Skip to content

Commit

Permalink
Enable nix-run command in devenv and update vendorHash in package.nix
Browse files Browse the repository at this point in the history
  • Loading branch information
dz0ny committed Dec 3, 2024
1 parent 79af9c3 commit 9e7d199
Show file tree
Hide file tree
Showing 6 changed files with 51 additions and 26 deletions.
23 changes: 18 additions & 5 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,26 @@ concurrency:
jobs:
build:
name: Unstable build
runs-on: namespace-profile-pareto-linux
runs-on: ubuntu-latest
steps:
- uses: namespacelabs/nscloud-checkout-action@v5
- uses: ./.github/actions/devenv
- name: Checkout
uses: actions/checkout@v4
with:
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- run: devenv shell -- goreleaser build --snapshot --clean
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: stable
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
# either 'goreleaser' (default) or 'goreleaser-pro'
distribution: goreleaser
# 'latest', 'nightly', or a semver
version: "~> v2"
args: build --snapshot --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/upload-artifact@v4
name: Upload release
with:
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,6 @@ jobs:
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
# GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
- uses: actions/upload-artifact@v4
name: Upload release
with:
Expand Down
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,5 @@ devenv.local.nix

/target
.DS_Store
dist
dist
dist/
39 changes: 22 additions & 17 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
@@ -1,35 +1,40 @@
version: 2
project_name: scorecard
env:
- CGO_ENABLED=0
- COSIGN_YES=true
# The lines below are called `modelines`. See `:help modeline`
# Feel free to remove those if you don't want/need to use them.
# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
# vim: set ts=2 sw=2 tw=0 fo=cnqoj

version: 1

before:
hooks:
- go mod download
gomod:
proxy: true
- go mod tidy

builds:
- main: .
binary: pareto
- env:
- CGO_ENABLED=0
goos:
- linux
goarch:
- amd64
- arm64
goos:
- linux
- darwin
ldflags:
- -s -w -X paretosecurity.com/auditor/shared.Version={{.Version}}
- -trimpath
- -tags=netgo

archives:
- builds: [pareto]

nfpms:
- vendor: niteo.co
homepage: https://github.com/paretosecurity/pareto-linux
maintainer: NIteo
maintainer: Niteo
description: Automatically audit your Linux machine for basic security hygiene.
license: MIT
formats: [deb, rpm, apk]
formats: [deb, rpm]
bindir: /usr/bin

changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"
8 changes: 8 additions & 0 deletions devenv.nix
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ in {
go mod verify
go test ./...
go build .
goreleaser check
'';

# https://devenv.sh/pre-commit-hooks/
Expand All @@ -27,6 +28,13 @@ in {
gofmt.enable = true;
golangci-lint.enable = true;
govet.enable = true;
nix-run = {
name = "Verify package.nix hash";
enable = true;
pass_filenames = false;
files = "go.(mod|sum)$";
entry = "nix run .# -- --help";
};
};

# See full reference at https://devenv.sh/reference/options/
Expand Down
2 changes: 1 addition & 1 deletion package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ pkgs.buildGoModule rec {
pname = "auditor";
version = "${builtins.hashFile "sha256" "${toString ./go.sum}"}";
src = ./.;
vendorHash = "sha256-g9dv0EaltGwdK9en1N2PEP0b+VzyCxK+Tu+TIXkkyBs";
vendorHash = "sha256-yItPRsonQNpVXSfvWIhsIVWVrLTAP40RdZCrdmjqydg=";
subPackages = ["."];
}

0 comments on commit 9e7d199

Please sign in to comment.