKEN=<YOUR GITHUB TOKEN> git push origin v1.0.0
make release
``` ```
The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text. The GitHub [release workflow](.github/workflows/release.yml) triggers immediately after the tag is pushed upstream. This flow will
release the binaries using the [goreleaser](https://goreleaser.com/actions/) action and then it will build and publish the docker image into Docker Hub.
```bash
./dist/darwin_amd64/gosec -h
gosec - Golang security checker
gosec analyzes Go source code to look for common programming mistakes that
VERSION: 1.0.0
GIT TAG: v1.0.0
BUILD DATE: 2018-04-27T12:41:38Z
```
Note that all released archives are also uploaded to GitHub.
### Docker image ### Docker image
You can build the docker image as follows: You can also build locally the docker image by using the command:
```bash ```bash
make image make image
``` ```
You can run the `gosec` tool in a container against your local Go project. You just have to mount the project You can run the `gosec` tool in a container against your local Go project. You only have to mount the project
into a volume as follows: into a volume as follows:
```bash ```bash