From 9a8cd81310c8cc081ef9d9bd5175fd0c5fe9cbdd Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 28 Jun 2024 17:19:52 +0800 Subject: [PATCH 1/2] chore: update CI workflows Based on smlx/go-cli-github. --- .github/commitlint.config.mjs | 29 +++++++++ .github/dependabot.yaml | 44 +++++++++++++ .github/dependabot.yml | 14 ---- .github/dependency-review-config.yaml | 20 ++++++ .github/workflows/build.yaml | 46 +++++++++---- .github/workflows/codeql-analysis.yaml | 33 ---------- .github/workflows/coverage.yaml | 33 +++++----- .github/workflows/dependabot-automerge.yaml | 27 +++++--- .github/workflows/dependency-review.yaml | 16 +++++ .github/workflows/lint.yaml | 50 ++++++++------ .github/workflows/release.yaml | 72 ++++++++++----------- .github/workflows/tag-to-release.yaml | 34 ---------- .github/workflows/test.yaml | 23 ++++--- .github/workflows/user-documentation.yaml | 12 +--- .gitignore | 5 +- .goreleaser.macos-latest.yaml | 35 ++++++++++ .goreleaser.macos-latest.yml | 17 ----- .goreleaser.ubuntu-latest.yaml | 35 ++++++++++ .goreleaser.ubuntu-latest.yml | 17 ----- Dockerfile | 2 +- commitlint.config.js | 15 ----- 21 files changed, 336 insertions(+), 243 deletions(-) create mode 100644 .github/commitlint.config.mjs create mode 100644 .github/dependabot.yaml delete mode 100644 .github/dependabot.yml create mode 100644 .github/dependency-review-config.yaml delete mode 100644 .github/workflows/codeql-analysis.yaml create mode 100644 .github/workflows/dependency-review.yaml delete mode 100644 .github/workflows/tag-to-release.yaml create mode 100644 .goreleaser.macos-latest.yaml delete mode 100644 .goreleaser.macos-latest.yml create mode 100644 .goreleaser.ubuntu-latest.yaml delete mode 100644 .goreleaser.ubuntu-latest.yml delete mode 100644 commitlint.config.js diff --git a/.github/commitlint.config.mjs b/.github/commitlint.config.mjs new file mode 100644 index 0000000..51b1c33 --- /dev/null +++ b/.github/commitlint.config.mjs @@ -0,0 +1,29 @@ +/* Taken from: https://github.com/wagoid/commitlint-github-action/blob/7f0a61df502599e1f1f50880aaa7ec1e2c0592f2/commitlint.config.mjs */ +/* eslint-disable import/no-extraneous-dependencies */ +import { maxLineLength } from '@commitlint/ensure' + +const bodyMaxLineLength = 100 + +const validateBodyMaxLengthIgnoringDeps = (parsedCommit) => { + const { type, scope, body } = parsedCommit + const isDepsCommit = + type === 'chore' && (scope === 'deps' || scope === 'deps-dev') + + return [ + isDepsCommit || !body || maxLineLength(body, bodyMaxLineLength), + `body's lines must not be longer than ${bodyMaxLineLength}`, + ] +} + +export default { + extends: ['@commitlint/config-conventional'], + plugins: ['commitlint-plugin-function-rules'], + rules: { + 'body-max-line-length': [0], + 'function-rules/body-max-line-length': [ + 2, + 'always', + validateBodyMaxLengthIgnoringDeps, + ], + }, +} diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..c344a50 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,44 @@ +version: 2 +updates: +- package-ecosystem: github-actions + commit-message: + prefix: chore + include: scope + directory: / + schedule: + interval: monthly + groups: + github-actions: + patterns: + - "*" + update-types: + - "minor" + - "patch" +- package-ecosystem: docker + commit-message: + prefix: chore + include: scope + directory: / + schedule: + interval: monthly + groups: + docker: + patterns: + - "*" + update-types: + - "minor" + - "patch" +- package-ecosystem: gomod + commit-message: + prefix: chore + include: scope + directory: / + schedule: + interval: monthly + groups: + gomod: + patterns: + - "*" + update-types: + - "minor" + - "patch" diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index a94854f..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: 2 -updates: -- package-ecosystem: github-actions - directory: / - schedule: - interval: daily - commit-message: - prefix: chore -- package-ecosystem: gomod - directory: / - schedule: - interval: daily - commit-message: - prefix: chore diff --git a/.github/dependency-review-config.yaml b/.github/dependency-review-config.yaml new file mode 100644 index 0000000..08389a1 --- /dev/null +++ b/.github/dependency-review-config.yaml @@ -0,0 +1,20 @@ +# https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md +allow-licenses: +- 'Apache-2.0' +- 'BSD-2-Clause' +- 'BSD-2-Clause-FreeBSD' +- 'BSD-3-Clause' +- 'ISC' +- 'MIT' +- 'PostgreSQL' +- 'Python-2.0' +- 'X11' +- 'Zlib' + +allow-dependencies-licenses: +# this action is GPL-3 but it is only used in CI +# https://github.com/actions/dependency-review-action/issues/530#issuecomment-1638291806 +- pkg:githubactions/vladopajic/go-test-coverage@bcd064e5ceef1ccec5441519eb054263b6a44787 +# this package is MPL-2.0 and has a CNCF exception +# https://github.com/cncf/foundation/blob/9b8c9173c2101c1b4aedad3caf2c0128715133f6/license-exceptions/cncf-exceptions-2022-04-12.json#L43C17-L43C47 +- pkg:golang/github.com/go-sql-driver/mysql diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8a370dd..99e82af 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,7 +1,13 @@ -name: Build -on: pull_request +name: build +on: + pull_request: + branches: + - main +permissions: {} jobs: - build: + build-snapshot: + permissions: + contents: read strategy: matrix: os: @@ -9,19 +15,35 @@ jobs: - macos-latest runs-on: ${{ matrix.os }} steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + ref: ${{ github.event.pull_request.head.sha }} + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - name: Install Dependencies (ubuntu) if: matrix.os == 'ubuntu-latest' run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev - - name: Set up environment - run: echo "GOVERSION=$(go version)" >> $GITHUB_ENV - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 + - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 + id: goreleaser with: version: latest - args: build --snapshot --rm-dist --config .goreleaser.${{ matrix.os }}.yml + args: build --clean --verbose --snapshot --config .goreleaser.${{ matrix.os }}.yaml + check-tag: + permissions: + contents: read + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + fetch-depth: 0 + - id: ccv + uses: smlx/ccv@d3de774e9b607b079940a7a86952f44643743336 # v0.9.0 + with: + write-tag: false + - run: | + echo "new-tag=$NEW_TAG" + echo "new-tag-version=$NEW_TAG_VERSION" + env: + NEW_TAG: ${{steps.ccv.outputs.new-tag}} + NEW_TAG_VERSION: ${{steps.ccv.outputs.new-tag-version}} diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml deleted file mode 100644 index a2f7491..0000000 --- a/.github/workflows/codeql-analysis.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: CodeQL -on: - push: - branches: - - main - pull_request: - # The branches below must be a subset of the branches above - branches: - - main -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 384abc2..3982dc2 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -1,32 +1,31 @@ -name: Coverage +name: coverage on: push: branches: - main - +permissions: {} jobs: coverage: + permissions: + contents: write runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Configure git - run: | - git config --global user.name "$GITHUB_ACTOR" - git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Set up go - uses: actions/setup-go@v5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - name: Install Dependencies run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev - name: Calculate coverage run: | - go test -v -covermode=count -coverprofile=coverage.out.raw -coverpkg=./... ./... - grep -v mock_ coverage.out.raw > coverage.out - - name: Convert coverage to lcov - uses: jandelgado/gcov2lcov-action@v1.0.9 - - name: Coveralls - uses: coverallsapp/github-action@v2.2.3 + go test -v -covermode=atomic -coverprofile=cover.out.raw -coverpkg=./... ./... + # remove generated code from coverage calculation + grep -Ev 'internal/mock|_enumer.go' cover.out.raw > cover.out + - name: Generage coverage badge + uses: vladopajic/go-test-coverage@1079cd4e58dda229c04ffdb6324fc3756b8542ff # v2.10.1 with: - github-token: ${{ secrets.github_token }} + profile: cover.out + local-prefix: github.com/${{ github.repository }} + git-token: ${{ secrets.GITHUB_TOKEN }} + # orphan branch for storing badges + git-branch: badges diff --git a/.github/workflows/dependabot-automerge.yaml b/.github/workflows/dependabot-automerge.yaml index 8f3942a..df319e8 100644 --- a/.github/workflows/dependabot-automerge.yaml +++ b/.github/workflows/dependabot-automerge.yaml @@ -1,17 +1,24 @@ # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request -name: Dependabot auto-merge -on: pull_request - -permissions: - contents: write - pull-requests: write - +name: dependabot auto-merge +on: + pull_request: + branches: + - main +permissions: {} jobs: - dependabot: + dependabot-automerge: + permissions: + contents: write + pull-requests: write runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} + if: github.actor == 'dependabot[bot]' steps: - - name: Enable auto-merge for Dependabot PRs + - name: Fetch dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 # v2.1.0 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs # these still need approval before merge run: gh pr merge --auto --merge "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml new file mode 100644 index 0000000..2c706e1 --- /dev/null +++ b/.github/workflows/dependency-review.yaml @@ -0,0 +1,16 @@ +name: dependency review +on: + pull_request: + branches: + - main +permissions: {} +jobs: + dependency-review: + permissions: + contents: read + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 + with: + config-file: .github/dependency-review-config.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index c896e6c..846d59a 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,28 +1,42 @@ -name: Lint -on: pull_request +name: lint +on: + pull_request: + branches: + - main +permissions: {} jobs: - golangci-lint: - name: lint + lint-go: + permissions: + contents: read runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install Dependencies - run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev - - name: Install Go - uses: actions/setup-go@v5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - - name: golangci-lint - uses: golangci/golangci-lint-action@v5 + - name: Install Dependencies + run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev + - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: - version: latest - commitlint: + args: --timeout=180s --enable gocritic + lint-commits: + permissions: + contents: read + pull-requests: read runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - - name: Lint commit messages - uses: wagoid/commitlint-github-action@v5.4.5 + - uses: wagoid/commitlint-github-action@7f0a61df502599e1f1f50880aaa7ec1e2c0592f2 # v6.0.1 + with: + configFile: .github/commitlint.config.mjs + lint-actions: + permissions: + contents: read + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: docker://rhysd/actionlint:1.7.0@sha256:601d6faeefa07683a4a79f756f430a1850b34d575d734b1d1324692202bf312e # v1.7.0 + with: + args: -color diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 777f5e8..b15a9fa 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,41 +1,32 @@ -name: Release +name: release on: push: branches: - main +permissions: {} jobs: - tag: + release-tag: + permissions: + # create tag + contents: write runs-on: ubuntu-latest outputs: - new-tag: ${{ steps.bump-tag.outputs.new }} + new-tag: ${{ steps.ccv.outputs.new-tag }} steps: - - name: Checkout - uses: actions/checkout@v4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - - name: Configure Git - run: | - git config --global user.name "$GITHUB_ACTOR" - git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: stable - - name: Install ccv - run: > - curl -sSL https://github.com/smlx/ccv/releases/download/v0.3.2/ccv_0.3.2_linux_amd64.tar.gz - | sudo tar -xz -C /usr/local/bin ccv - name: Bump tag if necessary - id: bump-tag - run: | - if [ -z $(git tag -l $(ccv)) ]; then - git tag $(ccv) - git push --tags - echo "new=true" >> $GITHUB_OUTPUT - fi - release: - needs: tag - if: needs.tag.outputs.new-tag == 'true' + id: ccv + uses: smlx/ccv@d3de774e9b607b079940a7a86952f44643743336 # v0.9.0 + release-build: + permissions: + # create release + contents: write + # required by attest-build-provenance + attestations: write + needs: release-tag + if: needs.release-tag.outputs.new-tag == 'true' strategy: # avoid concurrent goreleaser runs max-parallel: 1 @@ -45,23 +36,32 @@ jobs: - macos-latest runs-on: ${{ matrix.os }} steps: - - name: Checkout - uses: actions/checkout@v4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - - name: Install Go - uses: actions/setup-go@v5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - name: Install Dependencies if: matrix.os == 'ubuntu-latest' run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev - - name: Set up environment - run: echo "GOVERSION=$(go version)" >> $GITHUB_ENV - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 + - uses: advanced-security/sbom-generator-action@375dee8e6144d9fd0ec1f5667b4f6fb4faacefed # v0.0.1 + id: sbom + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Move sbom to avoid dirty git + run: mv "$GITHUB_SBOM_PATH" ./sbom.spdx.json + env: + GITHUB_SBOM_PATH: ${{ steps.sbom.outputs.fileName }} + - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 + id: goreleaser with: version: latest - args: release --rm-dist --config .goreleaser.${{ matrix.os }}.yml + args: release --clean --config .goreleaser.${{ matrix.os }}.yaml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_SBOM_PATH: ./sbom.spdx.json + # attest archives + - uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0 + with: + subject-path: "dist/*.tar.gz" diff --git a/.github/workflows/tag-to-release.yaml b/.github/workflows/tag-to-release.yaml deleted file mode 100644 index 53d9795..0000000 --- a/.github/workflows/tag-to-release.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: Tag to Release -on: - push: - tags: - - v* -jobs: - release: - strategy: - # avoid concurrent goreleaser runs - max-parallel: 1 - matrix: - os: - - ubuntu-latest - - macos-latest - runs-on: ${{ matrix.os }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: stable - - name: Install Dependencies (ubuntu) - if: matrix.os == 'ubuntu-latest' - run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev - - name: Set up environment - run: echo "GOVERSION=$(go version)" >> $GITHUB_ENV - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - with: - version: latest - args: release --rm-dist --config .goreleaser.${{ matrix.os }}.yml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index cdfa1e2..ed6e03e 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,16 +1,21 @@ -name: Test -on: pull_request +name: test +on: + pull_request: + branches: + - main +permissions: {} jobs: - go-test: + test-go: + permissions: + contents: read runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + ref: ${{ github.event.pull_request.head.sha }} + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - name: Install Dependencies run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev - - name: Run Tests - run: go test -v ./... + - run: go test -v ./... diff --git a/.github/workflows/user-documentation.yaml b/.github/workflows/user-documentation.yaml index cc56782..db8d7ce 100644 --- a/.github/workflows/user-documentation.yaml +++ b/.github/workflows/user-documentation.yaml @@ -1,36 +1,30 @@ name: User Documentation - on: pull_request: push: branches: - main # Set a branch to deploy - jobs: deploy: runs-on: ubuntu-latest concurrency: group: ${{ github.workflow }}-${{ github.ref }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - - name: Setup Hugo - uses: peaceiris/actions-hugo@v3 + uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: hugo-version: '0.123.8' extended: true - - name: Setup Node uses: actions/setup-node@v4 with: node-version: 20 - - run: cd docs && npm install postcss-cli autoprefixer && hugo --minify - - name: Deploy - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 if: ${{ github.ref == 'refs/heads/main' }} with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 6456791..7e275b7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ -/piv-agent +/dist +/cover.out +/cover.out.raw +/sbom.spdx.json diff --git a/.goreleaser.macos-latest.yaml b/.goreleaser.macos-latest.yaml new file mode 100644 index 0000000..55005b8 --- /dev/null +++ b/.goreleaser.macos-latest.yaml @@ -0,0 +1,35 @@ +version: 2 +archives: +- files: + - deploy/launchd + - LICENSE + - README.md + +builds: +- id: piv-agent + binary: piv-agent + main: ./cmd/piv-agent + ldflags: + - > + -s -w + -X "main.commit={{.Commit}}" + -X "main.date={{.Date}}" + -X "main.projectName={{.ProjectName}}" + -X "main.version=v{{.Version}}" + env: + - CGO_ENABLED=1 + goos: + - darwin + goarch: + - amd64 + +changelog: + use: github-native + +checksum: + name_template: "{{ .ProjectName }}_{{ .Version }}_darwin_checksums.txt" + +release: + extra_files: + - glob: "{{ .Env.GITHUB_SBOM_PATH }}" + name_template: "{{ .ProjectName }}.v{{ .Version }}.sbom.darwin.spdx.json" diff --git a/.goreleaser.macos-latest.yml b/.goreleaser.macos-latest.yml deleted file mode 100644 index c8906e7..0000000 --- a/.goreleaser.macos-latest.yml +++ /dev/null @@ -1,17 +0,0 @@ -archives: -- files: - - deploy/launchd - - LICENSE - - README.md -builds: -- dir: cmd/piv-agent - goos: - - darwin - goarch: - - amd64 - ldflags: - - > - -s -w -X main.date={{.Date}} -X "main.goVersion={{.Env.GOVERSION}}" - -X main.shortCommit={{.ShortCommit}} -X main.version={{.Version}} -checksum: - name_template: "{{ .ProjectName }}_{{ .Version }}_darwin_checksums.txt" diff --git a/.goreleaser.ubuntu-latest.yaml b/.goreleaser.ubuntu-latest.yaml new file mode 100644 index 0000000..ee274bc --- /dev/null +++ b/.goreleaser.ubuntu-latest.yaml @@ -0,0 +1,35 @@ +version: 2 +archives: +- files: + - deploy/systemd + - LICENSE + - README.md + +builds: +- id: piv-agent + binary: piv-agent + main: ./cmd/piv-agent + ldflags: + - > + -s -w + -X "main.commit={{.Commit}}" + -X "main.date={{.Date}}" + -X "main.projectName={{.ProjectName}}" + -X "main.version=v{{.Version}}" + env: + - CGO_ENABLED=1 + goos: + - linux + goarch: + - amd64 + +changelog: + use: github-native + +checksum: + name_template: "{{ .ProjectName }}_{{ .Version }}_linux_checksums.txt" + +release: + extra_files: + - glob: "{{ .Env.GITHUB_SBOM_PATH }}" + name_template: "{{ .ProjectName }}.v{{ .Version }}.sbom.linux.spdx.json" diff --git a/.goreleaser.ubuntu-latest.yml b/.goreleaser.ubuntu-latest.yml deleted file mode 100644 index 0226887..0000000 --- a/.goreleaser.ubuntu-latest.yml +++ /dev/null @@ -1,17 +0,0 @@ -archives: -- files: - - deploy/systemd - - LICENSE - - README.md -builds: -- dir: cmd/piv-agent - goos: - - linux - goarch: - - amd64 - ldflags: - - > - -s -w -X main.date={{.Date}} -X "main.goVersion={{.Env.GOVERSION}}" - -X main.shortCommit={{.ShortCommit}} -X main.version={{.Version}} -checksum: - name_template: "{{ .ProjectName }}_{{ .Version }}_linux_checksums.txt" diff --git a/Dockerfile b/Dockerfile index 04e1da3..14c5cae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,4 +7,4 @@ RUN apt-get update \ && curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh WORKDIR /src COPY . . -RUN goreleaser build --snapshot --rm-dist --config .goreleaser.ubuntu-latest.yml +RUN goreleaser build --snapshot --rm-dist --config .goreleaser.ubuntu-latest.yaml diff --git a/commitlint.config.js b/commitlint.config.js deleted file mode 100644 index 252a9ad..0000000 --- a/commitlint.config.js +++ /dev/null @@ -1,15 +0,0 @@ -const Configuration = { - /* - * Resolve and load @commitlint/config-conventional from node_modules. - * Referenced packages must be installed - */ - extends: ['@commitlint/config-conventional'], - /* - * Any rules defined here will override rules from @commitlint/config-conventional - */ - rules: { - 'body-max-line-length': [1, 'always', 80], - }, -}; - -module.exports = Configuration; From c5225e85bd5065b37613b056528625304de55305 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 28 Jun 2024 21:21:15 +0800 Subject: [PATCH 2/2] fix: minor style issues found by linter --- internal/assuan/assuan.go | 2 +- internal/assuan/assuan_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/assuan/assuan.go b/internal/assuan/assuan.go index b4aeb6c..2b802c2 100644 --- a/internal/assuan/assuan.go +++ b/internal/assuan/assuan.go @@ -255,7 +255,7 @@ func New(rw io.ReadWriter, log *zap.Logger, n *notify.Notify, return fmt.Errorf("invalid ciphertext format") } var plaintext, ciphertext []byte - ciphertext = bytes.Join(chunks[:], []byte("\n")) + ciphertext = bytes.Join(chunks, []byte("\n")) plaintext, err = assuan.decrypter.Decrypt(nil, ciphertext, nil) if err != nil { return fmt.Errorf("couldn't decrypt: %v", err) diff --git a/internal/assuan/assuan_test.go b/internal/assuan/assuan_test.go index e46ebce..bf37777 100644 --- a/internal/assuan/assuan_test.go +++ b/internal/assuan/assuan_test.go @@ -358,7 +358,7 @@ func TestDecryptRSAKeyfile(t *testing.T) { } // check the responses for _, expected := range tc.expect { - //spew.Dump(mockConn.WriteBuf.String()) + // spew.Dump(mockConn.WriteBuf.String()) line, err := mockConn.WriteBuf.ReadString(byte('\n')) if err != nil && err != io.EOF { tt.Fatal(err) @@ -453,7 +453,7 @@ func TestSignRSAKeyfile(t *testing.T) { } // check the responses for _, expected := range tc.expect { - //spew.Dump(mockConn.WriteBuf.String()) + // spew.Dump(mockConn.WriteBuf.String()) line, err := mockConn.WriteBuf.ReadString(byte('\n')) if err != nil && err != io.EOF { tt.Fatal(err)