From 2a6e8871672aa03b1e3970a92e169a545f127b13 Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Fri, 27 Jul 2018 14:41:45 +0200 Subject: [PATCH] Use the goreleaser tool to perform releases --- .gitignore | 1 + .goreleaser.yml | 17 +++++++++++++++++ Dockerfile | 2 +- Makefile | 32 ++++++++++++++------------------ README.md | 27 ++++++++++++++------------- 5 files changed, 47 insertions(+), 32 deletions(-) create mode 100644 .goreleaser.yml diff --git a/.gitignore b/.gitignore index cbdc5a71bc..ee144d51b8 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,7 @@ _obj _test vendor +dist # Architecture specific extensions/prefixes *.[568vq] diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000000..3112dc8ded --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,17 @@ +builds: + - main : ./cmd/gosec/ + binary: gosec + goos: + - darwin + - linux + - windows + goarch: + - amd64 + ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}} + env: + - CGO_ENABLED=0 + +archive: + files: + - README.md + - LICENSE.txt diff --git a/Dockerfile b/Dockerfile index e2ff565ec4..a4cfb40f02 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM golang:1.9.4-alpine3.7 ENV BIN=gosec -COPY build/*-linux-amd64 /go/bin/$BIN +COPY dist/linux_amd64/$BIN /go/bin/$BIN COPY docker-entrypoint.sh /usr/local/bin ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Makefile b/Makefile index fc6002ba4b..644a8a02c6 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,5 @@ GIT_TAG?= $(shell git describe --always --tags) -BUILD_DATE = $(shell date +%Y-%m-%d) BIN = gosec -BUILD_CMD = go build -ldflags "-X main.Version=${VERSION} -X main.GitTag=${GIT_TAG} -X main.BuildDate=${BUILD_DATE}" -o build/$(BIN)-$(VERSION)-$${GOOS}-$${GOARCH} ./cmd/gosec/ & FMT_CMD = $(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr) IMAGE_REPO = docker.io @@ -9,40 +7,38 @@ default: $(MAKE) bootstrap $(MAKE) build +bootstrap: + dep ensure + test: bootstrap test -z '$(FMT_CMD)' go vet $(go list ./... | grep -v /vendor/) golint -set_exit_status $(shell go list ./... | grep -v vendor) gosec ./... ginkgo -r -v -bootstrap: - dep ensure + build: go build -o $(BIN) ./cmd/gosec/ + clean: - rm -rf build vendor + rm -rf build vendor dist rm -f release image bootstrap $(BIN) + release: bootstrap -ifndef VERSION - $(error VERSION flag is not set. Run 'make release VERSION='.) -endif - @echo "Running build command..." - bash -c '\ - export GOOS=linux; export GOARCH=amd64; export CGO_ENABLED=0; $(BUILD_CMD) \ - wait \ - ' - touch release + @echo "Releasing the gosec binary..." + goreleaser release image: release @echo "Building the Docker image..." - docker build -t $(IMAGE_REPO)/$(BIN):$(VERSION) . - docker tag $(IMAGE_REPO)/$(BIN):$(VERSION) $(IMAGE_REPO)/$(BIN):latest + docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) . + docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest touch image image-push: image @echo "Pushing the Docker image..." - docker push $(IMAGE_REPO)/$(BIN):$(VERSION) + +docker push $(IMAGE_REPO)/$(BIN):$(GIT_TAG) docker push $(IMAGE_REPO)/$(BIN):latest -.PHONY: test build clean image-push +.PHONY: test build clean release image image-push diff --git a/README.md b/README.md index 830d3304fe..95ecc28af2 100644 --- a/README.md +++ b/README.md @@ -143,34 +143,35 @@ make test #### Release Build -gosec can be released as follows: +Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows: +git tag 1.0.0 +export GITHUB_TOKEN= +make release -```bash -make release VERSION=2.0.0 -``` - -The released version of the tool is available in the `build` folder. The build information should be displayed in the usage text. +The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text. ``` -./build/gosec-2.0.0-linux-amd64 -h - +./dist/darwin_amd64/gosec -h gosec - Golang security checker gosec analyzes Go source code to look for common programming mistakes that can lead to security problems. -VERSION: 2.0.0 -GIT TAG: 96489ff -BUILD DATE: 2018-02-21 - +VERSION: 1.0.0 +GIT TAG: 1.0.0 +BUILD DATE: 2018-04-27T12:41:38Z ``` +Note that all released archives are also uploaded to GitHub. + #### Docker image You can execute a release and build the docker image as follows: ``` -make image VERSION=2.0.0 +git tag +export GITHUB_TOKEN= +make image ``` Now you can run the gosec tool in a container against your local workspace: