Merge pull request #219 from ccojocar/goreleaser

Use the goreleaser tool to perform releases

.gitignore

@@ -8,6 +8,7 @@
 _obj
 _test
 vendor
+dist
 
 # Architecture specific extensions/prefixes
 *.[568vq]

.goreleaser.yml

@@ -0,0 +1,17 @@
+builds:
+  - main : ./cmd/gosec/
+    binary: gosec
+    goos:
+      - darwin
+      - linux
+      - windows
+    goarch:
+      - amd64
+    ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
+    env:
+      - CGO_ENABLED=0
+
+archive:
+  files:
+    - README.md
+    - LICENSE.txt

Dockerfile

@@ -2,7 +2,7 @@ FROM golang:1.9.4-alpine3.7
 
 ENV BIN=gosec
 
-COPY build/*-linux-amd64 /go/bin/$BIN
+COPY dist/linux_amd64/$BIN /go/bin/$BIN
 COPY docker-entrypoint.sh /usr/local/bin
 
 ENTRYPOINT ["docker-entrypoint.sh"]

Gopkg.lock

@@ -2,17 +2,22 @@
 
 
 [[projects]]
+  digest = "1:39170dcf72d0ac5933791daaf27a80782c24e9946cdc60fe98928d9429a9726d"
   name = "github.com/kisielk/gotool"
   packages = ["."]
+  pruneopts = "UT"
   revision = "0de1eaf82fa3f583ce21fde859f1e7e0c5e9b220"
 
 [[projects]]
   branch = "master"
+  digest = "1:bdb092d0984bf77804e133403f739ad84b16abaa256e21f5e7b88aabbb6d546b"
   name = "github.com/mozilla/tls-observatory"
   packages = ["constants"]
+  pruneopts = "UT"
   revision = "8791a200eb40f8625a152bfb8336171305f5f35c"
 
 [[projects]]
+  digest = "1:0a32435e3f12b75f2c0cd806c5b21fb92e29f70e5f76880dc852bba5e10f6585"
   name = "github.com/nbutton23/zxcvbn-go"
   packages = [
     ".",
@@ -23,11 +28,13 @@
     "match",
     "matching",
     "scoring",
-    "utils/math"
+    "utils/math",
   ]
+  pruneopts = "UT"
   revision = "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
 
 [[projects]]
+  digest = "1:e54fe200d15850589f578095e5b23ed0afb8d44fb39122e63b5195cbd3858f30"
   name = "github.com/onsi/ginkgo"
   packages = [
     ".",
@@ -47,11 +54,13 @@
     "reporters/stenographer",
     "reporters/stenographer/support/go-colorable",
     "reporters/stenographer/support/go-isatty",
-    "types"
+    "types",
   ]
+  pruneopts = "UT"
   revision = "11459a886d9cd66b319dac7ef1e917ee221372c9"
 
 [[projects]]
+  digest = "1:e340739c2403b0e6ee006e83c375754f44c1a483b695eff1b588acf8c4824925"
   name = "github.com/onsi/gomega"
   packages = [
     ".",
@@ -65,31 +74,39 @@
     "matchers/support/goraph/edge",
     "matchers/support/goraph/node",
     "matchers/support/goraph/util",
-    "types"
+    "types",
   ]
+  pruneopts = "UT"
   revision = "dcabb60a477c2b6f456df65037cb6708210fbb02"
 
 [[projects]]
   branch = "master"
+  digest = "1:5b92d232e81c3e8eec282c92dcaa2e0e1ad3c23157be19a01b3e33f7e6e8d137"
   name = "github.com/ryanuber/go-glob"
   packages = ["."]
+  pruneopts = "UT"
   revision = "256dc444b735e061061cf46c809487313d5b0065"
 
 [[projects]]
+  digest = "1:499075870f4939e64e9d93c84c5fdf9b6253ec6e89c5dcb0a69f91292d6a2b30"
   name = "golang.org/x/net"
   packages = [
     "html",
     "html/atom",
-    "html/charset"
+    "html/charset",
   ]
+  pruneopts = "UT"
   revision = "8351a756f30f1297fe94bbf4b767ec589c6ea6d0"
 
 [[projects]]
+  digest = "1:dae112b8ead03c5ae8106611d0788be212309815b1885ff1667bd3a41d509a4e"
   name = "golang.org/x/sys"
   packages = ["unix"]
+  pruneopts = "UT"
   revision = "164713f0dfcec4e80be8b53e1f0811f5f0d84578"
 
 [[projects]]
+  digest = "1:387e284158b231a5993cd01407562fc211f076a8904821db6993cf8dbf57b948"
   name = "golang.org/x/text"
   packages = [
     "encoding",
@@ -108,27 +125,41 @@
     "language",
     "runes",
     "transform",
-    "unicode/cldr"
+    "unicode/cldr",
   ]
+  pruneopts = "UT"
   revision = "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
 
 [[projects]]
+  digest = "1:96b9641eaaf0d03defe4e63d05e4711bf8066c543d4de838438244955811ff17"
   name = "golang.org/x/tools"
   packages = [
     "go/ast/astutil",
     "go/buildutil",
-    "go/loader"
+    "go/loader",
   ]
+  pruneopts = "UT"
   revision = "e531a2a1c15f94033f6fa87666caeb19a688175f"
 
 [[projects]]
+  digest = "1:6570992c02a2137a20be83990a979b6fe892e20ecdc6b756449989b2a7efb8ae"
   name = "gopkg.in/yaml.v2"
   packages = ["."]
+  pruneopts = "UT"
   revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f"
 
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "706e049cd8b8db8705af09e7a375a999d01373a409beadc850c80d64de9849fd"
+  input-imports = [
+    "github.com/kisielk/gotool",
+    "github.com/mozilla/tls-observatory/constants",
+    "github.com/nbutton23/zxcvbn-go",
+    "github.com/onsi/ginkgo",
+    "github.com/onsi/gomega",
+    "github.com/ryanuber/go-glob",
+    "golang.org/x/tools/go/loader",
+    "gopkg.in/yaml.v2",
+  ]
   solver-name = "gps-cdcl"
   solver-version = 1

Makefile

@@ -1,7 +1,5 @@
 GIT_TAG?= $(shell git describe --always --tags)
-BUILD_DATE = $(shell date +%Y-%m-%d)
 BIN = gosec
-BUILD_CMD = go build -ldflags "-X main.Version=${VERSION} -X main.GitTag=${GIT_TAG} -X main.BuildDate=${BUILD_DATE}" -o build/$(BIN)-$(VERSION)-$${GOOS}-$${GOARCH} ./cmd/gosec/ &
 FMT_CMD = $(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)
 IMAGE_REPO = docker.io
 
@@ -9,40 +7,38 @@ default:
 	$(MAKE) bootstrap
 	$(MAKE) build
 
+bootstrap:
+	dep ensure
+
 test: bootstrap
 	test -z '$(FMT_CMD)'
 	go vet $(go list ./... | grep -v /vendor/)
 	golint -set_exit_status $(shell go list ./... | grep -v vendor)
 	gosec ./...
 	ginkgo -r -v
-bootstrap:
-	dep ensure
+
 build:
 	go build -o $(BIN) ./cmd/gosec/
+
 clean:
-	rm -rf build vendor
+	rm -rf build vendor dist
 	rm -f release image bootstrap $(BIN)
+
 release: bootstrap
-ifndef VERSION
-	$(error VERSION flag is not set. Run 'make release VERSION=<YOUR VERSION>'.)
-endif
-	@echo "Running build command..."
-	bash -c '\
-		export GOOS=linux; export GOARCH=amd64; export CGO_ENABLED=0; $(BUILD_CMD) \
-		wait \
-	'
-	touch release
+	@echo "Releasing the gosec binary..."
+	goreleaser release
 
 image: release
 	@echo "Building the Docker image..."
-	docker build -t $(IMAGE_REPO)/$(BIN):$(VERSION) .
-	docker tag $(IMAGE_REPO)/$(BIN):$(VERSION) $(IMAGE_REPO)/$(BIN):latest
+	docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
+	docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
 	touch image
 
 image-push: image
 	@echo "Pushing the Docker image..."
-	docker push $(IMAGE_REPO)/$(BIN):$(VERSION)
+
+docker push $(IMAGE_REPO)/$(BIN):$(GIT_TAG)
 	docker push $(IMAGE_REPO)/$(BIN):latest
 
-.PHONY: test build clean image-push
+.PHONY: test build clean release image image-push
 

README.md

@@ -143,34 +143,35 @@ make test
 
 #### Release Build
 
-gosec can be released as follows:
+Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows:
+git tag 1.0.0
+export GITHUB_TOKEN=<YOUR GITHUB TOKEN>
+make release
 
-```bash
-make release VERSION=2.0.0
-```
-
-The released version of the tool is available in the `build` folder. The build information should be displayed in the usage text.
+The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text.
 
 ```
-./build/gosec-2.0.0-linux-amd64 -h
-
+./dist/darwin_amd64/gosec -h
 gosec  - Golang security checker
 
 gosec analyzes Go source code to look for common programming mistakes that
 can lead to security problems.
 
-VERSION: 2.0.0
-GIT TAG: 96489ff
-BUILD DATE: 2018-02-21
-
+VERSION: 1.0.0
+GIT TAG: 1.0.0
+BUILD DATE: 2018-04-27T12:41:38Z
 ```
 
+Note that all released archives are also uploaded to GitHub.
+
 #### Docker image
 
 You can execute a release and build the docker image as follows:
 
 ```
-make image VERSION=2.0.0
+git tag <VERSION>
+export GITHUB_TOKEN=<Your GitHub token>
+make image
 ```
 
 Now you can run the gosec tool in a container against your local workspace: