use goreleaser for builds

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>

.github/workflows/00-pr-scanner.yaml

@@ -59,11 +59,9 @@ jobs:
     uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
     with:
       COMPONENT_NAME: kubescape
-      CGO_ENABLED: 1
+      CGO_ENABLED: 0
       GO111MODULE: ""
       GO_VERSION: "1.21"
       RELEASE: "latest"
       CLIENT: test
-      ARCH_MATRIX: '[ "" ]'
-      OS_MATRIX: '[ "ubuntu-20.04", "macos-latest", "windows-latest"]'
     secrets: inherit

.github/workflows/02-release.yaml

@@ -34,7 +34,7 @@ jobs:
     uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
     with:
       COMPONENT_NAME: kubescape
-      CGO_ENABLED: 1
+      CGO_ENABLED: 0
       GO111MODULE: ""
       GO_VERSION: "1.21"
       RELEASE: ${{ needs.retag.outputs.NEW_TAG }}

.github/workflows/b-binary-build-and-e2e-tests.yaml

@@ -27,14 +27,6 @@ on:
         type: number
         default: 1
         required: false
-      OS_MATRIX:
-        type: string
-        required: false
-        default: '[ "ubuntu-20.04", "macos-latest", "windows-latest"]'
-      ARCH_MATRIX:
-        type: string
-        required: false
-        default: '[ "", "arm64"]'
       BINARY_TESTS:
         type: string
         required: false
@@ -63,14 +55,6 @@ on:
       BINARY_TESTS:
         type: string
         default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score", "scan_custom_framework_scanning_file_scope_testing", "scan_custom_framework_scanning_cluster_scope_testing", "scan_custom_framework_scanning_cluster_and_file_scope_testing" ]'
-      OS_MATRIX:
-        type: string
-        required: false
-        default: '[ "ubuntu-20.04", "macos-latest", "windows-latest"]'
-      ARCH_MATRIX:
-        type: string
-        required: false
-        default: '[ "", "arm64"]'
 
 jobs:
   wf-preparation:
@@ -78,8 +62,6 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       TEST_NAMES: ${{ steps.export_tests_to_env.outputs.TEST_NAMES }}
-      OS_MATRIX: ${{ steps.export_os_to_env.outputs.OS_MATRIX }}
-      ARCH_MATRIX: ${{ steps.export_arch_to_env.outputs.ARCH_MATRIX }}
       is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }}
 
     steps:
@@ -95,13 +77,6 @@ jobs:
           REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
         run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && \n                        env.USERNAME != '' &&\n                        env.PASSWORD != '' &&\n                        env.CLIENT_ID != '' &&\n                        env.SECRET_KEY != '' &&\n                        env.REGISTRY_USERNAME != '' &&\n                        env.REGISTRY_PASSWORD != ''\n                      }}\" >> $GITHUB_OUTPUT\n"
 
-      - id: export_os_to_env
-        name: set test name
-        run: |
-          echo "OS_MATRIX=$input" >> $GITHUB_OUTPUT
-        env:
-          input: ${{ inputs.OS_MATRIX }}
-
       - id: export_tests_to_env
         name: set test name
         run: |
@@ -109,13 +84,6 @@ jobs:
         env:
           input: ${{ inputs.BINARY_TESTS }}
 
-      - id: export_arch_to_env
-        name: set test name
-        run: |
-          echo "ARCH_MATRIX=$input" >> $GITHUB_OUTPUT
-        env:
-          input: ${{ inputs.ARCH_MATRIX }}
-
   check-secret:
     name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets
     runs-on: ubuntu-latest
@@ -135,124 +103,49 @@ jobs:
     needs: wf-preparation
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GOARCH: ${{ matrix.arch }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: ${{ fromJson(needs.wf-preparation.outputs.OS_MATRIX) }}
-        arch: ${{ fromJson(needs.wf-preparation.outputs.ARCH_MATRIX) }}
-        exclude:
-        - os: windows-latest
-          arch: arm64
+    runs-on: ubuntu-latest
     steps:
 
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
           submodules: recursive
 
-      - name: Cache Go modules (Linux)
-        if: matrix.os == 'ubuntu-20.04'
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Cache Go modules (macOS)
-        if: matrix.os == 'macos-latest'
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3
-        with:
-          path: |
-            ~/Library/Caches/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Cache Go modules (Windows)
-        if: matrix.os == 'windows-latest'
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3
+      - uses: actions/setup-go@v4
         name: Installing go
         with:
           go-version: ${{ inputs.GO_VERSION }}
           cache: true
 
-      - name: start ${{ matrix.arch }} environment in container
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y binfmt-support qemu-user-static
-          sudo docker run --platform linux/${{ matrix.arch }} -e RELEASE=${{ inputs.RELEASE }} \
-          -e CLIENT=${{ inputs.CLIENT }} -e CGO_ENABLED=${{ inputs.CGO_ENABLED }} \
-          -e KUBESCAPE_SKIP_UPDATE_CHECK=true -e GOARCH=${{ matrix.arch }} -v ${PWD}:/work \
-          -w /work -v ~/go/pkg/mod:/root/go/pkg/mod -v ~/.cache/go-build:/root/.cache/go-build \
-          -d --name build golang:${{ inputs.GO_VERSION }}-bullseye sleep 21600
-          sudo docker ps
-          DOCKER_CMD="sudo docker exec build"
-          ${DOCKER_CMD} apt update
-          ${DOCKER_CMD} apt install -y cmake python3
-          ${DOCKER_CMD} git config --global --add safe.directory '*'
-          echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
-        if: matrix.os == 'ubuntu-20.04' && matrix.arch != ''
+      - name: Test core pkg
+        run: ${{ env.DOCKER_CMD }} go test -v ./...
+        if: startsWith(github.ref, 'refs/tags')
 
-      - name: Install pkg-config (macOS)
-        run: brew install pkg-config
-        if: matrix.os == 'macos-latest'
+      - name: Test httphandler pkg
+        run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test -v ./...'
+        if: startsWith(github.ref, 'refs/tags')
 
-      - name: Install libgit2 (Linux/macOS)
-        run: ${{ env.DOCKER_CMD }} make libgit2${{ matrix.arch }}
-        if: matrix.os != 'windows-latest'
+      - uses: anchore/sbom-action/download-syft@v0.15.2
+        name: Setup Syft
 
-      # - name: Test core pkg
-      #   run: ${{ env.DOCKER_CMD }} go test -v ./...
-      #   if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"
-
-      # - name: Test httphandler pkg
-      #   run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test -v ./...'
-      #   if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"
-
-      - name: Build
+      - uses: goreleaser/goreleaser-action@v5
+        name: Build
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean --snapshot
         env:
           RELEASE: ${{ inputs.RELEASE }}
           CLIENT: ${{ inputs.CLIENT }}
           CGO_ENABLED: ${{ inputs.CGO_ENABLED }}
-        run: ${{ env.DOCKER_CMD }} python3 --version && ${{ env.DOCKER_CMD }} python3 build.py
 
-      - name: Smoke Testing (Windows / MacOS)
+      - name: Smoke Testing
         env:
           RELEASE: ${{ inputs.RELEASE }}
           KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-        run: python3 smoke_testing/init.py ${PWD}/build/kubescape-${{ matrix.os }}
-        if: startsWith(github.ref, 'refs/tags') && matrix.os != 'ubuntu-20.04' && matrix.arch == ''
-
-      - name: Smoke Testing (Linux amd64)
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-        run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ${PWD}/build/kubescape-ubuntu-latest
-        if: matrix.os == 'ubuntu-20.04' && matrix.arch == ''
-
-      - name: Smoke Testing (Linux ${{ matrix.arch }})
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-        run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ./build/kubescape-${{ matrix.arch }}-ubuntu-latest
-        if: startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch != ''
+        run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ${PWD}/dist/kubescape-ubuntu-latest
 
       - name: golangci-lint
-        if: matrix.os == 'ubuntu-20.04'
         continue-on-error: true
         uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # ratchet:golangci/golangci-lint-action@v3
         with:
@@ -261,19 +154,10 @@ jobs:
           only-new-issues: true
 
       - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1
-        name: Upload artifact (Linux)
-        if: matrix.os == 'ubuntu-20.04'
+        name: Upload artifacts
         with:
-          name: kubescape${{ matrix.arch }}-ubuntu-latest
-          path: build/
-          if-no-files-found: error
-
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1
-        name: Upload artifact (MacOS, Win)
-        if: matrix.os != 'ubuntu-20.04'
-        with:
-          name: kubescape${{ matrix.arch }}-${{ matrix.os }}
-          path: build/
+          name: kubescape
+          path: dist/kubescape*
           if-no-files-found: error
 
   build-http-image:

.gitignore

@@ -9,3 +9,5 @@
 ca.srl
 *.out
 ks
+
+dist/

.goreleaser.yaml

@@ -0,0 +1,46 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines bellow are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+
+builds:
+  - id: "kubescape-cli"
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    binary: >-
+      {{ .ProjectName }}-
+      {{- if eq .Arch "amd64" }}
+      {{- else }}{{ .Arch }}-{{ end }}
+      {{- if eq .Os "darwin" }}macos
+      {{- else if eq .Os "linux" }}ubuntu
+      {{- else }}{{ .Os }}{{ end }}-latest
+    no_unique_dist_dir: true
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .Binary }}
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+
+sboms:
+  - artifacts: archive