diff --git a/.codeclimate.yml b/.codeclimate.yml deleted file mode 100644 index 9b2d71710..000000000 --- a/.codeclimate.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: "2" -checks: - return-statements: - config: - threshold: 6 -plugins: - gofmt: - enabled: true - govet: - enabled: true - -exclude_patterns: - - "!**/**.go" - - "**/*_test.go" - - "resource/resource_list.go" diff --git a/.github/workflows/docker-goss.yaml b/.github/workflows/docker-goss.yaml new file mode 100644 index 000000000..78e07bdcd --- /dev/null +++ b/.github/workflows/docker-goss.yaml @@ -0,0 +1,98 @@ +name: Docker image for Goss + +on: + push: + branches: + - master + tags: + - "v*" + workflow_dispatch: + +env: + PLATFORMS: "linux/amd64,linux/arm64" + +jobs: + goss: + name: Build and push Docker image + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + security-events: write # To upload Trivy sarif files + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository_owner }}/goss + + - name: Get latest git tag + uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + + - name: Set short git commit SHA + run: | + calculatedSha=$(git rev-parse --short ${{ github.sha }}) + echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV + + - name: Get the current version of Go from project. + run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV + + - name: Build master goss image + if: github.ref_name == 'master' + uses: docker/build-push-action@v5 + with: + build-args: | + GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} + GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }} + context: . + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/goss:master + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + + - name: Build release goss image + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') + uses: docker/build-push-action@v5 + with: + build-args: | + GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} + GOSS_VERSION=${{ github.ref_name }} + context: . + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/goss:latest + ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }} + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ghcr.io/${{ github.repository_owner }}/goss:master + format: "sarif" + output: "trivy-results.sarif" + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: "trivy-results.sarif" diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci.yaml similarity index 64% rename from .github/workflows/golangci-lint.yaml rename to .github/workflows/golangci.yaml index 7bbb5cd9a..dde4b4d41 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci.yaml @@ -6,13 +6,15 @@ on: branches: - master - "/^v\\d+\\.\\d+(\\.\\d+)?(-\\S*)?$/" + paths-ignore: + - "**/*.md" permissions: contents: read pull-requests: read jobs: - golangci: + lint: name: lint runs-on: ubuntu-latest steps: @@ -20,7 +22,20 @@ jobs: - uses: actions/setup-go@v5 with: go-version-file: go.mod + - name: golangci-lint uses: golangci/golangci-lint-action@v6 with: version: v1.59 + + coverage: + name: coverage + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Unit tests and coverage + run: make cov diff --git a/.travis.yml b/.travis.yml index 7d1886919..f18455cba 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,8 +1,4 @@ --- -env: - global: - - secure: IH/xOtRl9rcek+YTz1s2lv2njdV1gob0AY21/kGhqUBH2sdztQ/02CteGz5E0c+LfqoUYQglLsejVCNLXQJI39CyZRzysB1wlVOz7YIPNaOLATtMGg0/8Mb7dpeqAV1u3agIi87q3ims1EkmGE9UGNj/qL75oTXBiozEfkbcsheH3Ju9CcO0i006UlNqAG4T++l1JZ4kPmr1r5eNjRu52oWQrlxaOYpZJGnT3qjxkvxcnI/Pgiem0+2aZ7Yluu0lA7UCFWyORoDRUz4pQR3uDG4ADPG4WcpJ601LDZyWtS7EOXVBgWZX9vV9ZVx63nK5w0W8NN6PQOuz0niN9iwR+FsShrPIsh6P9wVZfGifwXK4g2FL2XMBRuZCsQfrpRY6JbnuyGeMqN53ta95y0Yv4H65UQ7bulr4Lnic4+W52G/fl1VUYX8Bts+ecUydIu+afcDZ6GkpVLEURjaek99uO5ewHH7lfVAOQv4wUP8GFUyLXJumJZHvMzyiAXsTHdUZdm+Ap8EPzWFYYnMxySU39MEkIvhfG47X6sA7zAppuoNwd8vU4ZaxSdsme2InUSalETGJZ7ohL+M/tkTMyuyq8uLMRuwscNdgcCjGaHM19NQMrv4nsPmmzTeiDRoFk2wad07Mgsjy07esxw52rs3zAsa37+h74GYFWYo523AiYjw= - language: go go: @@ -31,18 +27,9 @@ before_install: # bash from macOS is too old to have readarray. Install newer version. - if [[ "${TRAVIS_OS_NAME}" == "osx" ]]; then HOMEBREW_NO_AUTO_UPDATE=1 brew install bash; fi -install: - - ./ci/install.sh - -before_script: - - ./ci/before-build.sh - script: - ./ci/build.sh -after_script: - - ./ci/after-build.sh - deploy: provider: releases api_key: diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..93a143a3d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +ARG GO_VERSION=1.21 + +FROM docker.io/golang:${GO_VERSION}-alpine AS base + +ARG GOSS_VERSION=v0.0.0 +WORKDIR /build + +RUN --mount=target=. \ + CGO_ENABLED=0 go build \ + -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \ + -o "/release/goss" \ + ./cmd/goss + +FROM alpine:3.19 + +COPY --from=base /release/* /usr/bin/ + +RUN mkdir /goss +VOLUME /goss diff --git a/README.md b/README.md index 02ede20cb..cc5d40434 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ asciicast -**Note:** For testing docker containers see the [dgoss](https://github.com/goss-org/goss/tree/master/extras/dgoss) wrapper. +**Note:** For testing containers see the [dgoss](https://github.com/goss-org/goss/tree/master/extras/dgoss) wrapper. Also, user submitted wrapper scripts for Kubernetes [kgoss](https://github.com/goss-org/goss/tree/master/extras/kgoss) and Docker Compose [dcgoss](https://github.com/goss-org/goss/tree/master/extras/dcgoss). @@ -95,6 +95,10 @@ make build [Full Documentation](https://github.com/goss-org/goss/blob/e73553f9c3065ac297499dafb4f8abef6acb24ad/docs/manual.md) +## Using the container image + +[Using the Goss container image](docs/container_image.md) + ## Quick start diff --git a/ci/after-build.sh b/ci/after-build.sh deleted file mode 100755 index 8970a6375..000000000 --- a/ci/after-build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -os_name="$(go env GOOS)" - -if [[ "${os_name}" != "windows" ]]; then - ./cc-test-reporter after-build --exit-code "${TRAVIS_TEST_RESULT}" -d -fi diff --git a/ci/before-build.sh b/ci/before-build.sh deleted file mode 100755 index 0c5475d4f..000000000 --- a/ci/before-build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -os_name="$(go env GOOS)" - -if [[ "${os_name}" != "windows" ]]; then - ./cc-test-reporter before-build -fi diff --git a/ci/install.sh b/ci/install.sh deleted file mode 100755 index 8dea0dab3..000000000 --- a/ci/install.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -os_name="$(go env GOOS)" - -go get -u golang.org/x/lint/golint - -if [[ "${os_name}" != "windows" ]]; then - curl -L "https://codeclimate.com/downloads/test-reporter/test-reporter-latest-${os_name}-amd64" > "./cc-test-reporter" - chmod +x "./cc-test-reporter" -fi diff --git a/docs/.pages b/docs/.pages index 67373453b..bed10fe4c 100644 --- a/docs/.pages +++ b/docs/.pages @@ -2,6 +2,7 @@ nav: - Home: index.md - installation.md - quickstart.md + - container_image.md - Command Reference: cli.md - The gossfile: gossfile.md - migrations.md diff --git a/docs/container_image.md b/docs/container_image.md new file mode 100644 index 000000000..ba12d30f7 --- /dev/null +++ b/docs/container_image.md @@ -0,0 +1,53 @@ +# Goss container image + +## Dockerfiles + +* [latest](https://github.com/goss-org/goss/blob/master/Dockerfile) + +## Using the base image + +This is a simple alpine image with Goss preinstalled on it. +Can be used as a base image for your projects to allow for easy health checking. + +### Mount example + +Create the container + +```sh +docker run --name goss ghcr.io/goss-org/goss goss +``` + +Create your container and mount goss + +```sh +docker run --rm -it --volumes-from goss --name weby nginx +``` + +Run goss inside your container + +```sh +docker exec weby /goss/goss autoadd nginx +``` + +### HEALTHCHECK example + +```dockerfile +FROM ghcr.io/goss-org/goss:latest + +COPY goss/ /goss/ +HEALTHCHECK --interval=1s --timeout=6s CMD goss -g /goss/goss.yaml validate + +# your stuff.. +``` + +### Startup delay example + +```dockerfile +FROM ghcr.io/goss-org/goss:latest + +COPY goss/ /goss/ + +# Alternatively, the -r option can be set +# using the GOSS_RETRY_TIMEOUT env variable +CMD goss -g /goss/goss.yaml validate -r 5m && exec real_comand.. +``` diff --git a/extras/dgoss/README.md b/extras/dgoss/README.md index ff88ed473..ebe7fd3fd 100644 --- a/extras/dgoss/README.md +++ b/extras/dgoss/README.md @@ -1,6 +1,6 @@ # dgoss -dgoss is a convenience wrapper around goss that aims to bring the simplicity of goss to docker containers. +dgoss is a convenience wrapper around goss that aims to bring the simplicity of goss to containers. ## Examples and Tutorials @@ -8,7 +8,7 @@ dgoss is a convenience wrapper around goss that aims to bring the simplicity of Introduction to dgoss tutorial * [video tutorial](https://youtu.be/PEHz5EnZ-FM) - Same as above, but in video format * [dgoss-examples](https://github.com/aelsabbahy/dgoss-examples) - Repo containing examples of using dgoss to validate -docker images +container images ## Installation @@ -45,9 +45,10 @@ dgoss run ... ### Run -Run is used to validate a docker container. +Run is used to validate a container. It expects a `./goss.yaml` file to exist in the directory it was invoked from. -In most cases one can just substitute the docker command for the dgoss command, for example: +In most cases one can just substitute the runtime command (`docker` or `podman`) +for the dgoss command, for example: **run:** @@ -61,13 +62,13 @@ In most cases one can just substitute the docker command for the dgoss command, * Run the container with the flags you specified. * Stream the containers log output into the container as `/goss/docker_output.log` - * This allows writing tests or waits against the docker output + * This allows writing tests or waits against the container output * (optional) Run `goss` with `$GOSS_WAIT_OPTS` if `./goss_wait.yaml` file exists in the current dir * Run `goss` with `$GOSS_OPTS` using `./goss.yaml` ### Edit -Edit will launch a docker container, install goss, and drop the user into an interactive shell. +Edit will launch a container, install goss, and drop the user into an interactive shell. Once the user quits the interactive shell, any `goss.yaml` or `goss_wait.yaml` are copied out into the current directory. This allows the user to leverage the `goss add|autoadd` commands to write tests as they would on a regular machine. @@ -117,18 +118,18 @@ directory `DGOSS_TEMP_DIR`. (Default: `''`) #### GOSS_VARS The name of the variables file relative to `GOSS_FILES_PATH` to copy into the -docker container and use for valiation (i.e. `dgoss run`) and copy out of the -docker container when writing tests (i.e. `dgoss edit`). If set, the +container and use for valiation (i.e. `dgoss run`) and copy out of the +container when writing tests (i.e. `dgoss edit`). If set, the `--vars` flag is passed to `goss validate` commands inside the container. If unset (or empty), the `--vars` flag is omitted, which is the normal behavior. (Default: `''`). #### GOSS_FILES_STRATEGY -Strategy used for copying goss files into the docker container. If set to `'mount'` a volume with goss files is mounted +Strategy used for copying goss files into the container. If set to `'mount'` a volume with goss files is mounted and log output is streamed into the container as `/goss/docker_output.log` file. Other strategy is `'cp'` which uses -`'docker cp'` command to copy goss files into docker container. With the `'cp'` strategy you lose the ability to write -tests or waits against the docker output. The `'cp'` strategy is required especially when docker daemon is not on the +`'docker cp'` command to copy goss files into container. With the `'cp'` strategy you lose the ability to write +tests or waits against the container output. The `'cp'` strategy is required especially when container daemon is not on the local machine. (Default `'mount'`) diff --git a/extras/kgoss/README.md b/extras/kgoss/README.md index daf14d34b..eb9f14d47 100644 --- a/extras/kgoss/README.md +++ b/extras/kgoss/README.md @@ -96,7 +96,7 @@ To find `goss.yaml` in another directory specify that directory's path in `GOSS_ ### Run -The `run` command is used to validate a docker container. It expects a +The `run` command is used to validate a container. It expects a `./goss.yaml` file to exist in the directory it was invoked from. **Example:** @@ -111,7 +111,7 @@ The `run` command is used to validate a docker container. It expects a ### Edit -Edit will launch a docker container, install goss, and drop the user into an +Edit will launch a container, install goss, and drop the user into an interactive shell. Once the user quits the interactive shell, any `goss.yaml` or `goss_wait.yaml` are copied out into the current directory. This allows the user to leverage the `goss add|autoadd` commands to write tests as they would diff --git a/integration-tests/Dockerfile_alpine3.md5 b/integration-tests/Dockerfile_alpine3.md5 index 0526fed52..f4bdce743 100644 --- a/integration-tests/Dockerfile_alpine3.md5 +++ b/integration-tests/Dockerfile_alpine3.md5 @@ -1 +1 @@ -f2b97c4629a92aa7f9b378b49f6e1b42 Dockerfile_alpine3 +f9c8c187e94693c4625a8c8d01fae3bf Dockerfile_alpine3 diff --git a/integration-tests/Dockerfile_trusty.md5 b/integration-tests/Dockerfile_trusty.md5 index 7e049058a..5a2c288f6 100644 --- a/integration-tests/Dockerfile_trusty.md5 +++ b/integration-tests/Dockerfile_trusty.md5 @@ -1 +1 @@ -5117819dc7907aa1100e2ff0f2edb68f Dockerfile_trusty +ac8c8df3415c0eecdbedc322480e696e Dockerfile_trusty diff --git a/mkdocs.yml b/mkdocs.yml index b9fa16895..7156db5e6 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -87,8 +87,6 @@ extra: social: - icon: fontawesome/brands/github link: https://github.com/goss-org/goss - - icon: simple/codeclimate - link: https://codeclimate.com/github/aelsabbahy/goss - icon: simple/travisci link: https://travis-ci.org/goss-org/goss - icon: fontawesome/brands/medium