Upgrade Go to 1.25.3 and refresh dependencies

.github/workflows/CI.yml

@@ -14,12 +14,12 @@ jobs:
 
     steps:
       - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
-          go-version: ^1.18
+          go-version: '1.25.5'
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 1
           ref: ${{ github.event.pull_request.head.sha }}

.github/workflows/release.yml

@@ -13,15 +13,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
           submodules: 'true'
 
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: 1.21
+          go-version: '1.25.5'
 
       - name: Setup environment variables
         run: |-

Makefile

@@ -1,5 +1,5 @@
 PACKAGE_NAME          := github.com/deepsourcelabs/cli
-GOLANG_CROSS_VERSION  ?= v1.21.6
+GOLANG_CROSS_VERSION  ?= v1.25.3
 
 SYSROOT_DIR     ?= sysroots
 SYSROOT_ARCHIVE ?= sysroots.tar.bz2

README.md

@@ -41,6 +41,27 @@ This script will detect the operating system and architecture and puts deepsourc
 In order to report test-coverage to DeepSource using the `report` command, an environment variable named as `DEEPSOURCE_DSN` has to
 be set. It's value will be available under 'Settings' tab of the repository page.
 
+## Authentication
+
+Log in to DeepSource using the CLI:
+
+```sh
+# Browser-based login (interactive)
+deepsource auth login
+
+# Token-based login (for CI/CD or non-interactive environments)
+deepsource auth login --with-token
+
+# For DeepSource Enterprise instances
+deepsource auth login --hostname HOSTNAME
+```
+
+For GitHub Actions, the `report` command supports [OIDC authentication](https://docs.deepsource.com/docs/guides/setup-test-coverage#with-github-actions-ci-using-oidc):
+
+```sh
+deepsource report --analyzer test-coverage --key go --value-file ./cover.out --use-oidc
+```
+
 ## Usage
 
 The CLI provides access to a wide range of commands. Here is a list of the
@@ -51,11 +72,23 @@ Usage:
     deepsource <command> [<arguments>]
 
 Available commands are:
-    report      Report an artifact to an analyzer
+    auth        Authenticate with DeepSource
+      login       Log in to DeepSource
+      logout      Logout of your account
+      refresh     Refresh authentication credentials
+      status      View authentication status
+
     config      Generate and Validate DeepSource config
-    help        Help about any command
-    issues      Show the list of issues in a file in a repository
-    repo        Operations related to the project repository
+      generate    Generate .deepsource.toml config
+      validate    Validate existing config
+
+    issues      Show the list of issues in a repository
+      list        List issues (supports --json, --csv, --sarif export)
+
+    repo        Operations related to the repository
+      status      View activation status
+      view        Open DeepSource dashboard in browser
+
     report      Report artifacts to DeepSource
     version     Get the version of the DeepSource CLI
 

command/auth/login/login.go

@@ -9,6 +9,14 @@ import (
 	"github.com/spf13/cobra"
 )
 
+// Function variables for testing
+var (
+	getConfigFn          = config.GetConfig
+	confirmFromUserFn    = utils.ConfirmFromUser
+	selectFromOptionsFn  = utils.SelectFromOptions
+	getSingleLineInputFn = utils.GetSingleLineInput
+)
+
 var accountTypes = []string{"DeepSource (deepsource.io)", "DeepSource Enterprise"}
 
 // LoginOptions hold the metadata related to login operation
@@ -48,7 +56,7 @@ func NewCmdLogin() *cobra.Command {
 		Short: "Log in to DeepSource using Command Line Interface",
 		Long:  doc,
 		Args:  utils.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, _ []string) error {
 			return opts.Run()
 		},
 	}
@@ -64,7 +72,7 @@ func NewCmdLogin() *cobra.Command {
 // Run executes the auth command and starts the login flow if not already authenticated
 func (opts *LoginOptions) Run() (err error) {
 	// Fetch config
-	cfg, _ := config.GetConfig()
+	cfg, _ := getConfigFn()
 	opts.User = cfg.User
 	opts.TokenExpired = cfg.IsExpired()
 
@@ -92,7 +100,7 @@ func (opts *LoginOptions) Run() (err error) {
 	if !opts.TokenExpired {
 		// The user is already logged in, confirm re-authentication.
 		msg := fmt.Sprintf("You're already logged into DeepSource as %s. Do you want to re-authenticate?", opts.User)
-		response, err := utils.ConfirmFromUser(msg, "")
+		response, err := confirmFromUserFn(msg, "")
 		if err != nil {
 			return fmt.Errorf("Error in fetching response. Please try again.")
 		}
@@ -121,13 +129,13 @@ func (opts *LoginOptions) handleInteractiveLogin() error {
 	hostPromptHelpText := "The hostname of the DeepSource instance to authenticate with"
 
 	// Display prompt to user
-	loginType, err := utils.SelectFromOptions(loginPromptMessage, loginPromptHelpText, accountTypes)
+	loginType, err := selectFromOptionsFn(loginPromptMessage, loginPromptHelpText, accountTypes)
 	if err != nil {
 		return err
 	}
 	// Prompt the user for hostname only in the case of on-premise
 	if loginType == "DeepSource Enterprise" {
-		opts.HostName, err = utils.GetSingleLineInput(hostPromptMessage, hostPromptHelpText)
+		opts.HostName, err = getSingleLineInputFn(hostPromptMessage, hostPromptHelpText)
 		if err != nil {
 			return err
 		}