feat: bootstrap cli

.cobra.yaml

@@ -0,0 +1,2 @@
+author: Emmanuel Gautier <[email protected]>
+license: MIT License

.docker/Dockerfile-build

@@ -0,0 +1,22 @@
+FROM golang:1.21-bullseye AS builder
+
+WORKDIR /go/src/github.com/cerberauth/vulnapi
+
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+ENV CGO_ENABLED 0
+ENV GO111MODULE on
+
+RUN go mod download
+
+COPY . .
+
+RUN go build -o /usr/bin/vulnapi .
+
+FROM gcr.io/distroless/static-debian11:nonroot AS runner
+
+COPY --from=builder --chown=nonroot:nonroot /usr/bin/vulnapi /usr/bin/vulnapi
+
+ENTRYPOINT ["vulnapi"]
+CMD ["vulnapi"]

.docker/Dockerfile-goreleaser

@@ -0,0 +1,6 @@
+FROM gcr.io/distroless/static-debian11:nonroot
+
+COPY --chown=nonroot:nonroot vulnapi /usr/bin/vulnapi
+
+ENTRYPOINT ["vulnapi"]
+CMD ["vulnapi"]

.github/CODEOWNERS

@@ -0,0 +1 @@
+*       @cerberauth @emmanuelgautier

.github/workflows/ci.yml

@@ -0,0 +1,84 @@
+name: CI
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  GO_VERSION: '1.21'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Go environment
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Test
+        run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v3
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+
+    permissions:
+      contents: write
+      packages: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - run: git fetch --force --tags
+
+      - name: Setup Go environment
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # https://github.com/goreleaser/goreleaser/issues/1715#issuecomment-667002748
+      - name: Install Snapcraft
+        run: |
+          sudo snap install --classic snapcraft
+          mkdir -p $HOME/.cache/snapcraft/download
+          mkdir -p $HOME/.cache/snapcraft/stage-packages
+
+      - uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}

.gitignore

@@ -19,3 +19,6 @@
 
 # Go workspace file
 go.work
+
+vulnapi
+dist/

.goreleaser.yaml

@@ -0,0 +1,82 @@
+before:
+  hooks:
+    - go mod tidy
+    - go generate ./...
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+
+archives:
+  - format: tar.gz
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+    - goos: windows
+      format: zip
+
+checksum:
+  name_template: 'checksums.txt'
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+# brews:
+#   - name: "{{ .ProjectName }}"
+#     description: "vulnapi"
+#     license: "MIT"
+#     repository:
+#       owner: cerberauth
+#       name: "{{ .ProjectName }}"
+#     goarm: 6
+#     test: |
+#       system "#{bin}/{{ .ProjectName }} help"
+#     homepage: https://github.com/cerberauth/vulnapi
+#     commit_author:
+#       name: emmanuelgautier
+#       email: [email protected]
+
+# nfpms:
+#   - package_name: "{{ .ProjectName }}"
+#     vendor: CerberAuth
+#     homepage: https://github.com/cerberauth/vulnapi
+#     maintainer: Emmanuel Gautier <[email protected]>
+#     description: "vulnapi"
+#     license: "MIT"
+#     formats:
+#       - apk
+#       - deb
+#       - rpm
+#       - termux.deb
+#       - archlinux
+
+snapcrafts:
+  - title: vulnapi
+    publish: true
+    summary: "vulnapi"
+    description: "vulnapi"
+    license: MIT
+
+dockers:
+  - image_templates:
+      - "ghcr.io/cerberauth/vulnapi:{{ .Tag }}"
+      - "ghcr.io/cerberauth/vulnapi:v{{ .Major }}"
+      - "ghcr.io/cerberauth/vulnapi:v{{ .Major }}.{{ .Minor }}"
+      - "ghcr.io/cerberauth/vulnapi:latest"
+    dockerfile: .docker/Dockerfile-goreleaser

cmd/root.go

@@ -0,0 +1,29 @@
+package cmd
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/cerberauth/vulnapi/cmd/scan"
+)
+
+func NewRootCmd() (cmd *cobra.Command) {
+	var rootCmd = &cobra.Command{
+		Use:   "vulnapi",
+		Short: "vulnapi",
+	}
+	rootCmd.AddCommand(scan.NewScanCmd())
+
+	return rootCmd
+}
+
+// Execute adds all child commands to the root command and sets flags appropriately.
+// This is called by main.main(). It only needs to happen once to the RootCmd.
+func Execute() {
+	c := NewRootCmd()
+
+	if err := c.Execute(); err != nil {
+		os.Exit(1)
+	}
+}

cmd/scan/root.go

@@ -0,0 +1,15 @@
+package scan
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func NewScanCmd() (scanCmd *cobra.Command) {
+	scanCmd = &cobra.Command{
+		Use:   "scan",
+		Short: "scan",
+		Run:   func(cmd *cobra.Command, args []string) {},
+	}
+
+	return scanCmd
+}

go.mod

@@ -0,0 +1,10 @@
+module github.com/cerberauth/vulnapi
+
+go 1.20
+
+require github.com/spf13/cobra v1.7.0
+
+require (
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+)

go.sum

@@ -0,0 +1,10 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -0,0 +1,7 @@
+package main
+
+import "github.com/cerberauth/vulnapi/cmd"
+
+func main() {
+	cmd.Execute()
+}

renovate.json

@@ -0,0 +1,5 @@
+{
+    "extends": [
+        "github>emmanuelgautier/renovate-config"
+    ]
+}