✨ Use GitHub provider to simplify URL

bindl.yaml

@@ -16,31 +16,31 @@ _uname: &uname
 programs:
   - name: cosign
     version: 1.7.1
-    provider: url
+    provider: github
     paths:
-      base: https://github.com/sigstore/cosign/releases/download/v{{ .Version }}
+      base: sigstore/cosign
       target: "{{ .Name }}-{{ .OS }}-{{ .Arch }}"
       checksums: 
         artifact: "{{ .Name }}_checksums.txt"
   - name: addlicense
     version: 1.0.0
-    provider: url
+    provider: github
     overlay:
       OS:
         <<: *uname_OS
         darwin: macOS
       Arch: *uname_Arch
     paths:
-      base: https://github.com/google/addlicense/releases/download/v{{ .Version }}
+      base: google/addlicense
       target: "{{ .Name }}_{{ .Version }}_{{ .OS }}_{{ .Arch }}.tar.gz"
       checksums:
         artifact: checksums.txt
   - name: goreleaser
     version: 1.7.0
-    provider: url
+    provider: github
     overlay: *uname
     paths:
-      base: https://github.com/goreleaser/goreleaser/releases/download/v{{ .Version }}
+      base: goreleaser/goreleaser
       target: "{{ .Name }}_{{ .OS }}_{{ .Arch }}.tar.gz"
       checksums:
         artifact: checksums.txt
@@ -49,9 +49,9 @@ programs:
   - name: golangci-lint
     # LINT: Match with version in .golangci.yaml and .github/workflows/go.yaml
     version: 1.45.2
-    provider: url
+    provider: github
     paths:
-      base: https://github.com/golangci/golangci-lint/releases/download/v{{ .Version }}
+      base: golangci/golangci-lint
       target: "{{ .Name }}-{{ .Version }}-{{ .OS }}-{{ .Arch }}.tar.gz"
       checksums:
         artifact: "{{ .Name }}-{{ .Version }}-checksums.txt"

program/github.go

@@ -0,0 +1,36 @@
+// Copyright 2022 Bindl Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package program
+
+import (
+	"bytes"
+	"text/template"
+
+	"github.com/bindl-dev/bindl/internal"
+)
+
+var (
+	tmplGitHubBase = template.Must(template.New("url").Parse("https://github.com/{{ .Base }}/releases/download/"))
+)
+
+func githubToURL(c *Config) error {
+	var buf bytes.Buffer
+	if err := tmplGitHubBase.Execute(&buf, c.Paths); err != nil {
+		return err
+	}
+	c.Paths.Base = buf.String() + "v{{ .Version }}"
+	internal.Log().Debug().Str("url", c.Paths.Base).Msg("github to url")
+	return nil
+}

program/lock.go

@@ -37,7 +37,7 @@ type Lock struct {
 	Cosign    []*CosignBundle             `json:"cosign,omitempty"`
 }
 
-func NewLock(c *Config) (*Lock, error) {
+func NewLock(ctx context.Context, c *Config, platforms map[string][]string, useCache bool) (*Lock, error) {
 	p := &Lock{
 		Base: Base{
 			Name:    c.Name,
@@ -53,6 +53,9 @@ func NewLock(c *Config) (*Lock, error) {
 	for f, cs := range c.Checksums {
 		p.Checksums[f] = &ArchiveChecksum{Archive: cs}
 	}
+	if err := p.collectBinaryChecksum(ctx, platforms, useCache); err != nil {
+		return nil, err
+	}
 	return p, nil
 }
 
@@ -151,7 +154,7 @@ func (p *Lock) DownloadArchive(ctx context.Context, d download.Downloader, goOS,
 		return nil, fmt.Errorf("expected hash for '%s' is invalid: cannot be empty string", a.Name)
 	}
 
-	internal.Log().Info().Str("program", p.Name).Msg("downloading")
+	internal.Log().Info().Str("program", p.Name).Str("platform", goOS+"/"+goArch).Msg("downloading archive")
 	body, err := d.Get(ctx, url)
 	if err != nil {
 		return nil, fmt.Errorf("downloading program: %w", err)

program/program.go

@@ -68,24 +68,21 @@ type Config struct {
 
 // Lock converts current configuration to Lock, which is the format used by lockfile.
 func (c *Config) Lock(ctx context.Context, platforms map[string][]string, useCache bool) (*Lock, error) {
-	if err := c.loadChecksum(ctx, platforms, useCache); err != nil {
-		return nil, fmt.Errorf("loading checksums: %w", err)
-	}
-	var p *Lock
-	var err error
 	switch c.Provider {
-	case "url":
-		p, err = NewLock(c)
-		if err != nil {
+	case "github":
+		if err := githubToURL(c); err != nil {
 			return nil, err
 		}
-		if err = p.collectBinaryChecksum(ctx, platforms, useCache); err != nil {
-			return nil, err
-		}
-	default:
-		return nil, fmt.Errorf("unknown program config provider: %s", c.Provider)
 	}
 
+	if err := c.loadChecksum(ctx, platforms, useCache); err != nil {
+		return nil, fmt.Errorf("loading checksums: %w", err)
+	}
+
+	p, err := NewLock(ctx, c, platforms, useCache)
+	if err != nil {
+		return nil, err
+	}
 	return p, nil
 }
 
@@ -113,7 +110,7 @@ func (c *Config) loadChecksum(ctx context.Context, platforms map[string][]string
 			if err := bundle.VerifySignature(ctx); err != nil {
 				return fmt.Errorf("verifying signed checksum: %w", err)
 			}
-			internal.Log().Info().Str("program", c.Name).Msg("cosign has verified signature")
+			internal.Log().Info().Str("program", c.Name).Msg("cosign signature valid")
 			c.Paths.Cosign = append(c.Paths.Cosign, bundle)
 		}
 		rawChecksums += "\n" + bundle.Artifact