Merge pull request #137 from OWASP/integrate-goreleaser

Integrate goreleaser

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+custom: https://owasp.org/donate/?reponame=offat&title=OWASP+OFFAT
+github: OWASP

.github/workflows/dev-push.yml

@@ -31,7 +31,7 @@ jobs:
         uses: docker/build-push-action@v3
         with:
           context: ./src/
-          file: ./src/DockerFile
+          file: ./src/Dockerfile
           push: true
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/offat:${{ github.head_ref || github.ref_name }} # for release: ${{ github.event.release.tag_name }}
           platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7

.github/workflows/goreleaser.yml

@@ -0,0 +1,39 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.23
+
+      - name: set up CycloneDX
+        uses: CycloneDX/gh-gomod-generate-sbom@v2
+        with:
+          version: v1
+
+      - name: run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        working-directory: ./src
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.OFFAT_GH_TOKEN }}

.github/workflows/release-push.yml

@@ -29,7 +29,7 @@ jobs:
         uses: docker/build-push-action@v3
         with:
           context: ./src/
-          file: ./src/DockerFile
+          file: ./src/Dockerfile
           push: true
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/offat:${{ github.event.release.tag_name }} # for dev: ${{ github.head_ref || github.ref_name }}
           platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7

.github/workflows/test-project.yml

@@ -24,7 +24,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22.x'
+          go-version: '1.23.x'
 
       - name: Install Dependencies
         run: go mod download

src/.goreleaser.yaml

@@ -1,46 +1,70 @@
-# This is an example .goreleaser.yml file with some sensible defaults.
-# Make sure to check the documentation at https://goreleaser.com
-
-# The lines below are called `modelines`. See `:help modeline`
-# Feel free to remove those if you don't want/need to use them.
 # yaml-language-server: $schema=https://goreleaser.com/static/schema.json
-# vim: set ts=2 sw=2 tw=0 fo=cnqoj
-
+# vim: set ts=2 sw=2 tw=0 fo=jcroql
 version: 2
 
+project_name: offat
+
 before:
   hooks:
-    # You may remove this if you don't use go modules.
-    - go mod tidy
-    # you may remove this if you don't need go generate
-    - go generate ./...
+  - go mod tidy
+  - go mod download
 
 builds:
-  - env:
-      - CGO_ENABLED=0
+  - main: ./cmd/offat/
+    binary: offat
     goos:
-      - linux
       - windows
+      - linux
       - darwin
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+      - arm
+      - arm64
+    ignore:
+      - goos: darwin
+        goarch: 386
+      - goos: darwin
+        goarch: arm
+      - goos: windows
+        goarch: 386
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: arm64
+      - goos: freebsd
+        goarch: arm
 
 archives:
-  - format: tar.gz
-    # this name template makes the OS and Arch compatible with the results of `uname`.
-    name_template: >-
+  - name_template: >-
       {{ .ProjectName }}_
       {{- title .Os }}_
-      {{- if eq .Arch "amd64" }}x86_64
+      {{- if eq .Arch "darwin" }}macos
       {{- else if eq .Arch "386" }}i386
       {{- else }}{{ .Arch }}{{ end }}
-      {{- if .Arm }}v{{ .Arm }}{{ end }}
-    # use zip for windows archives
-    format_overrides:
-      - goos: windows
-        format: zip
+    wrap_in_directory: true
+    format: zip
+    files:
+      - LICENSE
+      - README.md
+
+sboms:
+  - documents:
+      - "{{ .Binary }}_{{ .Os }}_{{ .Arch }}.bom.json"
+    artifacts: binary
+    cmd: cyclonedx-gomod
+    env:
+      - GOOS={{ .Os }}
+      - GOARCH={{ .Arch }}
+    args: [ "app", "-main", "cmd/offat", "-licenses", "-packages", "-json", "-output", "$document", "../" ]
+
+checksum:
+  name_template: "{{ .ProjectName }}_checksums.txt"
 
 changelog:
-  sort: asc
+  sort: desc
   filters:
     exclude:
-      - "^docs:"
-      - "^test:"
+    - '^MERGE'
+    - "{{ .Tag }}"

src/LICENSE

@@ -0,0 +1,19 @@
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.