Merge branch 'master' into update_debian

.github/workflows/docker-goss.yaml

@@ -0,0 +1,98 @@
+name: Docker image for Goss
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  PLATFORMS: "linux/amd64,linux/arm64"
+
+jobs:
+  goss:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      security-events: write # To upload Trivy sarif files
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/goss
+
+      - name: Get latest git tag
+        uses: actions-ecosystem/action-get-latest-tag@v1
+        id: get-latest-tag
+
+      - name: Set short git commit SHA
+        run: |
+          calculatedSha=$(git rev-parse --short ${{ github.sha }})
+          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
+
+      - name: Get the current version of Go from project.
+        run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV
+
+      - name: Build master goss image
+        if: github.ref_name == 'master'
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:master
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Build release goss image
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ github.ref_name }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:latest
+            ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ghcr.io/${{ github.repository_owner }}/goss:master
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"

.github/workflows/golangci-lint.yaml → .github/workflows/golangci.yaml

@@ -6,21 +6,36 @@ on:
     branches:
       - master
       - "/^v\\d+\\.\\d+(\\.\\d+)?(-\\S*)?$/"
+    paths-ignore:
+      - "**/*.md"
 
 permissions:
   contents: read
   pull-requests: read
 
 jobs:
-  golangci:
+  lint:
     name: lint
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
+
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
           version: v1.59
+
+  coverage:
+    name: coverage
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Unit tests and coverage
+        run: make cov

.travis.yml

@@ -1,8 +1,4 @@
 ---
-env:
-  global:
-    - secure: IH/xOtRl9rcek+YTz1s2lv2njdV1gob0AY21/kGhqUBH2sdztQ/02CteGz5E0c+LfqoUYQglLsejVCNLXQJI39CyZRzysB1wlVOz7YIPNaOLATtMGg0/8Mb7dpeqAV1u3agIi87q3ims1EkmGE9UGNj/qL75oTXBiozEfkbcsheH3Ju9CcO0i006UlNqAG4T++l1JZ4kPmr1r5eNjRu52oWQrlxaOYpZJGnT3qjxkvxcnI/Pgiem0+2aZ7Yluu0lA7UCFWyORoDRUz4pQR3uDG4ADPG4WcpJ601LDZyWtS7EOXVBgWZX9vV9ZVx63nK5w0W8NN6PQOuz0niN9iwR+FsShrPIsh6P9wVZfGifwXK4g2FL2XMBRuZCsQfrpRY6JbnuyGeMqN53ta95y0Yv4H65UQ7bulr4Lnic4+W52G/fl1VUYX8Bts+ecUydIu+afcDZ6GkpVLEURjaek99uO5ewHH7lfVAOQv4wUP8GFUyLXJumJZHvMzyiAXsTHdUZdm+Ap8EPzWFYYnMxySU39MEkIvhfG47X6sA7zAppuoNwd8vU4ZaxSdsme2InUSalETGJZ7ohL+M/tkTMyuyq8uLMRuwscNdgcCjGaHM19NQMrv4nsPmmzTeiDRoFk2wad07Mgsjy07esxw52rs3zAsa37+h74GYFWYo523AiYjw=
-
 language: go
 
 go:
@@ -31,18 +27,9 @@ before_install:
   # bash from macOS is too old to have readarray. Install newer version.
   - if [[ "${TRAVIS_OS_NAME}" == "osx" ]]; then HOMEBREW_NO_AUTO_UPDATE=1 brew install bash; fi
 
-install:
-  - ./ci/install.sh
-
-before_script:
-  - ./ci/before-build.sh
-
 script:
   - ./ci/build.sh
 
-after_script:
-  - ./ci/after-build.sh
-
 deploy:
   provider: releases
   api_key:

Dockerfile

@@ -0,0 +1,19 @@
+ARG GO_VERSION=1.21
+
+FROM docker.io/golang:${GO_VERSION}-alpine AS base
+
+ARG GOSS_VERSION=v0.0.0
+WORKDIR /build
+
+RUN --mount=target=. \
+    CGO_ENABLED=0 go build \
+    -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \
+    -o "/release/goss" \
+    ./cmd/goss
+
+FROM alpine:3.19
+
+COPY --from=base /release/* /usr/bin/
+
+RUN mkdir /goss
+VOLUME /goss

README.md

@@ -14,7 +14,7 @@
 <a href="https://asciinema.org/a/4suhr8p42qcn6r7crfzt6cc3e?autoplay=1" target="_blank"><img src="https://cloud.githubusercontent.com/assets/6783261/17330426/ce7ad066-5894-11e6-84ea-29fd4207af58.gif" alt="asciicast"></a>
 <!-- markdownlint-enable line-length no-inline-html -->
 
-**Note:** For testing docker containers see the [dgoss](https://github.com/goss-org/goss/tree/master/extras/dgoss) wrapper.
+**Note:** For testing containers see the [dgoss](https://github.com/goss-org/goss/tree/master/extras/dgoss) wrapper.
 Also, user submitted wrapper scripts for Kubernetes [kgoss](https://github.com/goss-org/goss/tree/master/extras/kgoss)
 and Docker Compose [dcgoss](https://github.com/goss-org/goss/tree/master/extras/dcgoss).
 
@@ -95,6 +95,10 @@ make build
 
 [Full Documentation](https://github.com/goss-org/goss/blob/e73553f9c3065ac297499dafb4f8abef6acb24ad/docs/manual.md)
 
+## Using the container image
+
+[Using the Goss container image](docs/container_image.md)
+
 ## Quick start
 
 <!-- --8<-- [start:quickstart] -->

docs/.pages

@@ -2,6 +2,7 @@ nav:
   - Home: index.md
   - installation.md
   - quickstart.md
+  - container_image.md
   - Command Reference: cli.md
   - The gossfile: gossfile.md
   - migrations.md

docs/container_image.md

@@ -0,0 +1,53 @@
+# Goss container image
+
+## Dockerfiles
+
+* [latest](https://github.com/goss-org/goss/blob/master/Dockerfile)
+
+## Using the base image
+
+This is a simple alpine image with Goss preinstalled on it.
+Can be used as a base image for your projects to allow for easy health checking.
+
+### Mount example
+
+Create the container
+
+```sh
+docker run --name goss ghcr.io/goss-org/goss goss
+```
+
+Create your container and mount goss
+
+```sh
+docker run --rm -it --volumes-from goss --name weby nginx
+```
+
+Run goss inside your container
+
+```sh
+docker exec weby /goss/goss autoadd nginx
+```
+
+### HEALTHCHECK example
+
+```dockerfile
+FROM ghcr.io/goss-org/goss:latest
+
+COPY goss/ /goss/
+HEALTHCHECK --interval=1s --timeout=6s CMD goss -g /goss/goss.yaml validate
+
+# your stuff..
+```
+
+### Startup delay example
+
+```dockerfile
+FROM ghcr.io/goss-org/goss:latest
+
+COPY goss/ /goss/
+
+# Alternatively, the -r option can be set
+# using the GOSS_RETRY_TIMEOUT env variable
+CMD goss -g /goss/goss.yaml validate -r 5m && exec real_comand..
+```

extras/dgoss/README.md

@@ -1,14 +1,14 @@
 # dgoss
 
-dgoss is a convenience wrapper around goss that aims to bring the simplicity of goss to docker containers.
+dgoss is a convenience wrapper around goss that aims to bring the simplicity of goss to containers.
 
 ## Examples and Tutorials
 
 * [blog tutorial](https://medium.com/@aelsabbahy/tutorial-how-to-test-your-docker-image-in-half-a-second-bbd13e06a4a9) -
 Introduction to dgoss tutorial
 * [video tutorial](https://youtu.be/PEHz5EnZ-FM) - Same as above, but in video format
 * [dgoss-examples](https://github.com/aelsabbahy/dgoss-examples) - Repo containing examples of using dgoss to validate
-docker images
+container images
 
 ## Installation
 
@@ -45,9 +45,10 @@ dgoss run ...
 
 ### Run
 
-Run is used to validate a docker container.
+Run is used to validate a container.
 It expects a `./goss.yaml` file to exist in the directory it was invoked from.
-In most cases one can just substitute the docker command for the dgoss command, for example:
+In most cases one can just substitute the runtime command (`docker` or `podman`)
+for the dgoss command, for example:
 
 **run:**
 
@@ -61,13 +62,13 @@ In most cases one can just substitute the docker command for the dgoss command,
 
 * Run the container with the flags you specified.
 * Stream the containers log output into the container as `/goss/docker_output.log`
-    * This allows writing tests or waits against the docker output
+    * This allows writing tests or waits against the container output
 * (optional) Run `goss` with `$GOSS_WAIT_OPTS` if `./goss_wait.yaml` file exists in the current dir
 * Run `goss` with `$GOSS_OPTS` using `./goss.yaml`
 
 ### Edit
 
-Edit will launch a docker container, install goss, and drop the user into an interactive shell.
+Edit will launch a container, install goss, and drop the user into an interactive shell.
 Once the user quits the interactive shell, any `goss.yaml` or `goss_wait.yaml` are copied out into the current directory.
 This allows the user to leverage the `goss add|autoadd` commands to write tests as they would on a regular machine.
 
@@ -117,18 +118,18 @@ directory `DGOSS_TEMP_DIR`. (Default: `''`)
 #### GOSS_VARS
 
 The name of the variables file relative to `GOSS_FILES_PATH` to copy into the
-docker container and use for valiation (i.e. `dgoss run`) and copy out of the
-docker container when writing tests (i.e. `dgoss edit`). If set, the
+container and use for valiation (i.e. `dgoss run`) and copy out of the
+container when writing tests (i.e. `dgoss edit`). If set, the
 `--vars` flag is passed to `goss validate` commands inside the container.
 If unset (or empty), the `--vars` flag is omitted, which is the normal behavior.
 (Default: `''`).
 
 #### GOSS_FILES_STRATEGY
 
-Strategy used for copying goss files into the docker container. If set to `'mount'` a volume with goss files is mounted
+Strategy used for copying goss files into the container. If set to `'mount'` a volume with goss files is mounted
 and log output is streamed into the container as `/goss/docker_output.log` file. Other strategy is `'cp'` which uses
-`'docker cp'` command to copy goss files into docker container. With the `'cp'` strategy you lose the ability to write
-tests or waits against the docker output. The `'cp'` strategy is required especially when docker daemon is not on the
+`'docker cp'` command to copy goss files into container. With the `'cp'` strategy you lose the ability to write
+tests or waits against the container output. The `'cp'` strategy is required especially when container daemon is not on the
 local machine.
 (Default `'mount'`)