diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 7dc4d579f..435c87e5b 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,3 @@ # GitHub code owners # See https://github.com/blog/2392-introducing-code-owners -* @wiliansilvazup @matheusalcantarazup @lucasbrunozup @nathanmartinszup @iancardosozup - +* @wiliansilvazup @matheusalcantarazup @lucasbrunozup @nathanmartinszup @iancardosozup @oliveirafelipezup diff --git a/.github/workflows/alpha.yml b/.github/workflows/release-alpha.yml similarity index 99% rename from .github/workflows/alpha.yml rename to .github/workflows/release-alpha.yml index f90e8dd1c..7a53cc5f0 100644 --- a/.github/workflows/alpha.yml +++ b/.github/workflows/release-alpha.yml @@ -11,22 +11,22 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -name: alpha +name: release-alpha on: push: branches: - main permissions: read-all jobs: - Alpha: + ReleaseAlpha: permissions: contents: write packages: write + issues: write runs-on: ubuntu-latest env: COSIGN_KEY_LOCATION: /tmp/cosign.key COSIGN_PWD: ${{ secrets.COSIGN_PWD }} - steps: - name: Checkout uses: actions/checkout@v2 @@ -154,7 +154,6 @@ jobs: ./dist/horusec_windows_arm64/horusec_win_arm64.exe.sig ./dist/horusec_darwin_arm64/horusec_mac_arm64 ./dist/horusec_darwin_arm64/horusec_mac_arm64.sig - ./dist/horusec-standalone_linux_amd64/horusec_linux_amd64_stand_alone ./dist/horusec-standalone_linux_amd64/horusec_linux_amd64_stand_alone.sig ./dist/horusec-standalone_linux_386/horusec_linux_x86_stand_alone diff --git a/.github/workflows/release-beta.yml b/.github/workflows/release-beta.yml index b42607aef..0cecd0b90 100644 --- a/.github/workflows/release-beta.yml +++ b/.github/workflows/release-beta.yml @@ -20,15 +20,16 @@ on: required: true permissions: read-all jobs: - Beta: + ReleaseBeta: permissions: contents: write packages: write + issues: write runs-on: ubuntu-latest env: COSIGN_KEY_LOCATION: /tmp/cosign.key COSIGN_PWD: ${{ secrets.COSIGN_PWD }} - + if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor) steps: - name: Checkout uses: actions/checkout@v2 @@ -82,8 +83,8 @@ jobs: - name: Checkout release branch run: mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }} - - name: Create local tag - run: mage -v createLocalTag ${{ steps.updated-version.outputs.nextBetaVersion }} + - name: Create and push tag + run: mage -v createAndPushTag ${{ steps.updated-version.outputs.nextBetaVersion }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 @@ -95,8 +96,14 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }} GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextBetaVersion }} + GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualBetaVersion }} CURRENT_DATE: ${{ steps.date.outputs.date }} CLI_VERSION: ${{ steps.updated-version.outputs.nextBetaVersion }} - name: Push updates - run: mage -v gitPushAll \ No newline at end of file + if: ${{ success() }} + run: mage -v gitPushAll + + - name: Remove updates + if: ${{ !success() }} + run: mage -v removeTag ${{ steps.updated-version.outputs.nextBetaVersion }} diff --git a/.github/workflows/release-new.yml b/.github/workflows/release-final.yml similarity index 83% rename from .github/workflows/release-new.yml rename to .github/workflows/release-final.yml index febdc24ff..bb48ba165 100644 --- a/.github/workflows/release-new.yml +++ b/.github/workflows/release-final.yml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -name: release-new +name: release-final on: workflow_dispatch: inputs: @@ -20,16 +20,16 @@ on: required: true permissions: read-all jobs: - NewRelease: + ReleaseFinal: permissions: contents: write packages: write + issues: write runs-on: ubuntu-latest env: COSIGN_KEY_LOCATION: /tmp/cosign.key COSIGN_PWD: ${{ secrets.COSIGN_PWD }} - - + if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor) steps: - name: Checkout uses: actions/checkout@v2 @@ -84,8 +84,8 @@ jobs: - name: Checkout release candidate branch run: mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }} - - name: Create local tag - run: mage -v createLocalTag ${{ steps.updated-version.outputs.nextReleaseVersion }} + - name: Create and push tag + run: mage -v createAndPushTag ${{ steps.updated-version.outputs.nextReleaseVersion }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 @@ -97,8 +97,14 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }} GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextReleaseVersion }} + GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualReleaseVersion }} CURRENT_DATE: ${{ steps.date.outputs.date }} CLI_VERSION: ${{ steps.updated-version.outputs.nextReleaseVersion }} - name: Push updates - run: mage -v gitPushAll \ No newline at end of file + if: ${{ success() }} + run: mage -v gitPushAll + + - name: Remove updates + if: ${{ !success() }} + run: mage -v removeTag ${{ steps.updated-version.outputs.nextReleaseVersion }} diff --git a/.github/workflows/release-rc.yml b/.github/workflows/release-rc.yml index a872f2795..33cbd8989 100644 --- a/.github/workflows/release-rc.yml +++ b/.github/workflows/release-rc.yml @@ -20,16 +20,16 @@ on: required: true permissions: read-all jobs: - Rc: + ReleaseRc: permissions: contents: write packages: write + issues: write runs-on: ubuntu-latest env: COSIGN_KEY_LOCATION: /tmp/cosign.key COSIGN_PWD: ${{ secrets.COSIGN_PWD }} - - + if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor) steps: - name: Checkout uses: actions/checkout@v2 @@ -82,9 +82,9 @@ jobs: HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }} - name: Checkout release branch run: mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }} - - - name: Create local tag - run: mage -v createLocalTag ${{ steps.updated-version.outputs.nextRCVersion }} + + - name: Create and push tag + run: mage -v createAndPushTag ${{ steps.updated-version.outputs.nextRCVersion }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 @@ -96,8 +96,14 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }} GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextRCVersion }} + GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualRCVersion }} CURRENT_DATE: ${{ steps.date.outputs.date }} CLI_VERSION: ${{ steps.updated-version.outputs.nextRCVersion }} - name: Push updates - run: mage -v gitPushAll \ No newline at end of file + if: ${{ success() }} + run: mage -v gitPushAll + + - name: Remove updates + if: ${{ !success() }} + run: mage -v removeTag ${{ steps.updated-version.outputs.nextRCVersion }} diff --git a/go.mod b/go.mod index 02abcd518..c9a64caa3 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/ZupIT/horusec go 1.17 require ( - github.com/ZupIT/horusec-devkit v1.0.22 + github.com/ZupIT/horusec-devkit v1.0.23-0.20220221194704-5b84b7847e09 github.com/ZupIT/horusec-engine v1.0.0 github.com/bmatcuk/doublestar/v4 v4.0.2 github.com/briandowns/spinner v1.18.0 @@ -60,14 +60,14 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/stretchr/objx v0.3.0 // indirect github.com/subosito/gotenv v1.2.0 // indirect - golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce // indirect + golang.org/x/crypto v0.0.0-20220213190939-1e6e3497d506 // indirect golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d // indirect golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect google.golang.org/genproto v0.0.0-20220114231437-d2e6a121cae0 // indirect - google.golang.org/grpc v1.43.0 // indirect + google.golang.org/grpc v1.44.0 // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/ini.v1 v1.66.2 // indirect diff --git a/go.sum b/go.sum index 8bd0e12c9..47150f4d8 100644 --- a/go.sum +++ b/go.sum @@ -93,6 +93,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/ZupIT/horusec-devkit v1.0.22 h1:RW7ZzZWEOdFqlCN6ZBYzSg0UMtOnaaZQ95iaLCqn+1g= github.com/ZupIT/horusec-devkit v1.0.22/go.mod h1:QiWTanEkeMikccopaW1ZG/ie74ODZekOUu2i8kgkARo= +github.com/ZupIT/horusec-devkit v1.0.23-0.20220221194704-5b84b7847e09 h1:8rrWXKZj7FC8AcSfe5E0R6AZ79U8dnnxQNIPMlxztWg= +github.com/ZupIT/horusec-devkit v1.0.23-0.20220221194704-5b84b7847e09/go.mod h1:RQxKOwe2GOnSlZSXJykhSqVnzqgw49paoWecPtm+NrE= github.com/ZupIT/horusec-engine v1.0.0 h1:Mu0wrlK1L7n1+nv/vzeDc8AD0HOgavgK8X5N4qHwJSA= github.com/ZupIT/horusec-engine v1.0.0/go.mod h1:UCehiH9hiNYX2jDVdB8Anxv44Rz4BOFTKov2kyPAgK8= github.com/agiledragon/gomonkey/v2 v2.3.1/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY= @@ -993,6 +995,8 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI= golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220213190939-1e6e3497d506 h1:EuGTJDfeg/PGZJp3gq1K+14eSLFTsrj1eg8KQuiUyKg= +golang.org/x/crypto v0.0.0-20220213190939-1e6e3497d506/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1470,6 +1474,8 @@ google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/goreleaser.yml b/goreleaser.yml index af7ff85e1..9f8a0b969 100644 --- a/goreleaser.yml +++ b/goreleaser.yml @@ -30,7 +30,7 @@ builds: goarch: - amd64 - arm64 - - 386 + - "386" binary: horusec_{{ replace (replace .Os "windows" "win") "darwin" "mac" }}_{{ replace .Arch "386" "x86" }} - id: horusec-standalone env: [ CGO_ENABLED=0 ] @@ -48,10 +48,30 @@ builds: goarch: - amd64 - arm64 - - 386 + - "386" binary: horusec_{{ replace (replace .Os "windows" "win") "darwin" "mac" }}_{{ replace .Arch "386" "x86" }}_stand_alone changelog: - skip: true + skip: false + use: github + groups: + - title: 'Features' + regexp: "^.*:(feature|feat)\\s-.*$" + order: 0 + - title: 'Bug fixes' + regexp: "^.*:(bugfix|fix)\\s-.*$" + order: 1 + - title: 'Hotfixes' + regexp: "^.*:hotfix\\s-.*$" + order: 2 + - title: 'Chores' + regexp: "^.*:chore\\s-.*$" + order: 3 + - title: Others + order: 999 + filters: + exclude: + - '^deps:chore.*$' + - '^build(deps):.*$' snapshot: name_template: '{{ incpatch .Tag }}' archives: @@ -80,7 +100,13 @@ archives: checksum: name_template: 'checksums.txt' release: - draft: true + draft: false + mode: append + footer: | + ## Docker images + - `docker pull horuszup/horusec-cli:{{ .Tag }}` + + **Full Changelog**: https://github.com/ZupIT/horusec/compare/{{ .PreviousTag }}...{{ .Tag }} extra_files: - glob: deployments/cosign.pub nfpms: @@ -120,7 +146,7 @@ docker_signs: dockers: - image_templates: - 'horuszup/horusec-cli:{{ .Tag }}-amd64' - skip_push: false + skip_push: "false" goos: linux goarch: amd64 dockerfile: ./deployments/Dockerfile-gorelease-amd64 @@ -136,7 +162,7 @@ dockers: - --tls-verify=false - image_templates: - 'horuszup/horusec-cli:{{ .Tag }}-arm64' - skip_push: false + skip_push: "false" goos: linux goarch: arm64 dockerfile: ./deployments/Dockerfile-gorelease-arm64 diff --git a/internal/services/engines/jvm/rules_test.go b/internal/services/engines/jvm/rules_test.go index 86225c695..80e4cbf0c 100644 --- a/internal/services/engines/jvm/rules_test.go +++ b/internal/services/engines/jvm/rules_test.go @@ -19,6 +19,7 @@ import ( "testing" engine "github.com/ZupIT/horusec-engine" + "github.com/ZupIT/horusec/internal/utils/testutil" )