Automate the release process using a GitHub workflow

The release will trigger when a new tag is pushed.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar 2020-04-09 13:01:40 +02:00 committed by Cosmin Cojocar
parent 341059e11a
commit 51e4317f09
6 changed files with 55 additions and 33 deletions

View file

@ -1,4 +1,4 @@
name: GoSec CI
name: CI
on:
push:
branches:

38
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,38 @@
name: Release
on:
push:
tags:
- 'v*'
jobs:
build:
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v2
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v1
with:
go-version: 1.14.x
- name : Get release version
id: get_version
run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10})
- name: Release Binaries
uses: goreleaser/goreleaser-action@v1
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Release Docker Image
uses: elgohr/Publish-Docker-Github-Action@master
with:
name: securego/gosec
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
buildargs: GO_VERSION=1.14
tags: "latest,${{ env.RELEASE_VERSION }}"
tag_names: true

View file

@ -18,8 +18,3 @@ builds:
ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
env:
- CGO_ENABLED=0
archive:
files:
- README.md
- LICENSE.txt

View file

@ -1,4 +1,4 @@
ARG GO_VERSION=1.13
ARG GO_VERSION
FROM golang:${GO_VERSION}-alpine AS builder
RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev
RUN mkdir -p /build

View file

@ -11,6 +11,7 @@ GOBIN ?= $(GOPATH)/bin
GOLINT ?= $(GOBIN)/golint
GOSEC ?= $(GOBIN)/gosec
GINKGO ?= $(GOBIN)/ginkgo
GO_VERSION = 1.14
default:
$(MAKE) build
@ -58,7 +59,7 @@ build-linux:
image:
@echo "Building the Docker image..."
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) --build-arg GO_VERSION=$(GO_VERSION) .
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
touch image

View file

@ -240,9 +240,9 @@ gosec -tag debug,ignore ./...
### Output formats
gosec currently supports text, json, yaml, csv, sonarqube, JUnit XML and golint output formats. By default
gosec currently supports `text`, `json`, `yaml`, `csv`, `sonarqube`, `JUnit XML`, `html` and `golint` output formats. By default
results will be reported to stdout, but can also be written to an output
file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows:
file. The output format is controlled by the `-fmt` flag, and the output file is controlled by the `-out` flag as follows:
```bash
# Write output in json format to results.json
@ -253,51 +253,39 @@ $ gosec -fmt=json -out=results.json *.go
### Build
You can build the binary with:
```bash
make
```
### Tests
You can run all unit tests using:
```bash
make test
```
### Release Build
### Release
Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows:
You can create a release by tagging the version as follows:
``` bash
git tag v1.0.0
export GITHUB_TOKEN=<YOUR GITHUB TOKEN>
make release
git tag v1.0.0 -m "Release version v1.0.0"
git push origin v1.0.0
```
The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text.
```bash
./dist/darwin_amd64/gosec -h
gosec - Golang security checker
gosec analyzes Go source code to look for common programming mistakes that
VERSION: 1.0.0
GIT TAG: v1.0.0
BUILD DATE: 2018-04-27T12:41:38Z
```
Note that all released archives are also uploaded to GitHub.
The GitHub [release workflow](.github/workflows/release.yml) triggers immediately after the tag is pushed upstream. This flow will
release the binaries using the [goreleaser](https://goreleaser.com/actions/) action and then it will build and publish the docker image into Docker Hub.
### Docker image
You can build the docker image as follows:
You can also build locally the docker image by using the command:
```bash
make image
```
You can run the `gosec` tool in a container against your local Go project. You just have to mount the project
You can run the `gosec` tool in a container against your local Go project. You only have to mount the project
into a volume as follows:
```bash