Merge branch 'master' into build_docker

Author: dklimpel

.codeclimate.yml

@@ -6,8 +6,6 @@ checks:
 plugins:
   gofmt:
     enabled: true
-  golint:
-    enabled: true
   govet:
     enabled: true
 

.github/dependabot.yml

@@ -13,3 +13,14 @@ updates:
       - "aelsabbahy"
     open-pull-requests-limit: 0
 
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "saturday"
+
+  - package-ecosystem: "pip"
+    directory: "/docs"
+    schedule:
+      interval: "weekly"
+      day: "saturday"

.github/workflows/docker-goss.yaml

@@ -0,0 +1,98 @@
+name: Docker image for Goss
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  PLATFORMS: "linux/amd64,linux/arm64"
+
+jobs:
+  goss:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      security-events: write # To upload Trivy sarif files
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/goss
+
+      - name: Get latest git tag
+        uses: actions-ecosystem/action-get-latest-tag@v1
+        id: get-latest-tag
+
+      - name: Set short git commit SHA
+        run: |
+          calculatedSha=$(git rev-parse --short ${{ github.sha }})
+          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
+
+      - name: Get the current version of Go from project.
+        run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV
+
+      - name: Build master goss image
+        if: github.ref_name == 'master'
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:master
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Build release goss image
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ github.ref_name }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:latest
+            ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ghcr.io/${{ github.repository_owner }}/goss:master
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"

.github/workflows/docs.yaml

@@ -7,7 +7,7 @@ on:
   pull_request:
     paths:
       - mkdocs.yml
-      - docs/
+      - docs/**
       - README.md
       - LICENSE
       - extras/**/README.md
@@ -20,28 +20,31 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: DavidAnson/markdownlint-cli2-action@v13
+      - uses: DavidAnson/markdownlint-cli2-action@v16
         with:
           globs: |
             docs/**/*.md
+            README.md
+            extras/**/README.md
+            .github/CONTRIBUTING.md
 
   build:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
-          python-version: "3.11"
+          python-version: "3.12"
           cache: 'pip'
       - name: Install dependencies
         run: |
           pip install --upgrade pip
-          pip install --requirement docs/requirements.pip
+          pip install --requirement docs/requirements.txt
       - name: Build documentation
         run: mkdocs build
       # To remove if not using github pages
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v2
+        uses: actions/upload-pages-artifact@v3
         with:
           path: site

.github/workflows/golangci-lint.yaml

@@ -0,0 +1,26 @@
+name: Golang ci
+on:
+  # don't build any branch other than master (and prs) when git pushed
+  pull_request: {}
+  push:
+    branches:
+      - master
+      - "/^v\\d+\\.\\d+(\\.\\d+)?(-\\S*)?$/"
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59

.github/workflows/preview-docs.yaml

@@ -5,7 +5,7 @@ on:
       - opened
     paths:
       - mkdocs.yml
-      - docs/
+      - docs/**
       - README.md
       - LICENSE
       - extras/**/README.md

.golangci.yaml

@@ -0,0 +1,16 @@
+linters:
+  # Disable all linters.
+  # Default: false
+  disable-all: true
+  # Enable specific linter
+  # https://golangci-lint.run/usage/linters/#enabled-by-default
+  enable:
+    # default linter
+    # - errcheck # there are to many failures at the moment
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    # custom linter
+    - gofmt

.readthedocs.yaml

@@ -16,4 +16,4 @@ mkdocs:
 # Optionally declare the Python requirements required to build your docs
 python:
   install:
-  - requirements: docs/requirements.pip
+  - requirements: docs/requirements.txt

Dockerfile

@@ -0,0 +1,19 @@
+ARG GO_VERSION=1.21
+
+FROM docker.io/golang:${GO_VERSION}-alpine AS base
+
+ARG GOSS_VERSION=v0.0.0
+WORKDIR /build
+
+RUN --mount=target=. \
+    CGO_ENABLED=0 go build \
+    -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \
+    -o "/release/goss" \
+    ./cmd/goss
+
+FROM alpine:3.19
+
+COPY --from=base /release/* /usr/bin/
+
+RUN mkdir /goss
+VOLUME /goss

Makefile

@@ -35,10 +35,10 @@ htmlcov:
 	go test -v -coverpkg=./... -coverprofile=c.out ./...
 	go tool cover -html ./c.out
 
-
 lint:
 	$(info INFO: Starting build $@)
-	golint $(pkgs) || true
+	go install github.com/golangci/golangci-lint/cmd/[email protected]
+	golangci-lint run --timeout 5m $(pkgs) || true
 
 vet:
 	$(info INFO: Starting build $@)
@@ -140,10 +140,10 @@ $(PYTHON):
 	$(info Creating virtualenv in $(VENV))
 	@python -m venv $(VENV)
 
-$(DOCS_DEPS): $(PYTHON) docs/requirements.pip
+$(DOCS_DEPS): $(PYTHON) docs/requirements.txt
 	$(info Installing dependencies)
 	@pip install --upgrade pip
-	@pip install --requirement docs/requirements.pip
+	@pip install --requirement docs/requirements.txt
 	@touch $(DOCS_DEPS)
 
 docs/setup: $(DOCS_DEPS)