fix: address linters

fix: add custom binary

Author: dnitsch

.github/workflows/ci.yml

@@ -27,47 +27,45 @@ jobs:
       - name: Set SemVer Version
         uses: gittools/actions/gitversion/execute@v1
         id: gitversion
+
   pr:
     runs-on: ubuntu-latest
-    container:
-      image: golang:1.24-bookworm
     needs: set-version
     env:
       REVISION: $GITHUB_SHA
       SEMVER: ${{ needs.set-version.outputs.semVer }}
     steps:
       - uses: actions/checkout@v4
-      - name: install deps
+
+      - uses: ensono/actions/[email protected]
+        with: 
+          version: latest
+          isPrerelease: false
+
+      - name: prep-git
         run: |
-          # Chromium dependencies
-          apt-get update && apt-get install -y jq git \
-          zip unzip \
-          libnss3 \
-          libxss1 \
-          libasound2 \
-          libxtst6 \
-          libgtk-3-0 \
-          libgbm1 \
-          ca-certificates
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
           git config user.email ${{ github.actor }}[email protected]
           git config user.name ${{ github.actor }}
-      - name: make test 
+      - name: Run linters 
         run: |
-          make REVISION=$GITHUB_SHA test
+          eirctl run vuln:check
+      - name: Unit Tests
+        run: |
+          eirctl run test:unit
+
       - name: Publish Junit style Test Report
         uses: mikepenz/action-junit-report@v3
         if: always() # always run even if the previous step fails
         with:
           report_paths: '**/report-junit.xml'
-      - name: Analyze with SonarCloud         
-        # You can pin the exact commit or the version.
-        uses: SonarSource/sonarcloud-github-action@master
+
+      - name: Analyze with SonarCloud
+        uses: SonarSource/sonarqube-scan-action@v5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}   # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
         with:
-          args:             
+          projectBaseDir: .
+          args: >
             -Dsonar.projectVersion=${{ needs.set-version.outputs.semVer }}
-            -Dsonar.go.coverage.reportPaths=/github/workspace/.coverage/out
-            -Dsonar.go.tests.reportPaths=/github/workspace/.coverage/report-junit.xml

.github/workflows/release.yml

@@ -64,6 +64,7 @@ jobs:
       - name: release binary
         run: |
           make REVISION=$GITHUB_SHA GIT_TAG=${SEMVER} PAT=${{ secrets.GITHUB_TOKEN }} cross-build
+
       - name: Release
         uses: softprops/[email protected]
         with:
@@ -72,4 +73,4 @@ jobs:
           generate_release_notes: true
           token: ${{ secrets.GITHUB_TOKEN }}
           files: ./dist/*
-          prerelease: false
+          prerelease: true

aws-cli-auth.go

@@ -13,9 +13,18 @@ import (
 func main() {
 	ctx, stop := signal.NotifyContext(context.Background(), []os.Signal{os.Interrupt, syscall.SIGTERM, os.Kill}...)
 	defer stop()
+
+	go func() {
+		<-ctx.Done()
+		stop()
+		log.Printf("\x1b[31minterrupted: %s\x1b[0m", ctx.Err())
+		os.Exit(0)
+	}()
+
 	c := cmd.New()
 	c.WithSubCommands(cmd.SubCommands()...)
+
 	if err := c.Execute(ctx); err != nil {
-		log.Fatalf("\x1b[31maws-cli-auth err:\n%s\x1b[0m", err)
+		log.Fatalf("\x1b[31m%s\x1b[0m", err)
 	}
 }

cmd/awscliauth.go

@@ -59,7 +59,7 @@ Stores them under the $HOME/.aws/credentials file under a specified path or retu
 	r.Cmd.PersistentFlags().IntVarP(&rf.duration, "max-duration", "d", 900, `Override default max session duration, in seconds, of the role session [900-43200]. 
 NB: This cannot be higher than the 3600 as the API does not allow for AssumeRole for sessions longer than an hour`)
 	r.Cmd.PersistentFlags().BoolVarP(&rf.verbose, "verbose", "v", false, "Verbose output")
-	r.dataDirInit()
+	_ = r.dataDirInit()
 	return r
 }
 

cmd/clear.go

@@ -6,7 +6,6 @@ import (
 	"os/user"
 
 	"github.com/DevLabFoundry/aws-cli-auth/internal/credentialexchange"
-	"github.com/DevLabFoundry/aws-cli-auth/internal/web"
 	"github.com/spf13/cobra"
 )
 
@@ -21,8 +20,7 @@ func newClearCmd(r *Root) {
 		Use:   "clear-cache <flags>",
 		Short: "Clears any stored credentials in the OS secret store",
 		Long: `Clears any stored credentials in the OS secret store
-
-NB: Occassionally you may encounter a hanging chromium processes if not using own browser binary, you should kill all the instances of the chromium PIDs`,
+		NB: Occassionally you may encounter a hanging chromium processes, you should kill all the instances of the chromium (or if using own browser binary) PIDs`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			user, err := user.Current()
 			if err != nil {
@@ -40,11 +38,7 @@ NB: Occassionally you may encounter a hanging chromium processes if not using ow
 			}
 
 			if flags.force {
-				w := &web.Web{}
-				if err := w.ForceKill(r.Datadir); err != nil {
-					return err
-				}
-				fmt.Fprint(os.Stderr, "Chromium Cache cleared")
+				fmt.Fprint(os.Stderr, "delete ~/.aws-cli-auth-data/ manually")
 			}
 
 			if err := secretStore.ClearAll(); err != nil {

cmd/saml.go

@@ -133,7 +133,7 @@ func newSamlCmd(r *Root) {
 	sc.cmd.PersistentFlags().StringVarP(&flags.providerUrl, "provider", "p", "", `Saml Entity StartSSO Url.
 This is the URL your Idp will make the first call to e.g.: https://company-xyz.okta.com/home/amazon_aws/12345SomeRandonId6789
 `)
-	sc.cmd.MarkPersistentFlagRequired("provider")
+	_ = sc.cmd.MarkPersistentFlagRequired("provider")
 	sc.cmd.PersistentFlags().StringVarP(&flags.principalArn, "principal", "", "", `Principal Arn of the SAML IdP in AWS
 You should find it in the IAM portal e.g.: arn:aws:iam::1234567891012:saml-provider/MyCompany-Idp
 `)

cmd/specific.go

@@ -75,6 +75,6 @@ Returns the same JSON object as the call to the AWS CLI for any of the sts Assum
 
 	cmd.PersistentFlags().StringVarP(&flags.method, "method", "m", "WEB_ID", "Runs a specific credentialProvider as opposed to relying on the default chain provider fallback")
 	cmd.PersistentFlags().StringVarP(&flags.role, "role", "r", "", `Set the role you want to assume when SAML or OIDC process completes`)
-	cmd.MarkPersistentFlagRequired("role")
+	_ = cmd.MarkPersistentFlagRequired("role")
 	r.Cmd.AddCommand(cmd)
 }

eirctl.yaml

@@ -1,5 +1,5 @@
 import:
-  - https://raw.githubusercontent.com/Ensono/eirctl/refs/heads/main/shared/build/go/eirctl.yaml
+  - https://raw.githubusercontent.com/Ensono/eirctl/e71dd9d66293e27e70fd0620e63a6d627579c060/shared/build/go/eirctl.yaml
 
 contexts:
   unit:test:
@@ -13,14 +13,29 @@ contexts:
       exclude:
         - HOME
         - GO
+        - TMP
 
 pipelines:
   unit:test:run:
     - task: unit:test:prereqs
     - task: unit:test
       depends_on: unit:test:prereqs
 
+  release:
+    - task: clean:dir
+    - task: build
+      depends_on: clean:dir
+
 tasks:
+  tag:
+    command: 
+      - |
+        git tag -a ${VERSION} -m "ci tag release" ${REVISION}
+        git push origin ${VERSION}
+    required:
+      env:
+        - VERSION
+        - REVISION
   unit:test:
     context: unit:test
     description: |
@@ -41,3 +56,71 @@ tasks:
         go install github.com/jstemmer/[email protected]
         go install github.com/axw/gocov/[email protected]
         go install github.com/AlekSi/[email protected]
+
+  clean:dir:
+    command: 
+      - |
+        rm -rf dist/
+
+  build:
+    context: go1x
+    description: Builds Go binary
+    command:
+      - |
+        mkdir -p .deps
+        ldflags="-s -w -X \"github.com/{{.RepoOwner}}/{{.BinName}}/cmd.Version={{.Version}}\" -X \"github.com/{{.RepoOwner}}/{{.BinName}}/cmd.Revision={{.Revision}}\" -extldflags -static"
+        CGO_ENABLED=0 GOPATH=$PWD/.deps GOOS=${BUILD_GOOS} go build -mod=readonly -buildvcs=false -ldflags="$ldflags" -o dist/{{.BinName}}-${BUILD_GOOS}${BUILD_GOARCH}${BINARY_SUFFIX} .
+    variations:
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: amd64
+        BINARY_SUFFIX: ""
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: "386"
+        BINARY_SUFFIX: ""
+      - BUILD_GOOS: darwin
+        BUILD_GOARCH: ""
+        BINARY_SUFFIX: ""
+      - BUILD_GOOS: linux
+        BUILD_GOARCH: ""
+        BINARY_SUFFIX: ""
+    variables:
+      RepoOwner: DevLabFoundry
+      BinName: aws-cli-auth
+
+  build:arch:
+    context: go1x
+    description: Builds Go binary per architecture
+    command:
+      - |
+        mkdir -p .deps
+        ldflags="-s -w -X \"github.com/{{.RepoOwner}}/{{.BinName}}/cmd.Version={{.Version}}\" -X \"github.com/{{.RepoOwner}}/{{.BinName}}/cmd.Revision={{.Revision}}\" -extldflags -static"
+        CGO_ENABLED=0 GOPATH=$PWD/.deps GOOS=${BUILD_GOOS} GOARCH=${BUILD_GOARCH} go build -mod=readonly -buildvcs=false -ldflags="$ldflags" -o dist/{{.BinName}}-${BUILD_GOOS}-${BUILD_GOARCH}${BINARY_SUFFIX} cmd/main.go
+    variations:
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: amd64
+        BINARY_SUFFIX: .exe
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: "386"
+        BINARY_SUFFIX: .exe
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: arm64
+        BINARY_SUFFIX: .exe
+      - BUILD_GOOS: darwin
+        BUILD_GOARCH: amd64
+        BINARY_SUFFIX: ""
+      - BUILD_GOOS: darwin
+        BUILD_GOARCH: arm64
+        BINARY_SUFFIX: ""
+      - BUILD_GOOS: linux
+        BUILD_GOARCH: arm64
+        BINARY_SUFFIX: ""
+      - BUILD_GOOS: linux
+        BUILD_GOARCH: amd64
+        BINARY_SUFFIX: ""
+    variables:
+      RepoOwner: DevLabFoundry
+      BinName: aws-cli-auth
+
+  build:container:
+    description: Builds the docker image
+    command: docker build --build-arg Version={{.Version}} --build-arg Revision={{.Revision}} -t eirctl:{{.Version}} .

go.mod

@@ -8,7 +8,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.38.0
 	github.com/aws/smithy-go v1.22.5
 	github.com/go-rod/rod v0.116.2
-	github.com/mitchellh/go-ps v1.0.0
 	github.com/spf13/cobra v1.9.1
 	github.com/werf/lockgate v0.1.1
 	github.com/zalando/go-keyring v0.2.6

go.sum

@@ -43,8 +43,6 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
-github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -63,8 +61,6 @@ github.com/werf/lockgate v0.1.1 h1:S400JFYjtWfE4i4LY9FA8zx0fMdfui9DPrBiTciCrx4=
 github.com/werf/lockgate v0.1.1/go.mod h1:0yIFSLq9ausy6ejNxF5uUBf/Ib6daMAfXuCaTMZJzIE=
 github.com/ysmood/fetchup v0.3.0 h1:UhYz9xnLEVn2ukSuK3KCgcznWpHMdrmbsPpllcylyu8=
 github.com/ysmood/fetchup v0.3.0/go.mod h1:hbysoq65PXL0NQeNzUczNYIKpwpkwFL4LXMDEvIQq9A=
-github.com/ysmood/fetchup v0.5.2 h1:P9w3OIA7RSNEEFvEmOiTq09IOu42C96PMyZ1MWd8TAs=
-github.com/ysmood/fetchup v0.5.2/go.mod h1:yCv8s8itjsCul1LGXJ1Q+8EQnZcVjfbZ4+l1zDm4StE=
 github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ=
 github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18=
 github.com/ysmood/gop v0.2.0 h1:+tFrG0TWPxT6p9ZaZs+VY+opCvHU8/3Fk6BaNv6kqKg=