Skip to content

Commit

Permalink
Merge pull request #184 from CycloneDX/moar-go1.18
Browse files Browse the repository at this point in the history
Moar Go 1.18 goodness and minor tweaks
  • Loading branch information
nscuro authored Aug 10, 2022
2 parents 3f21ee5 + a97d4dc commit 161c152
Show file tree
Hide file tree
Showing 15 changed files with 54 additions and 75 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/goreleaser-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@ jobs:
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v3.0.0
with:
version: 1.7.0
version: 1.10.3
args: release --skip-publish --skip-sign --snapshot
7 changes: 2 additions & 5 deletions .github/workflows/goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ on:
tags:
- 'v*'


# Source: https://github.com/goreleaser/supply-chain-example/blob/main/.github/workflows/release.yml
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
Expand All @@ -26,7 +24,7 @@ jobs:
with:
go-version: "1.18"
check-latest: true
- uses: sigstore/cosign-installer@v2.5.0 # installs cosign
- uses: sigstore/cosign-installer@v2.5.0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Docker login
Expand All @@ -37,8 +35,7 @@ jobs:
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v3.0.0
with:
version: 1.7.0
version: 1.10.3
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
docker_repository_owner: cyclonedx
33 changes: 14 additions & 19 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ builds:
- amd64
- arm64
flags: -trimpath
ldflags: -s -w -X github.com/CycloneDX/cyclonedx-gomod/internal/version.Version={{ .Tag }}
ldflags: -s -w
main: ./cmd/cyclonedx-gomod
mod_timestamp: "{{ .CommitTimestamp }}"

Expand All @@ -34,9 +34,6 @@ sboms:
- GOARCH={{ .Arch }}
- GOOS={{ .Os }}

# signs the checksum file
# all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to
# https://goreleaser.com/customization/sign
signs:
- cmd: cosign
env:
Expand All @@ -56,7 +53,7 @@ dockers:
dockerfile: Dockerfile.goreleaser
use: buildx
image_templates:
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-amd64"
build_flag_templates:
- "--platform=linux/amd64"
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
Expand All @@ -71,7 +68,7 @@ dockers:
dockerfile: Dockerfile.goreleaser
use: buildx
image_templates:
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-arm64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-arm64"
build_flag_templates:
- "--platform=linux/arm64"
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
Expand All @@ -83,25 +80,23 @@ dockers:
- "--label=org.opencontainers.image.source={{ .GitURL }}"

docker_manifests:
- name_template: "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:latest"
- name_template: "cyclonedx/{{ .ProjectName }}:latest"
image_templates:
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-arm64"
- name_template: "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-arm64"
- name_template: "cyclonedx/{{ .ProjectName }}:{{ .Tag }}"
image_templates:
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-arm64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-arm64"
- name_template: "{{ .Env.docker_repository_owner}}/{{ .ProjectName }}:v{{ .Major }}"
image_templates:
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-arm64"
- name_template: "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-arm64"
- name_template: "cyclonedx/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
image_templates:
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "{{ .Env.docker_repository_owner }}/{{ .ProjectName }}:{{ .Tag }}-arm64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-amd64"
- "cyclonedx/{{ .ProjectName }}:{{ .Tag }}-arm64"

# signs our docker image
# https://goreleaser.com/customization/docker_sign
docker_signs:
- cmd: cosign
env:
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
FROM golang:1.18.5-alpine3.16@sha256:dda10a0c69473a595ab11ed3f8305bf4d38e0436b80e1462fb22c9d8a1c1e808 AS build
FROM golang:1.18.5-alpine3.16@sha256:8e45e2ef37d2b6d98900392029db2bc88f42c0f2a9a8035fa7da90014698e86b AS build
WORKDIR /usr/src/app
RUN apk --no-cache add git make
COPY ./go.mod ./go.sum ./
RUN go mod download
COPY . .
RUN make install

FROM golang:1.18.5-alpine3.16@sha256:dda10a0c69473a595ab11ed3f8305bf4d38e0436b80e1462fb22c9d8a1c1e808
FROM golang:1.18.5-alpine3.16@sha256:8e45e2ef37d2b6d98900392029db2bc88f42c0f2a9a8035fa7da90014698e86b
COPY --from=build /go/bin/cyclonedx-gomod /usr/local/bin/
USER 1000
ENTRYPOINT ["cyclonedx-gomod"]
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.examples
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# This Dockerfile is meant for generating example SBOMs in a way
# that is reproducible for everyone.
FROM golang:1.18.5-alpine3.16@sha256:dda10a0c69473a595ab11ed3f8305bf4d38e0436b80e1462fb22c9d8a1c1e808 AS build
FROM golang:1.18.5-alpine3.16@sha256:8e45e2ef37d2b6d98900392029db2bc88f42c0f2a9a8035fa7da90014698e86b AS build
WORKDIR /usr/src/app
RUN apk --no-cache add git make
COPY ./go.mod ./go.sum ./
RUN go mod download
COPY . .
RUN make install

FROM golang:1.18.5-alpine3.16@sha256:dda10a0c69473a595ab11ed3f8305bf4d38e0436b80e1462fb22c9d8a1c1e808
FROM golang:1.18.5-alpine3.16@sha256:8e45e2ef37d2b6d98900392029db2bc88f42c0f2a9a8035fa7da90014698e86b
VOLUME /examples

# Install prerequisites
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.goreleaser
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# This Dockerfile is meant for GoReleaser exclusively, see .goreleaser.yml.
# For manual builds, please use the regular Dockerfile or simply run "make docker".
FROM golang:1.18.5-alpine3.16@sha256:dda10a0c69473a595ab11ed3f8305bf4d38e0436b80e1462fb22c9d8a1c1e808
FROM golang:1.18.5-alpine3.16@sha256:8e45e2ef37d2b6d98900392029db2bc88f42c0f2a9a8035fa7da90014698e86b
COPY cyclonedx-gomod /usr/local/bin/
USER 1000
ENTRYPOINT ["cyclonedx-gomod"]
Expand Down
6 changes: 3 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ require (
github.com/rs/zerolog v1.27.0
github.com/stretchr/testify v1.8.0
golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce
golang.org/x/mod v0.5.1
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3
)

require (
Expand Down Expand Up @@ -41,9 +42,8 @@ require (
github.com/shogo82148/go-shuffle v0.0.0-20170808115208-59829097ff3b // indirect
github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2 // indirect
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6 // indirect
golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
gonum.org/v1/gonum v0.7.0 // indirect
Expand Down
12 changes: 7 additions & 5 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@ github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY
github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b h1:Jdu2tbAxkRouSILp2EbposIb8h4gO+2QuZEn3d9sKAc=
Expand Down Expand Up @@ -134,11 +134,12 @@ golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubS
golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2 h1:y102fOLFqhV41b+4GPiJoa0k/x+pJcEi2/HB1Y5T6fU=
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA=
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o=
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
Expand All @@ -157,8 +158,9 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6 h1:foEbQz/B0Oz6YIqu/69kfXPYeFQAuuMYFkjaqXzl5Wo=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 h1:id054HUawV2/6IGm2IV8KZQjqtwAOo2CYlOToYqa0d0=
golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand Down
10 changes: 5 additions & 5 deletions internal/gomod/graph.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ import (
"bytes"
"fmt"
"io"
"sort"
"strings"

"github.com/rs/zerolog"
"golang.org/x/exp/slices"
"golang.org/x/mod/semver"

"github.com/CycloneDX/cyclonedx-gomod/internal/gocmd"
Expand Down Expand Up @@ -127,11 +127,11 @@ func findModule(modules []Module, coordinates string, strict bool) *Module {
// sortDependencies sorts a given Module pointer slice ascendingly by path.
// If the path of two modules are equal, they'll be compared by their semantic version instead.
func sortDependencies(dependencies []*Module) {
sort.Slice(dependencies, func(i, j int) bool {
if dependencies[i].Path == dependencies[j].Path {
return semver.Compare(dependencies[i].Version, dependencies[j].Version) == -1
slices.SortFunc(dependencies, func(a, b *Module) bool {
if a.Path == b.Path {
return semver.Compare(a.Version, b.Version) == -1
}

return dependencies[i].Path < dependencies[j].Path
return a.Path < b.Path
})
}
14 changes: 7 additions & 7 deletions internal/gomod/module.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ import (
"fmt"
"io"
"path/filepath"
"sort"
"strings"

"github.com/rs/zerolog"
"golang.org/x/exp/slices"
"golang.org/x/mod/semver"
"golang.org/x/mod/sumdb/dirhash"

Expand Down Expand Up @@ -160,18 +160,18 @@ func parseModules(reader io.Reader) ([]Module, error) {
// Main modules take precedence, so that they will represent the first elements of the sorted slice.
// If the path of two modules are equal, they'll be compared by their semantic version instead.
func sortModules(modules []Module) {
sort.Slice(modules, func(i, j int) bool {
if modules[i].Main && !modules[j].Main {
slices.SortFunc(modules, func(a, b Module) bool {
if a.Main && !b.Main {
return true
} else if !modules[i].Main && modules[j].Main {
} else if !a.Main && b.Main {
return false
}

if modules[i].Path == modules[j].Path {
return semver.Compare(modules[i].Version, modules[j].Version) == -1
if a.Path == b.Path {
return semver.Compare(a.Version, b.Version) == -1
}

return modules[i].Path < modules[j].Path
return a.Path < b.Path
})
}

Expand Down
6 changes: 3 additions & 3 deletions internal/gomod/package.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ import (
"fmt"
"io"
"path/filepath"
"sort"
"strings"

"github.com/rs/zerolog"
"golang.org/x/exp/slices"

"github.com/CycloneDX/cyclonedx-gomod/internal/gocmd"
)
Expand Down Expand Up @@ -233,8 +233,8 @@ func convertPackagesToModules(logger zerolog.Logger, mainModuleDir string, pkgsM

// sortPackages sorts a given Package slice ascending by import path.
func sortPackages(pkgs []Package) {
sort.Slice(pkgs, func(i, j int) bool {
return pkgs[i].ImportPath < pkgs[j].ImportPath
slices.SortFunc(pkgs, func(a, b Package) bool {
return a.ImportPath < b.ImportPath
})
}

Expand Down
3 changes: 2 additions & 1 deletion internal/gomod/vendor.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"strings"

"github.com/rs/zerolog"
"golang.org/x/exp/slices"

"github.com/CycloneDX/cyclonedx-gomod/internal/gocmd"
"github.com/CycloneDX/cyclonedx-gomod/internal/util"
Expand Down Expand Up @@ -102,7 +103,7 @@ func parseVendoredModules(mainModulePath string, reader io.Reader) ([]Module, er

// Replacements may be specified as
// Path [Version] => Path [Version]
arrowIndex := util.StringsIndexOf(fields, "=>")
arrowIndex := slices.Index(fields, "=>")

var module Module

Expand Down
10 changes: 5 additions & 5 deletions internal/sbom/sbom.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ import (
"hash"
"io"
"os"
"sort"

"github.com/rs/zerolog"
"golang.org/x/crypto/sha3"
"golang.org/x/exp/slices"

cdx "github.com/CycloneDX/cyclonedx-go"

Expand Down Expand Up @@ -205,11 +205,11 @@ func NewProperty(name, value string) cdx.Property {
}

func SortProperties(ps []cdx.Property) {
sort.Slice(ps, func(i, j int) bool {
if ps[i].Name == ps[j].Name {
return ps[i].Value < ps[j].Value
slices.SortFunc(ps, func(a, b cdx.Property) bool {
if a.Name == b.Name {
return a.Value < b.Value
}

return ps[i].Name < ps[j].Name
return a.Name < b.Name
})
}
10 changes: 0 additions & 10 deletions internal/util/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,3 @@ func IsSubPath(subject, path string) (bool, error) {

return true, nil
}

// StringsIndexOf determines the index of a string in a string slice.
func StringsIndexOf(haystack []string, needle string) int {
for i := range haystack {
if haystack[i] == needle {
return i
}
}
return -1
}
6 changes: 0 additions & 6 deletions internal/util/util_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,3 @@ func TestFileExists(t *testing.T) {
defer os.Remove(tmpFile.Name())
require.True(t, FileExists(tmpFile.Name()))
}

func TestStringsIndexOf(t *testing.T) {
assert.Equal(t, 0, StringsIndexOf([]string{"foo", "bar"}, "foo"))
assert.Equal(t, 1, StringsIndexOf([]string{"foo", "bar"}, "bar"))
assert.Equal(t, -1, StringsIndexOf([]string{"foo", "bar"}, "baz"))
}

0 comments on commit 161c152

Please sign in to comment.