fix: add lints and coverage tests

.github/workflows/build.yml

@@ -2,12 +2,15 @@ name: CI
 
 on:
   push:
-    branches: [ master, main ]
+    branches: [master, main]
   pull_request:
-    branches: [ master, main ]
+    branches: [master, main]
 
 permissions:
+  contents: write
+  statuses: write
   checks: write
+  pull-requests: write
 
 jobs:
   set-version:
@@ -29,7 +32,7 @@ jobs:
       - name: Install GitVersion
         uses: gittools/actions/gitversion/[email protected]
         with:
-          versionSpec: '5.x'
+          versionSpec: "5.x"
       - name: Set SemVer Version
         uses: gittools/actions/gitversion/[email protected]
         id: gitversion
@@ -38,6 +41,7 @@ jobs:
         run: |
           echo "REVISION  -> $GITHUB_SHA"
           echo "VERSION -> $GITVERSION_SEMVER"
+
   test:
     runs-on: ubuntu-latest
     needs: set-version
@@ -49,36 +53,36 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 1
+
       - name: Install Eirctl
         uses: ensono/actions/[email protected]
-        with: 
-          version: 0.7.6
+        with:
+          version: 0.9.3
           isPrerelease: false
 
       - name: Run Lint
         run: |
-          eirctl run pipeline lint
+          eirctl run pipeline lints
       - name: Run Tests
         run: |
-          eirctl run pipeline test
-          ls -alt .coverage/out
-          ls -lat .coverage/report-junit.xml
+          eirctl run pipeline gha:unit:test
+
       - name: Publish Junit style Test Report
         uses: mikepenz/action-junit-report@v4
         if: always() # always run even if the previous step fails
         with:
-          report_paths: '**/.coverage/report-junit.xml'
+          report_paths: "**/.coverage/report-junit.xml"
+
       - name: Analyze with SonarCloud
-        # You can pin the exact commit or the version.
-        uses: SonarSource/[email protected]
+        uses: SonarSource/sonarqube-scan-action@v6
         env:
-          SEMVER: $SEMVER
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}   # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
+          # Needed to get PR information
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:
-          # Additional arguments for the sonarcloud scanner
-          # mandatory
+          projectBaseDir: .
           args: >
             -Dsonar.projectVersion=${{ needs.set-version.outputs.semVer }}
-            -Dsonar.go.coverage.reportPaths=.coverage/out
-            -Dsonar.go.tests.reportPaths=.coverage/report-junit.xml
+            -Dsonar.working.directory=.scannerwork
+            -Dsonar.scm.provider=git

.github/workflows/release_container.yml

@@ -0,0 +1,66 @@
+name: Publish Container
+
+on:
+  workflow_run:
+    workflows: ['Lint and Test']
+    types:
+      - completed
+    branches: 
+      - main
+
+permissions:
+  contents: write
+  packages: write 
+
+jobs:
+  set-version-tag:
+    if: ${{ github.event.workflow_run.head_branch == 'main' }}
+    runs-on: ubuntu-24.04
+    outputs:
+      semVer: ${{ steps.gitversion.outputs.semVer }}
+    steps:
+      - uses: actions/checkout@v4
+      # get version
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install GitVersion
+        uses: gittools/actions/gitversion/[email protected]
+        with:
+          versionSpec: '5.x'
+      - name: Set SemVer Version
+        uses: gittools/actions/gitversion/[email protected]
+        id: gitversion
+
+  build-and-push:
+    runs-on: ubuntu-latest
+    needs: set-version-tag
+    env:
+      SEMVER: ${{ needs.set-version-tag.outputs.semVer }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          # GITHUB_TOKEN is automatically provided in GitHub Actions
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU (for multi-arch builds, optional)
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          build-args: Version=${{ needs.set-version-tag.outputs.semVer }},Revision=${{ github.sha }}
+          tags: |
+            ghcr.io/ensono/eirctl:${{ needs.set-version-tag.outputs.semVer }}
+          platforms: linux/amd64,linux/arm64  # adjust as needed

.golangci.yaml

@@ -0,0 +1,42 @@
+version: "2"
+linters:
+  # Default set of linters.
+  # The value can be: `standard`, `all`, `none`, or `fast`.
+  # Default: standard
+  default: standard
+  exclusions:
+    generated: lax
+    # Log a warning if an exclusion rule is unused.
+    # Default: false
+    warn-unused: true
+    # Predefined exclusion rules.
+    # Default: []
+    presets:
+      - comments
+      - std-error-handling
+      - common-false-positives
+      - legacy
+    # Excluding configuration per-path, per-linter, per-text and per-source.
+    rules:
+      # Exclude some linters from running on tests files.
+      - path: _test\.go
+        linters:
+          - gocyclo
+          - errcheck
+          - dupl
+          - gosec
+          - ineffassign
+          - staticcheck
+          - unused
+          - govet
+      # Exclude some linters from running on examples files.
+      - path: examples/
+        linters:
+          - gocyclo
+          - errcheck
+          - dupl
+          - gosec
+          - ineffassign
+          - staticcheck
+          - unused
+          - govet

Dockerfile

@@ -0,0 +1,20 @@
+ARG Version
+ARG Revision
+
+FROM docker.io/golang:1-trixie AS builder
+
+ARG Version=0.0.1
+ARG Revision=beta01
+
+WORKDIR /app
+
+COPY ./ /app
+RUN CGO_ENABLED=0 go build -mod=readonly -buildvcs=false \
+    -ldflags="-s -w -X \"github.com/DevLabFoundry/configmanager/v2/cmd/configmanager.Version=${Version}\" -X \"github.com/DevLabFoundry/configmanager/v2/cmd/configmanager.Revision=${Revision}\" -extldflags -static" \
+    -o bin/configmanager cmd/main.go
+
+FROM docker.io/alpine:3
+
+COPY --from=builder /app/bin/configmanager /usr/bin/configmanager
+
+ENTRYPOINT ["configmanager"]

cmd/configmanager/fromfileinput.go

@@ -46,7 +46,7 @@ func newFromStrCmd(rootCmd *Root) {
 	inside a variable to be searched for tokens.
 	If value is a valid path it will open it if not it will accept the string as an input.
 	e.g. -i /some/file or -i $"(cat /som/file)", are both valid input values`)
-	fromstrCmd.MarkPersistentFlagRequired("input")
+	_ = fromstrCmd.MarkPersistentFlagRequired("input")
 	fromstrCmd.PersistentFlags().StringVarP(&f.path, "path", "p", "./app.env", `Path where to write out the
 	replaced a config/secret variables. Special value of stdout can be used to return the output to stdout e.g. -p stdout,
 	unix style output only`)

cmd/configmanager/insert.go

@@ -29,6 +29,6 @@ func newInsertCmd(rootCmd *Root) {
 		},
 	}
 	insertCmd.PersistentFlags().StringToStringVarP(&f.insertKv, "config-pair", "", defaultInsertKv, " token=value pair. This can be specified multiple times.")
-	insertCmd.MarkPersistentFlagRequired("config-pair")
+	_ = insertCmd.MarkPersistentFlagRequired("config-pair")
 	rootCmd.Cmd.AddCommand(insertCmd)
 }

cmd/configmanager/retrieve.go

@@ -35,7 +35,7 @@ func newRetrieveCmd(rootCmd *Root) {
 		},
 	}
 	retrieveCmd.PersistentFlags().StringArrayVarP(&f.tokens, "token", "t", []string{}, "Token pointing to a config/secret variable. This can be specified multiple times.")
-	retrieveCmd.MarkPersistentFlagRequired("token")
+	_ = retrieveCmd.MarkPersistentFlagRequired("token")
 	retrieveCmd.PersistentFlags().StringVarP(&f.path, "path", "p", "./app.env", "Path where to write out the replaced a config/secret variables. Special value of stdout can be used to return the output to stdout e.g. -p stdout, unix style output only")
 	rootCmd.Cmd.AddCommand(retrieveCmd)
 }