diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b9c7f23..53a6dc9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,13 +24,26 @@ concurrency: jobs: build: name: Unstable build - runs-on: namespace-profile-pareto-linux + runs-on: ubuntu-latest steps: - - uses: namespacelabs/nscloud-checkout-action@v5 - - uses: ./.github/actions/devenv + - name: Checkout + uses: actions/checkout@v4 with: - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - run: devenv shell -- goreleaser build --snapshot --clean + fetch-depth: 0 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: stable + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v6 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + # 'latest', 'nightly', or a semver + version: "~> v2" + args: build --snapshot --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: actions/upload-artifact@v4 name: Upload release with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 302da0c..2a12cdf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,8 +35,6 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution - # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} - uses: actions/upload-artifact@v4 name: Upload release with: diff --git a/.gitignore b/.gitignore index d712874..48e0f48 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,5 @@ devenv.local.nix /target .DS_Store -dist \ No newline at end of file +dist +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 2fb22a7..ee6f299 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,35 +1,40 @@ -version: 2 -project_name: scorecard -env: - - CGO_ENABLED=0 - - COSIGN_YES=true +# The lines below are called `modelines`. See `:help modeline` +# Feel free to remove those if you don't want/need to use them. +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json +# vim: set ts=2 sw=2 tw=0 fo=cnqoj + +version: 1 + before: hooks: - - go mod download -gomod: - proxy: true + - go mod tidy builds: - - main: . - binary: pareto + - env: + - CGO_ENABLED=0 + goos: + - linux goarch: - amd64 - arm64 - goos: - - linux - - darwin ldflags: - -s -w -X paretosecurity.com/auditor/shared.Version={{.Version}} - - -trimpath - - -tags=netgo + archives: - builds: [pareto] nfpms: - vendor: niteo.co homepage: https://github.com/paretosecurity/pareto-linux - maintainer: NIteo + maintainer: Niteo description: Automatically audit your Linux machine for basic security hygiene. license: MIT - formats: [deb, rpm, apk] + formats: [deb, rpm] bindir: /usr/bin + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" diff --git a/devenv.nix b/devenv.nix index d4f45e2..5fccf0a 100644 --- a/devenv.nix +++ b/devenv.nix @@ -19,6 +19,7 @@ in { go mod verify go test ./... go build . + goreleaser check ''; # https://devenv.sh/pre-commit-hooks/ @@ -27,6 +28,13 @@ in { gofmt.enable = true; golangci-lint.enable = true; govet.enable = true; + nix-run = { + name = "Verify package.nix hash"; + enable = true; + pass_filenames = false; + files = "go.(mod|sum)$"; + entry = "nix run .# -- --help"; + }; }; # See full reference at https://devenv.sh/reference/options/ diff --git a/package.nix b/package.nix index bad0009..8bae6e1 100644 --- a/package.nix +++ b/package.nix @@ -6,6 +6,6 @@ pkgs.buildGoModule rec { pname = "auditor"; version = "${builtins.hashFile "sha256" "${toString ./go.sum}"}"; src = ./.; - vendorHash = "sha256-g9dv0EaltGwdK9en1N2PEP0b+VzyCxK+Tu+TIXkkyBs"; + vendorHash = "sha256-yItPRsonQNpVXSfvWIhsIVWVrLTAP40RdZCrdmjqydg="; subPackages = ["."]; }