diff --git a/.cobra.yaml b/.cobra.yaml new file mode 100644 index 0000000..4edb7a4 --- /dev/null +++ b/.cobra.yaml @@ -0,0 +1,2 @@ +author: Emmanuel Gautier +license: MIT License diff --git a/.docker/Dockerfile-build b/.docker/Dockerfile-build new file mode 100644 index 0000000..869afc9 --- /dev/null +++ b/.docker/Dockerfile-build @@ -0,0 +1,22 @@ +FROM golang:1.21-bullseye AS builder + +WORKDIR /go/src/github.com/cerberauth/vulnapi + +COPY go.mod go.mod +COPY go.sum go.sum + +ENV CGO_ENABLED 0 +ENV GO111MODULE on + +RUN go mod download + +COPY . . + +RUN go build -o /usr/bin/vulnapi . + +FROM gcr.io/distroless/static-debian11:nonroot AS runner + +COPY --from=builder --chown=nonroot:nonroot /usr/bin/vulnapi /usr/bin/vulnapi + +ENTRYPOINT ["vulnapi"] +CMD ["vulnapi"] diff --git a/.docker/Dockerfile-goreleaser b/.docker/Dockerfile-goreleaser new file mode 100644 index 0000000..f4396e7 --- /dev/null +++ b/.docker/Dockerfile-goreleaser @@ -0,0 +1,6 @@ +FROM gcr.io/distroless/static-debian11:nonroot + +COPY --chown=nonroot:nonroot vulnapi /usr/bin/vulnapi + +ENTRYPOINT ["vulnapi"] +CMD ["vulnapi"] diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..4ecf0ad --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @cerberauth @emmanuelgautier diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..59b16d8 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,84 @@ +name: CI + +on: + push: + tags: + - "v*.*.*" + branches: + - main + pull_request: + branches: + - main + +env: + GO_VERSION: '1.21' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Setup Go environment + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Build + run: go build -v ./... + + - name: Test + run: go test -race -coverprofile=coverage.out -covermode=atomic ./... + + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v3 + + publish: + needs: build + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/') + + permissions: + contents: write + packages: write + pull-requests: write + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - run: git fetch --force --tags + + - name: Setup Go environment + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # https://github.com/goreleaser/goreleaser/issues/1715#issuecomment-667002748 + - name: Install Snapcraft + run: | + sudo snap install --classic snapcraft + mkdir -p $HOME/.cache/snapcraft/download + mkdir -p $HOME/.cache/snapcraft/stage-packages + + - uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }} diff --git a/.gitignore b/.gitignore index 3b735ec..3f6d61f 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,6 @@ # Go workspace file go.work + +vulnapi +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..c2fc83c --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,82 @@ +before: + hooks: + - go mod tidy + - go generate ./... +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + - windows + - darwin + +archives: + - format: tar.gz + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + # use zip for windows archives + format_overrides: + - goos: windows + format: zip + +checksum: + name_template: 'checksums.txt' + +snapshot: + name_template: "{{ incpatch .Version }}-next" + +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' + +# brews: +# - name: "{{ .ProjectName }}" +# description: "vulnapi" +# license: "MIT" +# repository: +# owner: cerberauth +# name: "{{ .ProjectName }}" +# goarm: 6 +# test: | +# system "#{bin}/{{ .ProjectName }} help" +# homepage: https://github.com/cerberauth/vulnapi +# commit_author: +# name: emmanuelgautier +# email: emmanuel@cerberauth.com + +# nfpms: +# - package_name: "{{ .ProjectName }}" +# vendor: CerberAuth +# homepage: https://github.com/cerberauth/vulnapi +# maintainer: Emmanuel Gautier +# description: "vulnapi" +# license: "MIT" +# formats: +# - apk +# - deb +# - rpm +# - termux.deb +# - archlinux + +snapcrafts: + - title: vulnapi + publish: true + summary: "vulnapi" + description: "vulnapi" + license: MIT + +dockers: + - image_templates: + - "ghcr.io/cerberauth/vulnapi:{{ .Tag }}" + - "ghcr.io/cerberauth/vulnapi:v{{ .Major }}" + - "ghcr.io/cerberauth/vulnapi:v{{ .Major }}.{{ .Minor }}" + - "ghcr.io/cerberauth/vulnapi:latest" + dockerfile: .docker/Dockerfile-goreleaser diff --git a/cmd/root.go b/cmd/root.go new file mode 100644 index 0000000..409d455 --- /dev/null +++ b/cmd/root.go @@ -0,0 +1,29 @@ +package cmd + +import ( + "os" + + "github.com/spf13/cobra" + + "github.com/cerberauth/vulnapi/cmd/scan" +) + +func NewRootCmd() (cmd *cobra.Command) { + var rootCmd = &cobra.Command{ + Use: "vulnapi", + Short: "vulnapi", + } + rootCmd.AddCommand(scan.NewScanCmd()) + + return rootCmd +} + +// Execute adds all child commands to the root command and sets flags appropriately. +// This is called by main.main(). It only needs to happen once to the RootCmd. +func Execute() { + c := NewRootCmd() + + if err := c.Execute(); err != nil { + os.Exit(1) + } +} diff --git a/cmd/scan/root.go b/cmd/scan/root.go new file mode 100644 index 0000000..f075e10 --- /dev/null +++ b/cmd/scan/root.go @@ -0,0 +1,15 @@ +package scan + +import ( + "github.com/spf13/cobra" +) + +func NewScanCmd() (scanCmd *cobra.Command) { + scanCmd = &cobra.Command{ + Use: "scan", + Short: "scan", + Run: func(cmd *cobra.Command, args []string) {}, + } + + return scanCmd +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..13f9b5c --- /dev/null +++ b/go.mod @@ -0,0 +1,10 @@ +module github.com/cerberauth/vulnapi + +go 1.20 + +require github.com/spf13/cobra v1.7.0 + +require ( + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..f3366a9 --- /dev/null +++ b/go.sum @@ -0,0 +1,10 @@ +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/main.go b/main.go new file mode 100644 index 0000000..11dcdf4 --- /dev/null +++ b/main.go @@ -0,0 +1,7 @@ +package main + +import "github.com/cerberauth/vulnapi/cmd" + +func main() { + cmd.Execute() +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..ffded79 --- /dev/null +++ b/renovate.json @@ -0,0 +1,5 @@ +{ + "extends": [ + "github>emmanuelgautier/renovate-config" + ] +} \ No newline at end of file