Merge branch 'master' into update_debian

.github/workflows/docker-goss.yaml

@@ -45,20 +45,32 @@ jobs:
             ghcr.io/${{ github.repository_owner }}/goss
 
       - name: Get latest git tag
-        uses: actions-ecosystem/action-get-latest-tag@v1
+        if: github.ref_name == 'master'
         id: get-latest-tag
+        run: |
+          # source: https://github.com/actions-ecosystem/action-get-latest-tag/blob/main/entrypoint.sh
+          set -e
+          git config --global --add safe.directory /github/workspace
+          git fetch --tags --force
+          # This suppress an error occurred when the repository is a complete one.
+          git fetch --prune --unshallow 2>/dev/null || true
+          latest_tag=$(git describe --abbrev=0 --tags || true)
+          echo "tag=${latest_tag}" >> "$GITHUB_OUTPUT"
+          echo "Latest tag: $latest_tag"
 
       - name: Set short git commit SHA
+        if: github.ref_name == 'master'
         run: |
           calculatedSha=$(git rev-parse --short ${{ github.sha }})
           echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
+          echo "COMMIT_SHORT_SHA: $calculatedSha"
 
       - name: Get the current version of Go from project.
         run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV
 
       - name: Build master goss image
         if: github.ref_name == 'master'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           build-args: |
             GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
@@ -72,7 +84,7 @@ jobs:
 
       - name: Build release goss image
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           build-args: |
             GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
@@ -86,7 +98,7 @@ jobs:
           platforms: ${{ env.PLATFORMS }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: ghcr.io/${{ github.repository_owner }}/goss:master
           format: "sarif"

.github/workflows/docker-integration-tests.yaml

@@ -0,0 +1,87 @@
+name: Docker images for integration tests
+
+on:
+#  push:
+#    branches:
+#      - master
+  workflow_dispatch:
+
+env:
+  PLATFORMS: "linux/amd64"
+
+jobs:
+  list-dockerfiles:
+    name: Create list of existing dockerfiles
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Get file list
+        id: set-matrix
+        run: |
+          # lists all Dockerfile_* and ignore (grep) files with extension (e.g. *.md5)
+          # tranforms the file list in JSON array (StackOverflow#10234327)
+          # converts the list into objects of dockerfile and image name
+          ls integration-tests/Dockerfile_* |
+            grep -Ev "\..{0,3}$" |
+            jq -R -s 'split("\n")[:-1]' |
+            jq '. | map({dockerfile: ., image: sub(".*_"; "")})' > filelist.json
+          echo "matrix=$(jq -c . filelist.json)" >> "$GITHUB_OUTPUT"
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+
+  docker:
+    needs: [list-dockerfiles]
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{ fromJson(needs.list-dockerfiles.outputs.matrix) }}
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: MD5 of Dockerfile
+        id: md5_result
+        run: |
+          echo "md5=$(md5sum "${{ matrix.dockerfile }}" | awk '{ print $1 }')" >> $GITHUB_OUTPUT
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}
+          labels: |
+            rocks.goss.dockerfile-md5=${{ steps.md5_result.outputs.md5 }}
+
+      - name: Build and push tag
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}:latest
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}

.github/workflows/golangci.yaml

@@ -41,15 +41,27 @@ jobs:
       - name: Unit tests and coverage
         run: make cov
 
-  integartion-test:
+  integration-test:
     needs: [coverage]
     name: Integration tests
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
 
       - name: Integration tests
-        run: make test-int-all
+        shell: bash
+        run: |
+          os_name="$(go env GOOS)"
+          if [[ "${os_name}" == "darwin" || "${os_name}" == "windows" ]]; then
+            make "test-int-${os_name}-all"
+          else
+            # linux runs all tests;
+            make test-int-all
+          fi

.github/workflows/release.yaml

@@ -0,0 +1,51 @@
+name: "Build release artifacts"
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Get version from tag
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+        run: echo "TRAVIS_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
+
+      - run: make release
+      - run: make dgoss-sha256 dcgoss-sha256 kgoss-sha256
+
+      - name: "Upload binary as artifact"
+        uses: actions/upload-artifact@v4
+        with:
+          retention-days: 5
+          if-no-files-found: error
+          name: build
+          path: |
+            release/*
+            extras/*/*goss
+            extras/*/*goss.sha256
+
+  attach-assets:
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+    needs: ["build"]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch all binaries
+        uses: actions/download-artifact@v4
+      - name: Attach to release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: build/**
+          fail_on_unmatched_files: true

.github/workflows/trivy-schedule.yaml

@@ -0,0 +1,27 @@
+name: Trivy Code Scanning
+
+on:
+  schedule:
+    - cron: "0 3 * * 5"
+  workflow_dispatch:
+
+jobs:
+  trivy-scan:
+    name: Trivy scan
+    runs-on: ubuntu-latest
+    permissions:
+      packages: read
+      security-events: write
+
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: ghcr.io/${{ github.repository_owner }}/goss:latest
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"

.travis.yml

@@ -2,7 +2,7 @@
 language: go
 
 go:
-  - 1.21.x
+  - 1.23.x
 
 os:
   - osx
@@ -30,31 +30,31 @@ before_install:
 script:
   - ./ci/build.sh
 
-deploy:
-  provider: releases
-  api_key:
-    secure: ijNltjw/mIHIOx8vLZ6asUun3SbY7D+XZbs5NX8vcIv0jvOiwaaT1hqny7SQBHfGZzqHsYUSS/GYAYJdBqKFFfGmTZsl90hFT6D0RGdz9C71UVxNFX4wQ5KQ/WVvdMT2SrLymGvu9TvoU0VG8OWqWVdxSlUPf6qOTGAagrzg+Tbsbb6czeiG67mlBBL23XSlfMG1p45UxzvI41SZj2R3ElUb0hym1CrFaoC36PBGrb0x41TXzvd8J7cu6xDzgczYhnYQQZpS6f2YcqNV1z0f+P67EQqQiDWIIcK2jE/YG+RgM8cbpLMiMec8CDiwNCsejBA5EbVMlGJlODvBXT5NmMBeugueqfSHEfkl5qZTQG4AOAT7UsqbnM7r0NqzmaE5Lj90igvJK6rNsH1ZRe79WfSsTtuzlkkouHGvyoz0M8gnMSzpbbwoyIy+UT0hhPMoZvIpXfr43en5WkbkPKfop0p4Vjc8NGg0iD45q1JAvIVTtz/WvWTknM1P8e3u+TiDTaZkcJJmFaBqgaeLoWktOGfi54p9nhgQnSyBYt4PyvhWDQs7QFmX0BdKlqJCESvUOJTe1t6zJJsV7Gn/3sGCN7JUEwbnXTsCoMjjFFUvQdm0Ur7t7/2xU3kO+dyfqcdM/5SYFeppQcjHI0ckhI51mIoBTsJsGvaVwKKL1I4cyBU=
-  file:
-    - release/goss-darwin-amd64
-    - release/goss-darwin-amd64.sha256
-    - release/goss-darwin-arm64
-    - release/goss-darwin-arm64.sha256
-    - release/goss-linux-amd64
-    - release/goss-linux-amd64.sha256
-    - release/goss-linux-386
-    - release/goss-linux-386.sha256
-    - release/goss-linux-arm
-    - release/goss-linux-arm.sha256
-    - release/goss-linux-arm64
-    - release/goss-linux-arm64.sha256
-    - release/goss-linux-s390x
-    - release/goss-linux-s390x.sha256
-    - release/goss-windows-amd64.exe
-    - release/goss-windows-amd64.exe.sha256
-    - extras/dgoss/dgoss
-    - extras/dgoss/dgoss.sha256
-  skip_cleanup: true
-  on:
-    repo: goss-org/goss
-    tags: true
-    condition: $TRAVIS_OS_NAME = linux
+# deploy:
+#   provider: releases
+#   api_key:
+#     secure: ijNltjw/mIHIOx8vLZ6asUun3SbY7D+XZbs5NX8vcIv0jvOiwaaT1hqny7SQBHfGZzqHsYUSS/GYAYJdBqKFFfGmTZsl90hFT6D0RGdz9C71UVxNFX4wQ5KQ/WVvdMT2SrLymGvu9TvoU0VG8OWqWVdxSlUPf6qOTGAagrzg+Tbsbb6czeiG67mlBBL23XSlfMG1p45UxzvI41SZj2R3ElUb0hym1CrFaoC36PBGrb0x41TXzvd8J7cu6xDzgczYhnYQQZpS6f2YcqNV1z0f+P67EQqQiDWIIcK2jE/YG+RgM8cbpLMiMec8CDiwNCsejBA5EbVMlGJlODvBXT5NmMBeugueqfSHEfkl5qZTQG4AOAT7UsqbnM7r0NqzmaE5Lj90igvJK6rNsH1ZRe79WfSsTtuzlkkouHGvyoz0M8gnMSzpbbwoyIy+UT0hhPMoZvIpXfr43en5WkbkPKfop0p4Vjc8NGg0iD45q1JAvIVTtz/WvWTknM1P8e3u+TiDTaZkcJJmFaBqgaeLoWktOGfi54p9nhgQnSyBYt4PyvhWDQs7QFmX0BdKlqJCESvUOJTe1t6zJJsV7Gn/3sGCN7JUEwbnXTsCoMjjFFUvQdm0Ur7t7/2xU3kO+dyfqcdM/5SYFeppQcjHI0ckhI51mIoBTsJsGvaVwKKL1I4cyBU=
+#   file:
+#     - release/goss-darwin-amd64
+#     - release/goss-darwin-amd64.sha256
+#     - release/goss-darwin-arm64
+#     - release/goss-darwin-arm64.sha256
+#     - release/goss-linux-amd64
+#     - release/goss-linux-amd64.sha256
+#     - release/goss-linux-386
+#     - release/goss-linux-386.sha256
+#     - release/goss-linux-arm
+#     - release/goss-linux-arm.sha256
+#     - release/goss-linux-arm64
+#     - release/goss-linux-arm64.sha256
+#     - release/goss-linux-s390x
+#     - release/goss-linux-s390x.sha256
+#     - release/goss-windows-amd64.exe
+#     - release/goss-windows-amd64.exe.sha256
+#     - extras/dgoss/dgoss
+#     - extras/dgoss/dgoss.sha256
+#   skip_cleanup: true
+#   on:
+#     repo: goss-org/goss
+#     tags: true
+#     condition: $TRAVIS_OS_NAME = linux

Dockerfile

@@ -1,19 +1,19 @@
-ARG GO_VERSION=1.21
-
-FROM docker.io/golang:${GO_VERSION}-alpine AS base
-
-ARG GOSS_VERSION=v0.0.0
-WORKDIR /build
-
-RUN --mount=target=. \
-    CGO_ENABLED=0 go build \
-    -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \
-    -o "/release/goss" \
-    ./cmd/goss
-
-FROM alpine:3.19
-
-COPY --from=base /release/* /usr/bin/
-
-RUN mkdir /goss
-VOLUME /goss
+ARG GO_VERSION=1.22
+
+FROM docker.io/golang:${GO_VERSION}-alpine AS base
+
+ARG GOSS_VERSION=v0.0.0
+WORKDIR /build
+
+RUN --mount=target=. \
+    CGO_ENABLED=0 go build \
+    -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \
+    -o "/release/goss" \
+    ./cmd/goss
+
+FROM alpine:3.19
+
+COPY --from=base /release/* /usr/bin/
+
+RUN mkdir /goss
+VOLUME /goss

Makefile

@@ -11,7 +11,7 @@ DOCS_DEPS := $(VENV)/.docs.dependencies
 
 .PHONY: all build install test release bench fmt lint vet test-int-all gen centos7 wheezy trusty alpine3 arch test-int32 centos7-32 wheezy-32 trusty-32 alpine3-32 arch-32
 
-all: test-short-all test-int-all dgoss-sha256
+all: test-short-all test-int-all dgoss-sha256 dcgoss-sha256 kgoss-sha256
 
 test-short-all: fmt lint vet test
 
@@ -152,6 +152,12 @@ arch: build
 dgoss-sha256:
 	cd extras/dgoss/ && sha256sum dgoss > dgoss.sha256
 
+dcgoss-sha256:
+	cd extras/dcgoss/ && sha256sum dcgoss > dcgoss.sha256
+
+kgoss-sha256:
+	cd extras/kgoss/ && sha256sum kgoss > kgoss.sha256
+
 $(PYTHON):
 	$(info Creating virtualenv in $(VENV))
 	@python -m venv $(VENV)