build(fix): [#663] Aggregate Dependabot gomod updates

.github/dependabot.yml

@@ -1,21 +1,19 @@
 ---
 version: 2
 updates:
-  - package-ecosystem: 'docker'
-    directory: '/'
-    reviewers:
-      - '030'
+  - package-ecosystem: "docker"
+    directory: "/"
     schedule:
-      interval: 'daily'
-  - package-ecosystem: 'github-actions'
-    directory: '/'
-    reviewers:
-      - '030'
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
     schedule:
-      interval: 'daily'
-  - package-ecosystem: 'gomod'
-    directory: '/'
-    reviewers:
-      - '030'
+      interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "/"
     schedule:
-      interval: 'daily'
+      interval: "weekly"
+    groups:
+      gomod-all:
+        patterns:
+          - "*"

.github/workflows/docker.yml

@@ -1,12 +1,20 @@
 ---
 name: Docker
-'on': push
+"on":
+  # required by gomod-go-version-updater to trigger this action once pr has
+  # been reviewed
+  pull_request_review:
+    types: [submitted]
+  push:
+permissions:
+  contents: read
+  packages: write
 jobs:
   mcvs-docker-action:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v4.1.4
-      - uses: schubergphilis/mcvs-docker-action@v0.3.2
+      - uses: actions/checkout@v4.2.2
+      - uses: schubergphilis/mcvs-docker-action@v0.5.6
         with:
           dockle-accept-key: libcrypto3,libssl3
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/golang.yml

@@ -1,17 +1,36 @@
 ---
-name: golang
-'on':
+name: Golang
+"on":
   # required by gomod-go-version-updater to trigger this action once pr has
   # been reviewed
   pull_request_review:
     types: [submitted]
   push:
+permissions:
+  contents: read
+  packages: read
 jobs:
   mcvs-golang-action:
-    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        testing-type:
+          - component
+          - coverage
+          - integration
+          - lint
+          - security-golang-modules
+          - security-grype
+          - security-trivy
+          - unit
+    runs-on: ubuntu-22.04
+    env:
+      TASK_X_REMOTE_TASKFILES: 1
     steps:
-      - uses: actions/checkout@v4.1.4
-      - uses: schubergphilis/mcvs-golang-action@v0.4.1
+      - uses: actions/checkout@v4.2.2
+      - uses: schubergphilis/mcvs-golang-action@v0.15.0
         with:
+          code-coverage-expected: 38.4
           golang-unit-tests-exclusions: |-
             \(cmd\/n3dr\|internal\/app\/n3dr\/\(goswagger\|n3drtest\)\)
+          testing-type: ${{ matrix.testing-type }}
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/gomod-go-version-updater.yml

@@ -1,13 +1,13 @@
 ---
 name: gomod-go-version-updater-action
-'on':
+"on":
   schedule:
-    - cron: '42 6 * * *'
+    - cron: "42 6 * * *"
 permissions:
   contents: write
   pull-requests: write
 jobs:
   gomod-go-version-updater-action:
     runs-on: ubuntu-22.04
     steps:
-      - uses: 030/gomod-go-version-updater-action@v0.1.2
+      - uses: 030/gomod-go-version-updater-action@v0.2.2

.gitignore

@@ -1,15 +1,12 @@
 *.log
-
+.task
+.vagrant
+cmd/n3dr/REPO_NAME_HOSTED_*
 cmd/n3dr/n3dr
 cmd/n3dr/n3dr.sha512.txt
 cmd/n3dr/start.sh
-cmd/n3dr/REPO_NAME_HOSTED_*
-
+coverage*
 dip
-
+profile.cov
 test/gpg/my_rsa_key
 test/rproxy-nginx-nexus3.conf.tmp
-
-.vagrant
-
-coverage*

.golangci.yml

@@ -40,15 +40,15 @@ issues:
     - linters:
         - gocognit
       path: internal/app/n3dr/artifactsv2/upload/upload.go
-      text: 'cognitive complexity 71'
+      text: "cognitive complexity 71"
     - linters:
         - gocognit
       path: internal/app/n3dr/artifactsv2/upload/upload.go
       text: cognitive complexity 55 of func `UploadSingleArtifact` is high
     - linters:
         - gocyclo
       path: internal/app/n3dr/artifactsv2/upload/upload.go
-      text: 'cyclomatic complexity 38'
+      text: "cyclomatic complexity 38"
     - linters:
         - funlen
       path: internal/app/n3dr/artifactsv2/upload/upload.go
@@ -60,21 +60,23 @@ issues:
     - linters:
         - maintidx
       path: internal/app/n3dr/artifactsv2/upload/upload.go
-      text: 'Cyclomatic Complexity: 38'
+      text: "Cyclomatic Complexity: 38"
 linters:
   enable-all: true
   disable:
     - cyclop
     - exhaustruct
     - forbidigo
     - forcetypeassert
+    - funlen
     - gochecknoglobals
     - goconst
     - gocritic
     - goerr113
     - golint
     - gomnd
     - lll
+    - mnd
     - nestif
     - nlreturn
     - noctx
@@ -125,7 +127,7 @@ linters-settings:
         # against.
         # Default: $all
         files:
-          - '!**/*_a _file.go'
+          - "!**/*_a _file.go"
         # List of allowed packages.
         allow:
           - $gostd
@@ -141,9 +143,11 @@ linters-settings:
           - github.com/go-openapi/strfmt
           - github.com/go-playground/validator/v10
           - github.com/hashicorp/go-retryablehttp
-          - github.com/mholt/archiver
+          - github.com/mholt/archives
           - github.com/mitchellh/go-homedir
           - github.com/OpenPeeDeeP
+          - github.com/ory/dockertest/v3
+          - github.com/ory/dockertest/v3/docker
           - github.com/samber/lo
           - github.com/sirupsen/logrus
           - github.com/spf13/cobra
@@ -153,5 +157,5 @@ linters-settings:
         deny:
           # - pkg: 'github.com/sirupsen/logrus'
           #   desc: not allowed
-          - pkg: 'github.com/pkg/errors'
+          - pkg: "github.com/pkg/errors"
             desc: Should be replaced by standard lib errors package

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22.2-alpine3.18 as builder
+FROM golang:1.23.2-alpine3.20 as builder
 ARG VERSION
 ENV USERNAME n3dr
 RUN adduser -D -g '' $USERNAME
@@ -9,7 +9,7 @@ RUN apk add --no-cache \
         CGO_ENABLED=0 go build -ldflags "-X main.Version=${VERSION}" -buildvcs=false && \
         cp n3dr /n3dr
 
-FROM alpine:3.19.1
+FROM alpine:3.21.0
 COPY --from=builder /etc/passwd /etc/passwd
 COPY --from=builder /n3dr /usr/local/bin/n3dr
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

Taskfile.yml

@@ -1,50 +1,13 @@
 ---
-version: '3'
+version: 3
 
-env:
-  GIT_CHGLOG_URL: https://github.com/git-chglog/git-chglog/releases/download
-  GIT_CHGLOG_VERSION: v0.15.1/git-chglog_0.15.1_linux_amd64.tar.gz
-  CHANGELOG_NEXT_TAG: 7.5.2
+vars:
+  REMOTE_URL: https://raw.githubusercontent.com
+  REMOTE_URL_REF: v0.15.3
+  REMOTE_URL_REPO: schubergphilis/mcvs-golang-action
 
-tasks:
-  changelog:
-    cmds:
-      - |
-        git fetch -p -P
-        curl \
-          -L ${GIT_CHGLOG_URL}/${GIT_CHGLOG_VERSION} \
-          -o /tmp/git-chglog.tar.gz
-        tar -xvf /tmp/git-chglog.tar.gz -C /tmp
-        chmod +x /tmp/git-chglog
-        /tmp/git-chglog \
-          -o docs/CHANGELOG.md \
-          --config configs/chglog/config.yml \
-          --next-tag ${CHANGELOG_NEXT_TAG}
-        sed -i "s|\/\([0-9]\+\.\)\{2\}[0-9]\+|/${CHANGELOG_NEXT_TAG}|g" \
-          ./docs/quickstarts/snippets/n3dr/DOWNLOAD.md
-        sed -i "s|version:.*|version: ${CHANGELOG_NEXT_TAG}|" \
-          ./build/package/snap/snapcraft.yaml
-  integration-tests:
-    cmds:
-      - |
-        go test \
-          -coverprofile=coverage.cov \
-          --tags=integration \
-          -v \
-          -count=1 \
-          --cover \
-          -race \
-          -p=4 \
-          ./...
-        go tool cover -func=coverage.cov > coverage-functions.out
-        go tool cover -html=coverage.cov -o coverage.html
-        open ./coverage.html
-  lint:
-    cmds:
-      - |
-        go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.2
-        ~/go/bin/golangci-lint --version
-        ~/go/bin/golangci-lint run \
-          -v \
-          --timeout 2m30s \
-          --config .golangci.yml
+includes:
+  common:
+    taskfile: ./build/TaskfileCommon.yml
+  remote: >-
+    {{.REMOTE_URL}}/{{.REMOTE_URL_REPO}}/{{.REMOTE_URL_REF}}/Taskfile.yml

build/TaskfileCommon.yml

@@ -0,0 +1,26 @@
+---
+version: "3"
+
+vars:
+  GIT_CHGLOG_URL: https://github.com/git-chglog/git-chglog/releases/download
+  GIT_CHGLOG_VERSION: v0.15.1/git-chglog_0.15.1_linux_amd64.tar.gz
+  CHANGELOG_NEXT_TAG: 7.5.2
+
+tasks:
+  changelog:
+    cmds:
+      - |
+        git fetch -p -P
+        curl \
+          -L {{.GIT_CHGLOG_URL}}/{{.GIT_CHGLOG_VERSION}} \
+          -o /tmp/git-chglog.tar.gz
+        tar -xvf /tmp/git-chglog.tar.gz -C /tmp
+        chmod +x /tmp/git-chglog
+        /tmp/git-chglog \
+          -o docs/CHANGELOG.md \
+          --config configs/chglog/config.yml \
+          --next-tag {{.CHANGELOG_NEXT_TAG}}
+        sed -i "s|\/\([0-9]\+\.\)\{2\}[0-9]\+|/{{.CHANGELOG_NEXT_TAG}}|g" \
+          ./docs/quickstarts/snippets/n3dr/DOWNLOAD.md
+        sed -i "s|version:.*|version: {{.CHANGELOG_NEXT_TAG}}|" \
+          ./build/package/snap/snapcraft.yaml