Merge branch 'master' into bump_ubuntu

.github/dependabot.yml

@@ -13,3 +13,14 @@ updates:
       - "aelsabbahy"
     open-pull-requests-limit: 0
 
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "saturday"
+
+  - package-ecosystem: "pip"
+    directory: "/docs"
+    schedule:
+      interval: "weekly"
+      day: "saturday"

.github/workflows/docker-goss.yaml

@@ -0,0 +1,98 @@
+name: Docker image for Goss
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  PLATFORMS: "linux/amd64,linux/arm64"
+
+jobs:
+  goss:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      security-events: write # To upload Trivy sarif files
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/goss
+
+      - name: Get latest git tag
+        uses: actions-ecosystem/action-get-latest-tag@v1
+        id: get-latest-tag
+
+      - name: Set short git commit SHA
+        run: |
+          calculatedSha=$(git rev-parse --short ${{ github.sha }})
+          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
+
+      - name: Get the current version of Go from project.
+        run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV
+
+      - name: Build master goss image
+        if: github.ref_name == 'master'
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:master
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Build release goss image
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ github.ref_name }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:latest
+            ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ghcr.io/${{ github.repository_owner }}/goss:master
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"

.github/workflows/docs.yaml

@@ -7,7 +7,7 @@ on:
   pull_request:
     paths:
       - mkdocs.yml
-      - docs/
+      - docs/**
       - README.md
       - LICENSE
       - extras/**/README.md
@@ -20,28 +20,31 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: DavidAnson/markdownlint-cli2-action@v13
+      - uses: DavidAnson/markdownlint-cli2-action@v16
         with:
           globs: |
             docs/**/*.md
+            README.md
+            extras/**/README.md
+            .github/CONTRIBUTING.md
 
   build:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
-          python-version: "3.11"
+          python-version: "3.12"
           cache: 'pip'
       - name: Install dependencies
         run: |
           pip install --upgrade pip
-          pip install --requirement docs/requirements.pip
+          pip install --requirement docs/requirements.txt
       - name: Build documentation
         run: mkdocs build
       # To remove if not using github pages
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v2
+        uses: actions/upload-pages-artifact@v3
         with:
           path: site

.github/workflows/golangci.yaml

@@ -0,0 +1,41 @@
+name: Golang ci
+on:
+  # don't build any branch other than master (and prs) when git pushed
+  pull_request: {}
+  push:
+    branches:
+      - master
+      - "/^v\\d+\\.\\d+(\\.\\d+)?(-\\S*)?$/"
+    paths-ignore:
+      - "**/*.md"
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59
+
+  coverage:
+    name: coverage
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Unit tests and coverage
+        run: make cov

.github/workflows/preview-docs.yaml

@@ -5,7 +5,7 @@ on:
       - opened
     paths:
       - mkdocs.yml
-      - docs/
+      - docs/**
       - README.md
       - LICENSE
       - extras/**/README.md

.golangci.yaml

@@ -0,0 +1,16 @@
+linters:
+  # Disable all linters.
+  # Default: false
+  disable-all: true
+  # Enable specific linter
+  # https://golangci-lint.run/usage/linters/#enabled-by-default
+  enable:
+    # default linter
+    # - errcheck # there are to many failures at the moment
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    # custom linter
+    - gofmt

.readthedocs.yaml

@@ -16,4 +16,4 @@ mkdocs:
 # Optionally declare the Python requirements required to build your docs
 python:
   install:
-  - requirements: docs/requirements.pip
+  - requirements: docs/requirements.txt

.travis.yml

@@ -1,8 +1,4 @@
 ---
-env:
-  global:
-    - secure: IH/xOtRl9rcek+YTz1s2lv2njdV1gob0AY21/kGhqUBH2sdztQ/02CteGz5E0c+LfqoUYQglLsejVCNLXQJI39CyZRzysB1wlVOz7YIPNaOLATtMGg0/8Mb7dpeqAV1u3agIi87q3ims1EkmGE9UGNj/qL75oTXBiozEfkbcsheH3Ju9CcO0i006UlNqAG4T++l1JZ4kPmr1r5eNjRu52oWQrlxaOYpZJGnT3qjxkvxcnI/Pgiem0+2aZ7Yluu0lA7UCFWyORoDRUz4pQR3uDG4ADPG4WcpJ601LDZyWtS7EOXVBgWZX9vV9ZVx63nK5w0W8NN6PQOuz0niN9iwR+FsShrPIsh6P9wVZfGifwXK4g2FL2XMBRuZCsQfrpRY6JbnuyGeMqN53ta95y0Yv4H65UQ7bulr4Lnic4+W52G/fl1VUYX8Bts+ecUydIu+afcDZ6GkpVLEURjaek99uO5ewHH7lfVAOQv4wUP8GFUyLXJumJZHvMzyiAXsTHdUZdm+Ap8EPzWFYYnMxySU39MEkIvhfG47X6sA7zAppuoNwd8vU4ZaxSdsme2InUSalETGJZ7ohL+M/tkTMyuyq8uLMRuwscNdgcCjGaHM19NQMrv4nsPmmzTeiDRoFk2wad07Mgsjy07esxw52rs3zAsa37+h74GYFWYo523AiYjw=
-
 language: go
 
 go:
@@ -31,18 +27,9 @@ before_install:
   # bash from macOS is too old to have readarray. Install newer version.
   - if [[ "${TRAVIS_OS_NAME}" == "osx" ]]; then HOMEBREW_NO_AUTO_UPDATE=1 brew install bash; fi
 
-install:
-  - ./ci/install.sh
-
-before_script:
-  - ./ci/before-build.sh
-
 script:
   - ./ci/build.sh
 
-after_script:
-  - ./ci/after-build.sh
-
 deploy:
   provider: releases
   api_key:

Dockerfile

@@ -0,0 +1,19 @@
+ARG GO_VERSION=1.21
+
+FROM docker.io/golang:${GO_VERSION}-alpine AS base
+
+ARG GOSS_VERSION=v0.0.0
+WORKDIR /build
+
+RUN --mount=target=. \
+    CGO_ENABLED=0 go build \
+    -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \
+    -o "/release/goss" \
+    ./cmd/goss
+
+FROM alpine:3.19
+
+COPY --from=base /release/* /usr/bin/
+
+RUN mkdir /goss
+VOLUME /goss

Makefile

@@ -35,10 +35,10 @@ htmlcov:
 	go test -v -coverpkg=./... -coverprofile=c.out ./...
 	go tool cover -html ./c.out
 
-
 lint:
 	$(info INFO: Starting build $@)
-	golint $(pkgs) || true
+	go install github.com/golangci/golangci-lint/cmd/[email protected]
+	golangci-lint run --timeout 5m $(pkgs) || true
 
 vet:
 	$(info INFO: Starting build $@)
@@ -148,10 +148,10 @@ $(PYTHON):
 	$(info Creating virtualenv in $(VENV))
 	@python -m venv $(VENV)
 
-$(DOCS_DEPS): $(PYTHON) docs/requirements.pip
+$(DOCS_DEPS): $(PYTHON) docs/requirements.txt
 	$(info Installing dependencies)
 	@pip install --upgrade pip
-	@pip install --requirement docs/requirements.pip
+	@pip install --requirement docs/requirements.txt
 	@touch $(DOCS_DEPS)
 
 docs/setup: $(DOCS_DEPS)

README.md

@@ -14,7 +14,7 @@
 <a href="https://asciinema.org/a/4suhr8p42qcn6r7crfzt6cc3e?autoplay=1" target="_blank"><img src="https://cloud.githubusercontent.com/assets/6783261/17330426/ce7ad066-5894-11e6-84ea-29fd4207af58.gif" alt="asciicast"></a>
 <!-- markdownlint-enable line-length no-inline-html -->
 
-**Note:** For testing docker containers see the [dgoss](https://github.com/goss-org/goss/tree/master/extras/dgoss) wrapper.
+**Note:** For testing containers see the [dgoss](https://github.com/goss-org/goss/tree/master/extras/dgoss) wrapper.
 Also, user submitted wrapper scripts for Kubernetes [kgoss](https://github.com/goss-org/goss/tree/master/extras/kgoss)
 and Docker Compose [dcgoss](https://github.com/goss-org/goss/tree/master/extras/dcgoss).
 
@@ -95,6 +95,10 @@ make build
 
 [Full Documentation](https://github.com/goss-org/goss/blob/e73553f9c3065ac297499dafb4f8abef6acb24ad/docs/manual.md)
 
+## Using the container image
+
+[Using the Goss container image](docs/container_image.md)
+
 ## Quick start
 
 <!-- --8<-- [start:quickstart] -->