mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Automate the release process using a GitHub workflow
The release will trigger when a new tag is pushed. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
341059e11a
commit
51e4317f09
6 changed files with 55 additions and 33 deletions
|
@ -1,4 +1,4 @@
|
|||
name: GoSec CI
|
||||
name: CI
|
||||
on:
|
||||
push:
|
||||
branches:
|
38
.github/workflows/release.yml
vendored
Normal file
38
.github/workflows/release.yml
vendored
Normal file
|
@ -0,0 +1,38 @@
|
|||
name: Release
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
GO111MODULE: on
|
||||
steps:
|
||||
- name: Checkout Source
|
||||
uses: actions/checkout@v2
|
||||
- name: Unshallow
|
||||
run: git fetch --prune --unshallow
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v1
|
||||
with:
|
||||
go-version: 1.14.x
|
||||
- name : Get release version
|
||||
id: get_version
|
||||
run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10})
|
||||
- name: Release Binaries
|
||||
uses: goreleaser/goreleaser-action@v1
|
||||
with:
|
||||
version: latest
|
||||
args: release --rm-dist
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Release Docker Image
|
||||
uses: elgohr/Publish-Docker-Github-Action@master
|
||||
with:
|
||||
name: securego/gosec
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
buildargs: GO_VERSION=1.14
|
||||
tags: "latest,${{ env.RELEASE_VERSION }}"
|
||||
tag_names: true
|
|
@ -18,8 +18,3 @@ builds:
|
|||
ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
|
||||
archive:
|
||||
files:
|
||||
- README.md
|
||||
- LICENSE.txt
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
ARG GO_VERSION=1.13
|
||||
ARG GO_VERSION
|
||||
FROM golang:${GO_VERSION}-alpine AS builder
|
||||
RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev
|
||||
RUN mkdir -p /build
|
||||
|
|
3
Makefile
3
Makefile
|
@ -11,6 +11,7 @@ GOBIN ?= $(GOPATH)/bin
|
|||
GOLINT ?= $(GOBIN)/golint
|
||||
GOSEC ?= $(GOBIN)/gosec
|
||||
GINKGO ?= $(GOBIN)/ginkgo
|
||||
GO_VERSION = 1.14
|
||||
|
||||
default:
|
||||
$(MAKE) build
|
||||
|
@ -58,7 +59,7 @@ build-linux:
|
|||
|
||||
image:
|
||||
@echo "Building the Docker image..."
|
||||
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
|
||||
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) --build-arg GO_VERSION=$(GO_VERSION) .
|
||||
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
|
||||
touch image
|
||||
|
||||
|
|
38
README.md
38
README.md
|
@ -240,9 +240,9 @@ gosec -tag debug,ignore ./...
|
|||
|
||||
### Output formats
|
||||
|
||||
gosec currently supports text, json, yaml, csv, sonarqube, JUnit XML and golint output formats. By default
|
||||
gosec currently supports `text`, `json`, `yaml`, `csv`, `sonarqube`, `JUnit XML`, `html` and `golint` output formats. By default
|
||||
results will be reported to stdout, but can also be written to an output
|
||||
file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows:
|
||||
file. The output format is controlled by the `-fmt` flag, and the output file is controlled by the `-out` flag as follows:
|
||||
|
||||
```bash
|
||||
# Write output in json format to results.json
|
||||
|
@ -253,51 +253,39 @@ $ gosec -fmt=json -out=results.json *.go
|
|||
|
||||
### Build
|
||||
|
||||
You can build the binary with:
|
||||
```bash
|
||||
make
|
||||
```
|
||||
|
||||
### Tests
|
||||
|
||||
You can run all unit tests using:
|
||||
```bash
|
||||
make test
|
||||
```
|
||||
|
||||
### Release Build
|
||||
### Release
|
||||
|
||||
Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows:
|
||||
You can create a release by tagging the version as follows:
|
||||
|
||||
```bash
|
||||
git tag v1.0.0
|
||||
export GITHUB_TOKEN=<YOUR GITHUB TOKEN>
|
||||
make release
|
||||
``` bash
|
||||
git tag v1.0.0 -m "Release version v1.0.0"
|
||||
git push origin v1.0.0
|
||||
```
|
||||
|
||||
The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text.
|
||||
|
||||
```bash
|
||||
./dist/darwin_amd64/gosec -h
|
||||
gosec - Golang security checker
|
||||
|
||||
gosec analyzes Go source code to look for common programming mistakes that
|
||||
|
||||
|
||||
VERSION: 1.0.0
|
||||
GIT TAG: v1.0.0
|
||||
BUILD DATE: 2018-04-27T12:41:38Z
|
||||
```
|
||||
|
||||
Note that all released archives are also uploaded to GitHub.
|
||||
The GitHub [release workflow](.github/workflows/release.yml) triggers immediately after the tag is pushed upstream. This flow will
|
||||
release the binaries using the [goreleaser](https://goreleaser.com/actions/) action and then it will build and publish the docker image into Docker Hub.
|
||||
|
||||
### Docker image
|
||||
|
||||
You can build the docker image as follows:
|
||||
You can also build locally the docker image by using the command:
|
||||
|
||||
```bash
|
||||
make image
|
||||
```
|
||||
|
||||
You can run the `gosec` tool in a container against your local Go project. You just have to mount the project
|
||||
You can run the `gosec` tool in a container against your local Go project. You only have to mount the project
|
||||
into a volume as follows:
|
||||
|
||||
```bash
|
||||
|
|
Loading…
Reference in a new issue