diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 35864713..d3a6598a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,11 +8,21 @@ on: - main pull_request: +permissions: + contents: write + id-token: write + packages: write + jobs: + govulncheck: + uses: caarlos0/meta/.github/workflows/govulncheck.yml@main + semgrep: + uses: caarlos0/meta/.github/workflows/semgrep.yml@main + ruleguard: + uses: caarlos0/meta/.github/workflows/ruleguard.yml@main unit-tests: strategy: matrix: - go-version: [ 1.19 ] os: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.os }} steps: @@ -21,18 +31,11 @@ jobs: fetch-depth: 0 - uses: actions/setup-go@v3 with: - go-version: ${{ matrix.go-version }} + go-version: '~1.19' + cache: true - uses: arduino/setup-task@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: setup-tparse run: go install github.com/mfridman/tparse@latest - run: task setup @@ -43,10 +46,9 @@ jobs: with: token: ${{ secrets.CODECOV_TOKEN }} file: ./coverage.txt - Acceptance-Tests: + acceptance-tests: strategy: matrix: - go-version: [ 1.19 ] pkgFormat: [ deb, rpm, apk ] pkgPlatform: [ amd64, arm64, 386, ppc64le, armv6, armv7, s390x ] runs-on: ubuntu-latest @@ -57,18 +59,11 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: - go-version: ${{ matrix.go-version }} + go-version: '~1.19' + cache: true - uses: arduino/setup-task@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - uses: docker/setup-qemu-action@v2 - uses: docker/setup-buildx-action@v2 - run: task setup @@ -79,9 +74,6 @@ jobs: env: TEST_PATTERN: "/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/" goreleaser: - strategy: - matrix: - go-version: [ 1.19 ] runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') needs: @@ -97,18 +89,11 @@ jobs: fetch-depth: 0 - uses: actions/setup-go@v3 with: - go-version: ${{ matrix.go-version }} + go-version: '~1.19' + cache: true - uses: arduino/setup-task@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - uses: sigstore/cosign-installer@v2.5.1 - uses: anchore/sbom-action/download-syft@v0.12.0 - uses: docker/setup-qemu-action@v2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 20230a8a..d0381171 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -18,7 +18,4 @@ jobs: with: go-version: ~1.19 - uses: actions/checkout@v3 - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - skip-go-installation: true + - uses: golangci/golangci-lint-action@v3 diff --git a/apk/apk.go b/apk/apk.go index b3c5aed1..7715a466 100644 --- a/apk/apk.go +++ b/apk/apk.go @@ -170,11 +170,7 @@ func writeFile(tw *tar.Writer, header *tar.Header, file io.Reader) error { } _, err = io.Copy(tw, file) - if err != nil { - return err - } - - return nil + return err } type tarKind int diff --git a/deb/deb.go b/deb/deb.go index ea755887..8415199e 100644 --- a/deb/deb.go +++ b/deb/deb.go @@ -490,7 +490,7 @@ func createChangelogInsideDataTar(tarw *tar.Writer, md5w io.Writer, return 0, err } - if _, err = out.Write([]byte(changelogContent)); err != nil { + if _, err = io.WriteString(out, changelogContent); err != nil { return 0, err } diff --git a/internal/glob/glob.go b/internal/glob/glob.go index 5bc24979..e225147a 100644 --- a/internal/glob/glob.go +++ b/internal/glob/glob.go @@ -4,6 +4,7 @@ package glob import ( "errors" "fmt" + "io/fs" "os" "path/filepath" "strings" @@ -81,7 +82,7 @@ func Glob(pattern, dst string, ignoreMatchers bool) (map[string]string, error) { files := make(map[string]string) prefix := pattern // the prefix may not be a complete path or may use glob patterns, in that case use the parent directory - if _, err := os.Stat(prefix); os.IsNotExist(err) || (fileglob.ContainsMatchers(pattern) && !ignoreMatchers) { + if _, err := os.Stat(prefix); errors.Is(err, fs.ErrNotExist) || (fileglob.ContainsMatchers(pattern) && !ignoreMatchers) { prefix = filepath.Dir(longestCommonPrefix(matches)) } diff --git a/nfpm.go b/nfpm.go index 6fe89d36..a5cc5e49 100644 --- a/nfpm.go +++ b/nfpm.go @@ -3,8 +3,10 @@ package nfpm import ( + "errors" "fmt" "io" + "io/fs" "os" "sync" @@ -227,7 +229,7 @@ func (i *Info) Validate() error { func (i *Info) GetChangeLog() (log *chglog.PackageChangeLog, err error) { // if the file does not exist chglog.Parse will just silently // create an empty changelog but we should notify the user instead - if _, err = os.Stat(i.Changelog); os.IsNotExist(err) { + if _, err = os.Stat(i.Changelog); errors.Is(err, fs.ErrNotExist) { return nil, err } diff --git a/nfpm_test.go b/nfpm_test.go index 789531ea..37799c94 100644 --- a/nfpm_test.go +++ b/nfpm_test.go @@ -3,6 +3,7 @@ package nfpm_test import ( "fmt" "io" + "net/mail" "os" "reflect" "strings" @@ -270,9 +271,16 @@ func TestOptionsFromEnvironment(t *testing.T) { os.Clearenv() os.Setenv("GIT_COMMITTER_NAME", packager) os.Setenv("GIT_COMMITTER_EMAIL", maintainerEmail) - info, err := nfpm.Parse(strings.NewReader("name: foo\nmaintainer: $GIT_COMMITTER_NAME <$GIT_COMMITTER_EMAIL>")) + info, err := nfpm.Parse(strings.NewReader(` +name: foo +maintainer: '"$GIT_COMMITTER_NAME" <$GIT_COMMITTER_EMAIL>' +`)) require.NoError(t, err) - require.Equal(t, fmt.Sprintf("%s <%s>", packager, maintainerEmail), info.Maintainer) + addr := mail.Address{ + Name: packager, + Address: maintainerEmail, + } + require.Equal(t, addr.String(), info.Maintainer) }) t.Run("vendor", func(t *testing.T) {