diff --git a/.github/workflows/00-pr-scanner.yaml b/.github/workflows/00-pr-scanner.yaml index 9b874845..122da524 100644 --- a/.github/workflows/00-pr-scanner.yaml +++ b/.github/workflows/00-pr-scanner.yaml @@ -59,11 +59,9 @@ jobs: uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml with: COMPONENT_NAME: kubescape - CGO_ENABLED: 1 + CGO_ENABLED: 0 GO111MODULE: "" GO_VERSION: "1.21" RELEASE: "latest" CLIENT: test - ARCH_MATRIX: '[ "" ]' - OS_MATRIX: '[ "ubuntu-20.04", "macos-latest", "windows-latest"]' secrets: inherit diff --git a/.github/workflows/02-release.yaml b/.github/workflows/02-release.yaml index eb6c6b9f..0dd682cc 100644 --- a/.github/workflows/02-release.yaml +++ b/.github/workflows/02-release.yaml @@ -34,7 +34,7 @@ jobs: uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml with: COMPONENT_NAME: kubescape - CGO_ENABLED: 1 + CGO_ENABLED: 0 GO111MODULE: "" GO_VERSION: "1.21" RELEASE: ${{ needs.retag.outputs.NEW_TAG }} diff --git a/.github/workflows/b-binary-build-and-e2e-tests.yaml b/.github/workflows/b-binary-build-and-e2e-tests.yaml index 361279c8..2c984729 100644 --- a/.github/workflows/b-binary-build-and-e2e-tests.yaml +++ b/.github/workflows/b-binary-build-and-e2e-tests.yaml @@ -27,14 +27,6 @@ on: type: number default: 1 required: false - OS_MATRIX: - type: string - required: false - default: '[ "ubuntu-20.04", "macos-latest", "windows-latest"]' - ARCH_MATRIX: - type: string - required: false - default: '[ "", "arm64"]' BINARY_TESTS: type: string required: false @@ -63,14 +55,6 @@ on: BINARY_TESTS: type: string default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score", "scan_custom_framework_scanning_file_scope_testing", "scan_custom_framework_scanning_cluster_scope_testing", "scan_custom_framework_scanning_cluster_and_file_scope_testing" ]' - OS_MATRIX: - type: string - required: false - default: '[ "ubuntu-20.04", "macos-latest", "windows-latest"]' - ARCH_MATRIX: - type: string - required: false - default: '[ "", "arm64"]' jobs: wf-preparation: @@ -78,8 +62,6 @@ jobs: runs-on: ubuntu-latest outputs: TEST_NAMES: ${{ steps.export_tests_to_env.outputs.TEST_NAMES }} - OS_MATRIX: ${{ steps.export_os_to_env.outputs.OS_MATRIX }} - ARCH_MATRIX: ${{ steps.export_arch_to_env.outputs.ARCH_MATRIX }} is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }} steps: @@ -95,13 +77,6 @@ jobs: REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && \n env.USERNAME != '' &&\n env.PASSWORD != '' &&\n env.CLIENT_ID != '' &&\n env.SECRET_KEY != '' &&\n env.REGISTRY_USERNAME != '' &&\n env.REGISTRY_PASSWORD != ''\n }}\" >> $GITHUB_OUTPUT\n" - - id: export_os_to_env - name: set test name - run: | - echo "OS_MATRIX=$input" >> $GITHUB_OUTPUT - env: - input: ${{ inputs.OS_MATRIX }} - - id: export_tests_to_env name: set test name run: | @@ -109,13 +84,6 @@ jobs: env: input: ${{ inputs.BINARY_TESTS }} - - id: export_arch_to_env - name: set test name - run: | - echo "ARCH_MATRIX=$input" >> $GITHUB_OUTPUT - env: - input: ${{ inputs.ARCH_MATRIX }} - check-secret: name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets runs-on: ubuntu-latest @@ -135,124 +103,49 @@ jobs: needs: wf-preparation env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GOARCH: ${{ matrix.arch }} - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: ${{ fromJson(needs.wf-preparation.outputs.OS_MATRIX) }} - arch: ${{ fromJson(needs.wf-preparation.outputs.ARCH_MATRIX) }} - exclude: - - os: windows-latest - arch: arm64 + runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3 + - uses: actions/checkout@v3 with: fetch-depth: 0 submodules: recursive - - name: Cache Go modules (Linux) - if: matrix.os == 'ubuntu-20.04' - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3 - with: - path: | - ~/.cache/go-build - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: Cache Go modules (macOS) - if: matrix.os == 'macos-latest' - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3 - with: - path: | - ~/Library/Caches/go-build - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: Cache Go modules (Windows) - if: matrix.os == 'windows-latest' - uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3 - with: - path: | - ~\AppData\Local\go-build - ~\go\pkg\mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3 + - uses: actions/setup-go@v4 name: Installing go with: go-version: ${{ inputs.GO_VERSION }} cache: true - - name: start ${{ matrix.arch }} environment in container - run: | - sudo apt-get update - sudo apt-get install -y binfmt-support qemu-user-static - sudo docker run --platform linux/${{ matrix.arch }} -e RELEASE=${{ inputs.RELEASE }} \ - -e CLIENT=${{ inputs.CLIENT }} -e CGO_ENABLED=${{ inputs.CGO_ENABLED }} \ - -e KUBESCAPE_SKIP_UPDATE_CHECK=true -e GOARCH=${{ matrix.arch }} -v ${PWD}:/work \ - -w /work -v ~/go/pkg/mod:/root/go/pkg/mod -v ~/.cache/go-build:/root/.cache/go-build \ - -d --name build golang:${{ inputs.GO_VERSION }}-bullseye sleep 21600 - sudo docker ps - DOCKER_CMD="sudo docker exec build" - ${DOCKER_CMD} apt update - ${DOCKER_CMD} apt install -y cmake python3 - ${DOCKER_CMD} git config --global --add safe.directory '*' - echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV; - if: matrix.os == 'ubuntu-20.04' && matrix.arch != '' + - name: Test core pkg + run: ${{ env.DOCKER_CMD }} go test -v ./... + if: startsWith(github.ref, 'refs/tags') - - name: Install pkg-config (macOS) - run: brew install pkg-config - if: matrix.os == 'macos-latest' + - name: Test httphandler pkg + run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test -v ./...' + if: startsWith(github.ref, 'refs/tags') - - name: Install libgit2 (Linux/macOS) - run: ${{ env.DOCKER_CMD }} make libgit2${{ matrix.arch }} - if: matrix.os != 'windows-latest' + - uses: anchore/sbom-action/download-syft@v0.15.2 + name: Setup Syft - # - name: Test core pkg - # run: ${{ env.DOCKER_CMD }} go test -v ./... - # if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')" - - # - name: Test httphandler pkg - # run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test -v ./...' - # if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')" - - - name: Build + - uses: goreleaser/goreleaser-action@v5 + name: Build + with: + distribution: goreleaser + version: latest + args: release --clean --snapshot env: RELEASE: ${{ inputs.RELEASE }} CLIENT: ${{ inputs.CLIENT }} CGO_ENABLED: ${{ inputs.CGO_ENABLED }} - run: ${{ env.DOCKER_CMD }} python3 --version && ${{ env.DOCKER_CMD }} python3 build.py - - name: Smoke Testing (Windows / MacOS) + - name: Smoke Testing env: RELEASE: ${{ inputs.RELEASE }} KUBESCAPE_SKIP_UPDATE_CHECK: "true" - run: python3 smoke_testing/init.py ${PWD}/build/kubescape-${{ matrix.os }} - if: startsWith(github.ref, 'refs/tags') && matrix.os != 'ubuntu-20.04' && matrix.arch == '' - - - name: Smoke Testing (Linux amd64) - env: - RELEASE: ${{ inputs.RELEASE }} - KUBESCAPE_SKIP_UPDATE_CHECK: "true" - run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ${PWD}/build/kubescape-ubuntu-latest - if: matrix.os == 'ubuntu-20.04' && matrix.arch == '' - - - name: Smoke Testing (Linux ${{ matrix.arch }}) - env: - RELEASE: ${{ inputs.RELEASE }} - KUBESCAPE_SKIP_UPDATE_CHECK: "true" - run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ./build/kubescape-${{ matrix.arch }}-ubuntu-latest - if: startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch != '' + run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ${PWD}/dist/kubescape-ubuntu-latest - name: golangci-lint - if: matrix.os == 'ubuntu-20.04' continue-on-error: true uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # ratchet:golangci/golangci-lint-action@v3 with: @@ -261,19 +154,10 @@ jobs: only-new-issues: true - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1 - name: Upload artifact (Linux) - if: matrix.os == 'ubuntu-20.04' + name: Upload artifacts with: - name: kubescape${{ matrix.arch }}-ubuntu-latest - path: build/ - if-no-files-found: error - - - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1 - name: Upload artifact (MacOS, Win) - if: matrix.os != 'ubuntu-20.04' - with: - name: kubescape${{ matrix.arch }}-${{ matrix.os }} - path: build/ + name: kubescape + path: dist/kubescape* if-no-files-found: error build-http-image: diff --git a/.gitignore b/.gitignore index e75e7795..7059d770 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ ca.srl *.out ks + +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 00000000..f6f8b3c8 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,46 @@ +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com + +# The lines bellow are called `modelines`. See `:help modeline` +# Feel free to remove those if you don't want/need to use them. +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json +# vim: set ts=2 sw=2 tw=0 fo=cnqoj + +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + +builds: + - id: "kubescape-cli" + goos: + - linux + - windows + - darwin + goarch: + - amd64 + - arm64 + binary: >- + {{ .ProjectName }}- + {{- if eq .Arch "amd64" }} + {{- else }}{{ .Arch }}-{{ end }} + {{- if eq .Os "darwin" }}macos + {{- else if eq .Os "linux" }}ubuntu + {{- else }}{{ .Os }}{{ end }}-latest + no_unique_dist_dir: true + +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of `uname`. + name_template: >- + {{ .Binary }} + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" + +sboms: + - artifacts: archive