Merge branch 'master' into yamllint

.github/workflows/docker-goss.yaml

@@ -98,7 +98,7 @@ jobs:
           platforms: ${{ env.PLATFORMS }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: ghcr.io/${{ github.repository_owner }}/goss:master
           format: "sarif"

.github/workflows/docker-integration-tests.yaml

@@ -76,7 +76,7 @@ jobs:
             rocks.goss.dockerfile-md5=${{ steps.md5_result.outputs.md5 }}
 
       - name: Build and push tag
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ${{ matrix.dockerfile }}

.github/workflows/release.yaml

@@ -0,0 +1,51 @@
+name: "Build release artifacts"
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Get version from tag
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+        run: echo "TRAVIS_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
+
+      - run: make release
+      - run: make dgoss-sha256 dcgoss-sha256 kgoss-sha256
+
+      - name: "Upload binary as artifact"
+        uses: actions/upload-artifact@v4
+        with:
+          retention-days: 5
+          if-no-files-found: error
+          name: build
+          path: |
+            release/*
+            extras/*/*goss
+            extras/*/*goss.sha256
+
+  attach-assets:
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+    needs: ["build"]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch all binaries
+        uses: actions/download-artifact@v4
+      - name: Attach to release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: build/**
+          fail_on_unmatched_files: true

.github/workflows/trivy-schedule.yaml

@@ -0,0 +1,27 @@
+name: Trivy Code Scanning
+
+on:
+  schedule:
+    - cron: "0 3 * * 5"
+  workflow_dispatch:
+
+jobs:
+  trivy-scan:
+    name: Trivy scan
+    runs-on: ubuntu-latest
+    permissions:
+      packages: read
+      security-events: write
+
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ghcr.io/${{ github.repository_owner }}/goss:latest
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"

.travis.yml

@@ -2,7 +2,7 @@
 language: go
 
 go:
-  - 1.22.x
+  - 1.23.x
 
 os:
   - osx
@@ -30,31 +30,31 @@ before_install:
 script:
   - ./ci/build.sh
 
-deploy:
-  provider: releases
-  api_key:
-    secure: ijNltjw/mIHIOx8vLZ6asUun3SbY7D+XZbs5NX8vcIv0jvOiwaaT1hqny7SQBHfGZzqHsYUSS/GYAYJdBqKFFfGmTZsl90hFT6D0RGdz9C71UVxNFX4wQ5KQ/WVvdMT2SrLymGvu9TvoU0VG8OWqWVdxSlUPf6qOTGAagrzg+Tbsbb6czeiG67mlBBL23XSlfMG1p45UxzvI41SZj2R3ElUb0hym1CrFaoC36PBGrb0x41TXzvd8J7cu6xDzgczYhnYQQZpS6f2YcqNV1z0f+P67EQqQiDWIIcK2jE/YG+RgM8cbpLMiMec8CDiwNCsejBA5EbVMlGJlODvBXT5NmMBeugueqfSHEfkl5qZTQG4AOAT7UsqbnM7r0NqzmaE5Lj90igvJK6rNsH1ZRe79WfSsTtuzlkkouHGvyoz0M8gnMSzpbbwoyIy+UT0hhPMoZvIpXfr43en5WkbkPKfop0p4Vjc8NGg0iD45q1JAvIVTtz/WvWTknM1P8e3u+TiDTaZkcJJmFaBqgaeLoWktOGfi54p9nhgQnSyBYt4PyvhWDQs7QFmX0BdKlqJCESvUOJTe1t6zJJsV7Gn/3sGCN7JUEwbnXTsCoMjjFFUvQdm0Ur7t7/2xU3kO+dyfqcdM/5SYFeppQcjHI0ckhI51mIoBTsJsGvaVwKKL1I4cyBU=
-  file:
-    - release/goss-darwin-amd64
-    - release/goss-darwin-amd64.sha256
-    - release/goss-darwin-arm64
-    - release/goss-darwin-arm64.sha256
-    - release/goss-linux-amd64
-    - release/goss-linux-amd64.sha256
-    - release/goss-linux-386
-    - release/goss-linux-386.sha256
-    - release/goss-linux-arm
-    - release/goss-linux-arm.sha256
-    - release/goss-linux-arm64
-    - release/goss-linux-arm64.sha256
-    - release/goss-linux-s390x
-    - release/goss-linux-s390x.sha256
-    - release/goss-windows-amd64.exe
-    - release/goss-windows-amd64.exe.sha256
-    - extras/dgoss/dgoss
-    - extras/dgoss/dgoss.sha256
-  skip_cleanup: true
-  on:
-    repo: goss-org/goss
-    tags: true
-    condition: $TRAVIS_OS_NAME = linux
+# deploy:
+#   provider: releases
+#   api_key:
+#     secure: ijNltjw/mIHIOx8vLZ6asUun3SbY7D+XZbs5NX8vcIv0jvOiwaaT1hqny7SQBHfGZzqHsYUSS/GYAYJdBqKFFfGmTZsl90hFT6D0RGdz9C71UVxNFX4wQ5KQ/WVvdMT2SrLymGvu9TvoU0VG8OWqWVdxSlUPf6qOTGAagrzg+Tbsbb6czeiG67mlBBL23XSlfMG1p45UxzvI41SZj2R3ElUb0hym1CrFaoC36PBGrb0x41TXzvd8J7cu6xDzgczYhnYQQZpS6f2YcqNV1z0f+P67EQqQiDWIIcK2jE/YG+RgM8cbpLMiMec8CDiwNCsejBA5EbVMlGJlODvBXT5NmMBeugueqfSHEfkl5qZTQG4AOAT7UsqbnM7r0NqzmaE5Lj90igvJK6rNsH1ZRe79WfSsTtuzlkkouHGvyoz0M8gnMSzpbbwoyIy+UT0hhPMoZvIpXfr43en5WkbkPKfop0p4Vjc8NGg0iD45q1JAvIVTtz/WvWTknM1P8e3u+TiDTaZkcJJmFaBqgaeLoWktOGfi54p9nhgQnSyBYt4PyvhWDQs7QFmX0BdKlqJCESvUOJTe1t6zJJsV7Gn/3sGCN7JUEwbnXTsCoMjjFFUvQdm0Ur7t7/2xU3kO+dyfqcdM/5SYFeppQcjHI0ckhI51mIoBTsJsGvaVwKKL1I4cyBU=
+#   file:
+#     - release/goss-darwin-amd64
+#     - release/goss-darwin-amd64.sha256
+#     - release/goss-darwin-arm64
+#     - release/goss-darwin-arm64.sha256
+#     - release/goss-linux-amd64
+#     - release/goss-linux-amd64.sha256
+#     - release/goss-linux-386
+#     - release/goss-linux-386.sha256
+#     - release/goss-linux-arm
+#     - release/goss-linux-arm.sha256
+#     - release/goss-linux-arm64
+#     - release/goss-linux-arm64.sha256
+#     - release/goss-linux-s390x
+#     - release/goss-linux-s390x.sha256
+#     - release/goss-windows-amd64.exe
+#     - release/goss-windows-amd64.exe.sha256
+#     - extras/dgoss/dgoss
+#     - extras/dgoss/dgoss.sha256
+#   skip_cleanup: true
+#   on:
+#     repo: goss-org/goss
+#     tags: true
+#     condition: $TRAVIS_OS_NAME = linux

Makefile

@@ -11,7 +11,7 @@ DOCS_DEPS := $(VENV)/.docs.dependencies
 
 .PHONY: all build install test release bench fmt lint vet test-int-all gen centos7 wheezy trusty alpine3 arch test-int32 centos7-32 wheezy-32 trusty-32 alpine3-32 arch-32
 
-all: test-short-all test-int-all dgoss-sha256
+all: test-short-all test-int-all dgoss-sha256 dcgoss-sha256 kgoss-sha256
 
 test-short-all: fmt lint vet test
 
@@ -144,6 +144,12 @@ arch: build
 dgoss-sha256:
 	cd extras/dgoss/ && sha256sum dgoss > dgoss.sha256
 
+dcgoss-sha256:
+	cd extras/dcgoss/ && sha256sum dcgoss > dcgoss.sha256
+
+kgoss-sha256:
+	cd extras/kgoss/ && sha256sum kgoss > kgoss.sha256
+
 .PHONY: lint-yaml
 lint-yaml:
 	$(info INFO: Starting $@)

README.md

@@ -315,6 +315,7 @@ Full list of available Json schema validators can be found in <https://json-sche
 <!-- markdownlint-disable line-length -->
 * [goss-ansible](https://github.com/indusbox/goss-ansible) - Ansible module for Goss.
 * [degoss](https://github.com/naftulikay/ansible-role-degoss) - Ansible role for installing, running, and removing Goss in a single go.
+* [ansible-goss-install](https://github.com/marcinpraczko/ansible-goss-install) - Ansible role for installing Goss (option for install as user or root)
 * [kitchen-goss](https://github.com/ahelal/kitchen-goss) - A test-kitchen verifier plugin for Goss.
 * [goss-fpm-files](https://github.com/deanwilson/unixdaemon-fpm-cookery-recipes) - Might be useful for building goss system packages.
 * [packer-provisioner-goss](https://github.com/YaleUniversity/packer-provisioner-goss) - A packer plugin to run Goss as a provision step.

extras/dcgoss/README.md

@@ -10,8 +10,14 @@ containers. It is based on `dgoss`.
 ### Run
 
 Run is used to validate a docker container defined in `docker-compose.yml`. It expects both a `docker-compose.yml`
-and `goss.yaml` file to exist in the directory it was invoked from. Container configuration is used from the
-compose file, for example:
+and `goss.yaml` file to exist in the directory it was invoked from.
+
+If the file `./goss_wait.yaml` exists in the current directory, goss regularly
+checks whether the conditions in the file are met. Only then does goss start the
+actual check with the file `./goss.yaml`. This is used, for example, to wait
+until a certain port is open before executing the tests.
+
+Container configuration is used from the compose file, for example:
 
 **run:**
 

extras/dgoss/README.md

@@ -47,6 +47,12 @@ dgoss run ...
 
 Run is used to validate a container.
 It expects a `./goss.yaml` file to exist in the directory it was invoked from.
+
+If the file `./goss_wait.yaml` exists in the current directory, goss regularly
+checks whether the conditions in the file are met. Only then does goss start the
+actual check with the file `./goss.yaml`. This is used, for example, to wait
+until a certain port is open before executing the tests.
+
 In most cases one can just substitute the runtime command (`docker` or `podman`)
 for the dgoss command, for example:
 
@@ -80,6 +86,21 @@ This allows the user to leverage the `goss add|autoadd` commands to write tests
 
 The following environment variables can be set to change the behavior of dgoss.
 
+#### DEBUG
+
+Enables debug output of `dgoss`.
+
+When running in debug mode, the tmp dir with the container output will not be cleaned up.
+
+Note: Debug output of `dgoss` is from `dgoss` shell script and not debug output of `goss`
+(`dgoss run -e GOSS_LOGLEVEL=DEBUG jenkins:alpine`).
+
+**Default:** empty
+
+**Example:**
+
+`DEBUG=true dgoss run jenkins:alpine`
+
 #### GOSS_PATH
 
 Location of the goss binary to use. (Default: `$(which goss)`)

extras/dgoss/dgoss

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 set -e
+[ "$DEBUG" ] && set -x
 
 USAGE="USAGE: $(basename "$0") [run|edit] <docker_run_params>"
 GOSS_FILES_PATH="${GOSS_FILES_PATH:-.}"
@@ -18,12 +19,20 @@ error() {
 
 cleanup() {
     set +e
+    # There is a chance that the log will not be written completely.
+    # Exit the container and retrieve the last line of logs to ensure
+    # that all logs have been read.
+    info "Stopping container"
+    $CONTAINER_RUNTIME stop --time 1 "$id" > /dev/null 2>&1
+    $CONTAINER_RUNTIME logs --tail 1 "$id" > /dev/null 2>&1
+
     { kill "$log_pid" && wait "$log_pid"; } 2> /dev/null
     if [ -n "$CONTAINER_LOG_OUTPUT" ]; then
+        info "Copying log"
         cp "$tmp_dir/docker_output.log" "$CONTAINER_LOG_OUTPUT"
     fi
-    rm -rf "$tmp_dir"
-    if [[ $id ]];then
+    [ "$DEBUG" ] || rm -rf "$tmp_dir"
+    if [[ $id ]]; then
         info "Deleting container"
         $CONTAINER_RUNTIME rm -vf "$id" > /dev/null
     fi

extras/kgoss/README.md

@@ -99,6 +99,11 @@ To find `goss.yaml` in another directory specify that directory's path in `GOSS_
 The `run` command is used to validate a container. It expects a
 `./goss.yaml` file to exist in the directory it was invoked from.
 
+If the file `./goss_wait.yaml` exists in the current directory, goss regularly
+checks whether the conditions in the file are met. Only then does goss start the
+actual check with the file `./goss.yaml`. This is used, for example, to wait
+until a certain port is open before executing the tests.
+
 **Example:**
 
 `kgoss run -e JENKINS_OPTS="--httpPort=8080 --httpsPort=-1" -e JAVA_OPTS="-Xmx1048m" -i jenkins:alpine`

go.mod

@@ -3,7 +3,7 @@ module github.com/goss-org/goss
 go 1.22
 
 require (
-	github.com/Masterminds/sprig/v3 v3.2.3
+	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/achanda/go-sysctl v0.0.0-20160222034550-6be7678c45d2
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cheekybits/genny v1.0.0
@@ -28,16 +28,16 @@ require (
 )
 
 require (
+	dario.cat/mergo v1.0.1 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.2.1 // indirect
+	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -47,16 +47,15 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
-	golang.org/x/exp v0.0.0-20240716160929-1d5bc16f04a8 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/tools v0.23.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 )