diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8fccb14..4376163 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -14,22 +14,23 @@ jobs: matrix: binary: - go-cli-github + - another-binary steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - run: echo "GOVERSION=$(go version)" >> "$GITHUB_ENV" - - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 id: goreleaser with: version: latest - args: build --clean --debug --single-target --snapshot + args: build --clean --verbose --single-target --snapshot - name: Login to GHCR if: github.actor != 'dependabot[bot]' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -56,11 +57,11 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - id: ccv - uses: smlx/ccv@c5f6769c943c082c4e8d8ccf2ec4b6f5f517e1f2 # v0.7.3 + uses: smlx/ccv@d3de774e9b607b079940a7a86952f44643743336 # v0.9.0 with: write-tag: false - run: | diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 3fc50e4..1ce55c8 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -10,8 +10,8 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - name: Calculate coverage diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 146894b..2c706e1 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -10,7 +10,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 with: config-file: .github/dependency-review-config.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 4a412bf..578f92f 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -10,11 +10,11 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - - uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # v5.1.0 + - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: args: --timeout=180s --enable gocritic lint-commits: @@ -23,7 +23,7 @@ jobs: pull-requests: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - uses: wagoid/commitlint-github-action@7f0a61df502599e1f1f50880aaa7ec1e2c0592f2 # v6.0.1 @@ -34,7 +34,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: docker://rhysd/actionlint:1.7.0@sha256:601d6faeefa07683a4a79f756f430a1850b34d575d734b1d1324692202bf312e # v1.7.0 with: args: -color diff --git a/.github/workflows/ossf-analysis.yaml b/.github/workflows/ossf-analysis.yaml index 2f49af8..0d6d3c5 100644 --- a/.github/workflows/ossf-analysis.yaml +++ b/.github/workflows/ossf-analysis.yaml @@ -14,9 +14,9 @@ jobs: # Needed for GitHub OIDC token if publish_results is true id-token: write steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Run analysis - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif @@ -26,6 +26,6 @@ jobs: # of the value entered here. publish_results: true - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4db6dc2..b564c60 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,12 +13,12 @@ jobs: outputs: new-tag: ${{ steps.ccv.outputs.new-tag }} steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: Bump tag if necessary id: ccv - uses: smlx/ccv@c5f6769c943c082c4e8d8ccf2ec4b6f5f517e1f2 # v0.7.3 + uses: smlx/ccv@d3de774e9b607b079940a7a86952f44643743336 # v0.9.0 release-build: permissions: # create release @@ -33,14 +33,14 @@ jobs: if: needs.release-tag.outputs.new-tag == 'true' runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - name: Login to GHCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -55,7 +55,7 @@ jobs: run: mv "$GITHUB_SBOM_PATH" ./sbom.spdx.json env: GITHUB_SBOM_PATH: ${{ steps.sbom.outputs.fileName }} - - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 id: goreleaser with: version: latest @@ -63,20 +63,32 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_SBOM_PATH: ./sbom.spdx.json + # attest archives + - uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0 + with: + subject-path: "dist/*.tar.gz" # parse artifacts to the format required for image attestation - run: | - echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.extra.Digest')" >> "$GITHUB_OUTPUT" - echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT" - id: image_metadata + echo "$ARTIFACTS" + echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("go-cli-github:v"))|.extra.Digest')" >> "$GITHUB_OUTPUT" + echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("go-cli-github:v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT" + id: image_metadata_go_cli_github + env: + ARTIFACTS: ${{steps.goreleaser.outputs.artifacts}} + - run: | + echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("another-binary:v"))|.extra.Digest')" >> "$GITHUB_OUTPUT" + echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("another-binary:v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT" + id: image_metadata_another_binary env: ARTIFACTS: ${{steps.goreleaser.outputs.artifacts}} - # attest archives - - uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2 - with: - subject-path: "dist/*.tar.gz" # attest images - - uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2 + - uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0 + with: + subject-digest: ${{steps.image_metadata_go_cli_github.outputs.digest}} + subject-name: ${{steps.image_metadata_go_cli_github.outputs.name}} + push-to-registry: true + - uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0 with: - subject-digest: ${{steps.image_metadata.outputs.digest}} - subject-name: ${{steps.image_metadata.outputs.name}} + subject-digest: ${{steps.image_metadata_another_binary.outputs.digest}} + subject-name: ${{steps.image_metadata_another_binary.outputs.name}} push-to-registry: true diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fee79fc..bcf70ee 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -10,10 +10,10 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: stable - run: go test -v ./... diff --git a/.goreleaser.yaml b/.goreleaser.yaml index de0f363..fa45a1b 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,5 +1,7 @@ +version: 2 builds: -- id: go-cli-github +- &buildDefinition + id: go-cli-github binary: go-cli-github main: ./cmd/go-cli-github ldflags: @@ -18,6 +20,10 @@ builds: goarch: - amd64 - arm64 +- <<: *buildDefinition + id: another-binary + binary: another-binary + main: ./cmd/another-binary changelog: use: github-native @@ -40,6 +46,23 @@ dockers: build_flag_templates: - "--build-arg=BINARY=go-cli-github" - "--platform=linux/arm64/v8" +- ids: + - another-binary + image_templates: + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-amd64" + use: buildx + build_flag_templates: + - "--build-arg=BINARY=another-binary" + - "--platform=linux/amd64" +- ids: + - another-binary + image_templates: + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-arm64v8" + use: buildx + goarch: arm64 + build_flag_templates: + - "--build-arg=BINARY=another-binary" + - "--platform=linux/arm64/v8" docker_manifests: - name_template: "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/go-cli-github:v{{ .Version }}" @@ -50,6 +73,14 @@ docker_manifests: image_templates: - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/go-cli-github:v{{ .Version }}-amd64" - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/go-cli-github:v{{ .Version }}-arm64v8" +- name_template: "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}" + image_templates: + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-amd64" + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-arm64v8" +- name_template: "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:latest" + image_templates: + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-amd64" + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-arm64v8" release: extra_files: diff --git a/Dockerfile b/Dockerfile index ce4d1a9..7308bb7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b +FROM alpine:3.20@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd ARG BINARY=binary-build-arg-not-defined ENV BINARY=${BINARY} ENTRYPOINT ["sh", "-c"] diff --git a/cmd/another-binary/main.go b/cmd/another-binary/main.go new file mode 100644 index 0000000..da6bcaa --- /dev/null +++ b/cmd/another-binary/main.go @@ -0,0 +1,8 @@ +// Package main implements the command-line interface of a server. +package main + +import "fmt" + +func main() { + fmt.Println("Hello, World!") +} diff --git a/go.mod b/go.mod index 35a3c31..71d083c 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/smlx/go-cli-github go 1.22.2 require ( - github.com/alecthomas/assert/v2 v2.9.0 + github.com/alecthomas/assert/v2 v2.10.0 github.com/alecthomas/kong v0.9.0 ) diff --git a/go.sum b/go.sum index 4a961c3..1967d39 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/alecthomas/assert/v2 v2.9.0 h1:ZcLG8ccMEtlMLkLW4gwGpBWBb0N8MUCmsy1lYBVd1xQ= -github.com/alecthomas/assert/v2 v2.9.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= +github.com/alecthomas/assert/v2 v2.10.0 h1:jjRCHsj6hBJhkmhznrCzoNpbA3zqy0fYiUcYZP/GkPY= +github.com/alecthomas/assert/v2 v2.10.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= github.com/alecthomas/kong v0.9.0 h1:G5diXxc85KvoV2f0ZRVuMsi45IrBgx9zDNGNj165aPA= github.com/alecthomas/kong v0.9.0/go.mod h1:Y47y5gKfHp1hDc7CH7OeXgLIpp+Q2m1Ni0L5s3bI8Os= github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=