diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ae0b299..d6f9ee6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,27 +2,54 @@ name: build on: pull_request: - workflow_call: - secrets: - PERSONAL_ACCESS_TOKEN: - required: true - jobs: + version: + runs-on: ubuntu-latest + if: startsWith(github.head_ref, 'renovate') == false + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Detect Version for Docker + id: docker-version + run: echo "VERSION=$(SEP="-" scripts/version)" >> $GITHUB_OUTPUT + - name: Detect Version + id: version + run: echo "VERSION=$(scripts/version)" >> $GITHUB_OUTPUT + outputs: + docker-version: ${{ steps.docker-version.outputs.VERSION }} + version: ${{ steps.version.outputs.VERSION }} + build: runs-on: ubuntu-latest + needs: + - version steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true # https://github.com/actions/setup-go#check-latest-version cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs - name: Build run: go build -race ./... + - name: Install GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + version: latest + install-only: true + + - name: Snapshot + if: startsWith(github.ref , 'refs/tags/v') == false + run: make snapshot + env: + GORELEASER_CURRENT_TAG: ${{ needs.version.outputs.docker-version }} + - name: Grype scan id: scan uses: anchore/scan-action@v3 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 17de9cc..de352d0 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -16,12 +16,12 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true # https://github.com/actions/setup-go#check-latest-version cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs - name: golangci-lint uses: golangci/golangci-lint-action@v3.7.0 with: - version: v1.52.2 + version: v1.54.2 args: --timeout=5m diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a23cfc0..cedffdc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,7 +4,6 @@ on: push: tags: - "v*" - pull_request: workflow_call: secrets: PERSONAL_ACCESS_TOKEN: @@ -52,22 +51,22 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true # https://github.com/actions/setup-go#check-latest-version cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs - - uses: sigstore/cosign-installer@v3.1.1 # installs cosign + - uses: sigstore/cosign-installer@v3.1.2 # installs cosign - uses: anchore/sbom-action/download-syft@v0.14.3 # installs syft - name: Login to GCR - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: us.gcr.io username: _json_key password: ${{ secrets.PUBLIC_GCR_JSON_KEY }} - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v4 + uses: goreleaser/goreleaser-action@v5 with: version: latest install-only: true diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index d749f27..93fd794 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -20,9 +20,7 @@ jobs: - name: Run FOSSA scan and upload build data uses: fossa-contrib/fossa-action@v2.0.0 with: - # FOSSA Push-Only API Token fossa-api-key: 0580abfd8ed19432331e14f6e9eaa7ff - github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} scan-codeql: runs-on: ubuntu-latest @@ -39,10 +37,10 @@ jobs: **/go.sum **/go.mod - name: Initialize CodeQL - uses: github/codeql-action/init@v2.21.5 + uses: github/codeql-action/init@v2.21.7 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@v2.21.5 + uses: github/codeql-action/autobuild@v2.21.7 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2.21.5 + uses: github/codeql-action/analyze@v2.21.7 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 940f719..896327c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,7 +11,7 @@ jobs: - uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true # https://github.com/actions/setup-go#check-latest-version cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs diff --git a/.goreleaser.yml b/.goreleaser.yml index cf5aabd..53a89d9 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -71,7 +71,7 @@ signs: output: true brews: - - tap: + - repository: owner: ksoclabs name: homebrew-kbom homepage: "https://github.com/ksoclabs/kbom" diff --git a/go.mod b/go.mod index 5be6563..6156e77 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/ksoclabs/kbom go 1.20 require ( - github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3 + github.com/CycloneDX/cyclonedx-go v0.7.2 github.com/Masterminds/semver v1.5.0 github.com/google/uuid v1.3.0 github.com/invopop/jsonschema v0.7.0 diff --git a/go.sum b/go.sum index f7f5724..fba1c79 100644 --- a/go.sum +++ b/go.sum @@ -40,6 +40,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3 h1:NqeV+ZMqpcosu0Xg2VW14Ru9ayBs/toe2oihS7sN6Xo= github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3/go.mod h1:fGXSp1lCDfMQ8KR1EjxT4ewc5HHhGczRF2pWhLSWohs= +github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ= +github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=