Automate the release process using a GitHub workflow

ccojocar · Cosmin Cojocar · commit 51e4317f09be · 2020-04-14T00:41:56.000-07:00
The release will trigger when a new tag is pushed.

Signed-off-by: Cosmin Cojocar &lt;cosmin.cojocar@gmx.ch&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,4 +1,4 @@
-name: GoSec CI
+name: CI
 on:
   push:
     branches:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,38 @@
+name: Release
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source 
+        uses: actions/checkout@v2
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.14.x
+      - name : Get release version
+        id: get_version
+        run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10})
+      - name: Release Binaries
+        uses: goreleaser/goreleaser-action@v1
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Release Docker Image
+        uses: elgohr/Publish-Docker-Github-Action@master
+        with:
+            name: securego/gosec
+            username: ${{ secrets.DOCKER_USERNAME }}
+            password: ${{ secrets.DOCKER_PASSWORD }}
+            buildargs: GO_VERSION=1.14
+            tags: "latest,${{ env.RELEASE_VERSION }}"
+            tag_names: true
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -18,8 +18,3 @@ builds:
     ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
     env:
       - CGO_ENABLED=0
-
-archive:
-  files:
-    - README.md
-    - LICENSE.txt
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.13
+ARG GO_VERSION
 FROM golang:${GO_VERSION}-alpine AS builder
 RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev
 RUN mkdir -p /build
diff --git a/Makefile b/Makefile
@@ -11,6 +11,7 @@ GOBIN ?= $(GOPATH)/bin
 GOLINT ?= $(GOBIN)/golint
 GOSEC ?= $(GOBIN)/gosec
 GINKGO ?= $(GOBIN)/ginkgo
+GO_VERSION = 1.14
 
 default:
 	$(MAKE) build
@@ -58,7 +59,7 @@ build-linux:
 
 image:
 	@echo "Building the Docker image..."
-	docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
+	docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) --build-arg GO_VERSION=$(GO_VERSION) .
 	docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
 	touch image
 
diff --git a/README.md b/README.md
@@ -240,9 +240,9 @@ gosec -tag debug,ignore ./...
 
 ### Output formats
 
-gosec currently supports text, json, yaml, csv, sonarqube, JUnit XML and golint output formats. By default
+gosec currently supports `text`, `json`, `yaml`, `csv`, `sonarqube`, `JUnit XML`, `html` and `golint` output formats. By default
 results will be reported to stdout, but can also be written to an output
-file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows:
+file. The output format is controlled by the `-fmt` flag, and the output file is controlled by the `-out` flag as follows:
 
 ```bash
 # Write output in json format to results.json
@@ -253,51 +253,39 @@ $ gosec -fmt=json -out=results.json *.go
 
 ### Build
 
+You can build the binary with:
 ```bash
 make
 ```
 
 ### Tests
 
+You can run all unit tests using:
 ```bash
 make test
 ```
 
-### Release Build
+### Release
 
-Make sure you have installed the [goreleaser](https://github.com/goreleaser/goreleaser) tool and then you can release gosec as follows:
+You can create a release by tagging the version as follows:
 
-```bash
-git tag v1.0.0
-export GITHUB_TOKEN=<YOUR GITHUB TOKEN>
-make release
-```
-
-The released version of the tool is available in the `dist` folder. The build information should be displayed in the usage text.
-
-```bash
-./dist/darwin_amd64/gosec -h
-gosec  - Golang security checker
-
-gosec analyzes Go source code to look for common programming mistakes that
-
-
-VERSION: 1.0.0
-GIT TAG: v1.0.0
-BUILD DATE: 2018-04-27T12:41:38Z
+``` bash
+git tag v1.0.0 -m "Release version v1.0.0"
+git push origin v1.0.0
 ```
 
-Note that all released archives are also uploaded to GitHub.
+The GitHub [release workflow](.github/workflows/release.yml) triggers immediately after the tag is pushed upstream. This flow will
+release the binaries using the [goreleaser](https://goreleaser.com/actions/) action and then it will build and publish the docker image into Docker Hub.
 
 ### Docker image
 
-You can build the docker image as follows:
+You can also build locally the docker image by using the command:
 
 ```bash
 make image
 ```
 
-You can run the `gosec` tool in a container against your local Go project. You just have to mount the project 
+You can run the `gosec` tool in a container against your local Go project. You only have to mount the project 
 into a volume as follows:
 
 ```bash

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: GoSec CI`
	`1`	`+name: CI`
`2`	`2`	`on:`
`3`	`3`	`push:`
`4`	`4`	`branches:`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-ARG GO_VERSION=1.13`
	`1`	`+ARG GO_VERSION`
`2`	`2`	`FROM golang:${GO_VERSION}-alpine AS builder`
`3`	`3`	`RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev`
`4`	`4`	`RUN mkdir -p /build`