Updated Build Process + CI/CD Updates (#251)

.github/workflows/build.yml → .github/workflows/build-pr.yml

@@ -1,33 +1,33 @@
 # SPDX-License-Identifier: Apache-2.0
 
-name: Build
+name: Build Pull Request
 
-on: [ push, pull_request ]
+on: [ pull_request ]
 
 jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: [ "^1.15" ]
+        go: [ "^1.17", "^1.18" ]
     steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go }}
-      - name: Checkout Repository
-        uses: actions/checkout@v2
       - name: Setup
         run: make setup
       #- name: Lint
       #  run: make lint
       - name: Lint
         run: make check-headers
-      - name: Test
-        run: make test
       - name: Build
         run: make build
+      - name: Test
+        run: make test
   generate:
     name: Generate sbom file
     runs-on: ubuntu-latest
@@ -37,12 +37,12 @@ jobs:
       - name: gh-action-spdx-sbom-generator
         uses: niravpatel27/[email protected]
         with:
-            version: '0.0.3'   
+          version: '0.0.3'
       - name: Check if sbom file generated
         run: |
           if [ ! -f "bom-go-mod.spdx" ]; then
             echo "::error::bom-go-mod.spdx is missing. Must generate using the spdx-sbom-generator cli."
             exit 1
           else
-             echo "Success!"            
-          fi           
+             echo "Success!"
+          fi

.github/workflows/merge-main.yml

@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: Apache-2.0
+
+name: Merge to Main
+
+on:
+  # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go: [ "^1.17", "^1.18" ]
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.go }}
+      - name: Setup
+        run: make setup
+      #- name: Lint
+      #  run: make lint
+      - name: Lint
+        run: make check-headers
+      - name: Build
+        run: make build
+      - name: Test
+        run: make test
+  generate:
+    name: Generate sbom file
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v2
+      - name: gh-action-spdx-sbom-generator
+        uses: niravpatel27/[email protected]
+        with:
+          version: '0.0.3'
+      - name: Check if sbom file generated
+        run: |
+          if [ ! -f "bom-go-mod.spdx" ]; then
+            echo "::error::bom-go-mod.spdx is missing. Must generate using the spdx-sbom-generator cli."
+            exit 1
+          else
+             echo "Success!"
+          fi

.github/workflows/release.yml

@@ -11,34 +11,36 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-    ## checks out our project source code
-    - uses: actions/checkout@v2
+      ## checks out our project source code
+      - uses: actions/checkout@v3
 
-    ## Builds our docker image!
-    - name: Build the Docker image
-      run: docker build . --file Dockerfile
+      ## Builds our docker image!
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile
 
-    ## Publishes our image to Docker Hub 😎
-    - name: Set RELEASE_VERSION env
-      run: echo RELEASE_VERSION=$(echo ${GITHUB_REF} | rev | cut -d'/' -f 1 | rev ) >> ${GITHUB_ENV}
-    - name: Publish to Registry
-      uses: elgohr/Publish-Docker-Github-Action@master
-      with:
-        name: spdx/spdx-sbom-generator
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-        tags: "latest,${{ env.RELEASE_VERSION }}"
+      ## Publishes our image to Docker Hub 😎
+      - name: Set RELEASE_VERSION env
+        run: echo RELEASE_VERSION=$(echo ${GITHUB_REF} | rev | cut -d'/' -f 1 | rev ) >> ${GITHUB_ENV}
+      - name: Publish to Registry
+        uses: elgohr/Publish-Docker-Github-Action@master
+        with:
+          name: spdx/spdx-sbom-generator
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          tags: "latest,${{ env.RELEASE_VERSION }}"
   release:
     name: Release Go Binary
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        # build and publish in parallel: linux/386, linux/amd64, windows/386, windows/amd64, darwin/amd64
-        goos: [linux, windows, darwin]
-        goarch: ["386", amd64]
+        # build and publish various targets
+        goos: [ linux, windows, darwin ]
+        goarch: [ "386", amd64, arm64 ]
         exclude:
           - goarch: "386"
             goos: darwin
+          - goarch: arm64
+            goos: windows
     steps:
       - uses: actions/checkout@v2
       # set current version based on release tag
@@ -49,7 +51,7 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           goos: ${{ matrix.goos }}
           goarch: ${{ matrix.goarch }}
-          goversion: "https://dl.google.com/go/go1.16.6.linux-amd64.tar.gz"
+          goversion: "https://dl.google.com/go/go1.18.3.linux-amd64.tar.gz"
           project_path: "./cmd/generator"
           binary_name: "spdx-sbom-generator"
           ldflags: "-X 'main.version=${{ env.RELEASE_VERSION }}'"

Makefile

@@ -2,9 +2,14 @@
 
 # It's necessary to set this because some environments don't link sh -> bash.
 SHELL := /usr/bin/env bash
-VERSION=$(shell cat version.txt)
+BUILD_TIME=$(shell sh -c 'date +%FT%T%z')
+VERSION := $(shell sh -c 'git describe --always --tags')
+BRANCH := $(shell sh -c 'git rev-parse --abbrev-ref HEAD')
+COMMIT := $(shell sh -c 'git rev-parse --short HEAD')
+GO_FILES=$(shell find . -type f -name '*.go' -not -path './vendor/*')
 PKG_LIST := $(shell go list ./... | grep -v mock)
-ldflags='-X "main.version=$(VERSION)"'
+LDFLAGS=-ldflags "-s -w -X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.branch=$(BRANCH) -X main.buildDate=$(BUILD_TIME)"
+
 ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
 LINT_TOOL=$(shell go env GOPATH)/bin/golangci-lint
 LINT_VERSION=v1.37.0
@@ -18,36 +23,36 @@ setup: $(LINT_TOOL)
 
 .PHONY: mod
 mod:
-	@GO111MODULE=on GOFLAGS=-mod=vendor go mod vendor
-	@GO111MODULE=on GOFLAGS=-mod=vendor go mod tidy
+	@go mod download
+	@go mod tidy
 
 .PHONY: generator
 generate: mod
-	@echo "Running cli on version $(VERSION)"
+	@echo "Running cli on version: $(VERSION)"
 	@GO111MODULE=on GLFLAGs=-mod-vendor go run cmd/generator/generator.go $(ARGS)
 
 .PHONY: build
 build: mod
-	@echo "Building spdx-sbom-generator for Linux Intel/AMD 64-bit version:$(VERSION)"
-	@GO111MODULE=on GOFLAGS=-mod=vendor GOOS=linux go build -ldflags $(ldflags) -o bin/spdx-sbom-generator cmd/generator/generator.go
+	@echo "Building spdx-sbom-generator for Linux Intel/AMD 64-bit version: $(VERSION)"
+	env GOOS=linux GOARCH=amd64 go build $(LD_FLAGS) -o bin/spdx-sbom-generator cmd/generator/generator.go
 	@chmod +x bin/spdx-sbom-generator
 
 .PHONY: build-mac
 build-mac: mod
-	@echo "Building spdx-sbom-generator for Mac Intel/AMD 64-bit version:$(VERSION)"
-	@GO111MODULE=on GOFLAGS=-mod=vendor GOOS=darwin GOARCH=amd64 go build -ldflags $(ldflags) -o bin/spdx-sbom-generator cmd/generator/generator.go
+	@echo "Building spdx-sbom-generator for Mac Intel/AMD 64-bit version: $(VERSION)"
+	@env GOOS=darwin GOARCH=amd64 go build $(LD_FLAGS) -o bin/spdx-sbom-generator cmd/generator/generator.go
 	@chmod +x bin/spdx-sbom-generator
 
 .PHONY: build-mac-arm64
 build-mac-arm64: mod
-	@echo "Building spdx-sbom-generator for Mac ARM 64-bit version:$(VERSION)"
-	@GO111MODULE=on GOFLAGS=-mod=vendor GOOS=darwin GOARCH=arm64 go build -ldflags $(ldflags) -o bin/spdx-sbom-generator cmd/generator/generator.go
+	@echo "Building spdx-sbom-generator for Mac ARM 64-bit version: $(VERSION)"
+	@env GOOS=darwin GOARCH=arm64 go build $(LD_FLAGS) -o bin/spdx-sbom-generator cmd/generator/generator.go
 	@chmod +x bin/spdx-sbom-generator
 
 .PHONY: build-win
 build-win: mod
-	@echo "Building spdx-sbom-generator for Windows Intel/AMD 64-bit version:$(VERSION)"
-	@GO111MODULE=on GOFLAGS=-mod=vendor GOOS=windows GOARCH=amd64 go build -ldflags $(ldflags) -o bin/spdx-sbom-generator.exe cmd/generator/generator.go
+	@echo "Building spdx-sbom-generator for Windows Intel/AMD 64-bit version: $(VERSION)"
+	env GOOS=windows GOARCH=amd64 go build $(LD_FLAGS) -o bin/spdx-sbom-generator.exe cmd/generator/generator.go
 	@chmod +x bin/spdx-sbom-generator.exe
 
 $(LINT_TOOL):
@@ -63,6 +68,10 @@ check-headers:
 	@echo "Running license header check..."
 	$(ROOT_DIR)/check-headers.sh
 
+fmt:
+	@gofmt -w -l -s $(GO_FILES)
+	@goimports -w -l $(GO_FILES)
+
 .PHONY: lint
 lint: go-lint check-headers
 

go.mod

@@ -1,6 +1,8 @@
+// SPDX-License-Identifier: Apache-2.0
+
 module github.com/spdx/spdx-sbom-generator
 
-go 1.15
+go 1.17
 
 require (
 	github.com/go-enry/go-license-detector/v4 v4.2.0
@@ -12,3 +14,37 @@ require (
 	github.com/vifraa/gopom v0.1.0
 	golang.org/x/mod v0.4.2
 )
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgryski/go-minhash v0.0.0-20170608043002-7fe510aff544 // indirect
+	github.com/ekzhu/minhash-lsh v0.0.0-20171225071031-5c06ee8586a1 // indirect
+	github.com/emirpasic/gods v1.12.0 // indirect
+	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.0.0 // indirect
+	github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b // indirect
+	github.com/imdario/mergo v0.3.9 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jdkato/prose v1.1.0 // indirect
+	github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/montanaflynn/stats v0.0.0-20151014174947-eeaced052adb // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/shogo82148/go-shuffle v0.0.0-20170808115208-59829097ff3b // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/xanzy/ssh-agent v0.2.1 // indirect
+	golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 // indirect
+	golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136 // indirect
+	golang.org/x/net v0.0.0-20200301022130-244492dfa37a // indirect
+	golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e // indirect
+	golang.org/x/text v0.3.6 // indirect
+	gonum.org/v1/gonum v0.7.0 // indirect
+	gopkg.in/neurosnap/sentences.v1 v1.0.6 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
+)

go.sum

@@ -55,7 +55,6 @@ github.com/ekzhu/minhash-lsh v0.0.0-20171225071031-5c06ee8586a1/go.mod h1:yEtCVi
 github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -320,8 +319,9 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e h1:NHvCuwuS43lGnYhten69ZWqi2QOj/CiDNcKbVqwVoew=
+golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=

pkg/handler/handler.go

@@ -2,8 +2,6 @@
 
 package handler
 
-import ()
-
 // Handler ...
 type Handler interface {
 	Run() error

pkg/handler/spdx.go

@@ -42,7 +42,7 @@ type spdxHandler struct {
 func getFiletypeForOutputFormat(outputFormat models.OutputFormat) string {
 	switch outputFormat {
 	case models.OutputFormatSpdx:
-		return "spdx"
+		return "spdx" // nolint
 	case models.OutputFormatJson:
 		return "json"
 	default: