diff --git a/.binny.yaml b/.binny.yaml index 9dc99fa5c85..6313f3f3415 100644 --- a/.binny.yaml +++ b/.binny.yaml @@ -2,26 +2,30 @@ tools: # we want to use a pinned version of binny to manage the toolchain (so binny manages itself!) - name: binny version: - want: v0.8.0 - method: github-release +# want: v0.8.0 + want: fix-freebsd + method: go-install with: - repo: anchore/binny + module: github.com/anchore/binny + entrypoint: cmd/binny # used to produce SBOMs during release - name: syft version: want: latest - method: github-release + method: go-install with: - repo: anchore/syft + module: github.com/anchore/syft + entrypoint: cmd/syft # used to sign mac binaries at release - name: quill version: want: v0.4.1 - method: github-release + method: go-install with: - repo: anchore/quill + module: github.com/anchore/quill + entrypoint: cmd/quill # used for linting - name: golangci-lint @@ -43,41 +47,46 @@ tools: - name: cosign version: want: v2.2.4 - method: github-release + method: go-install with: - repo: sigstore/cosign + module: github.com/sigstore/cosign/v2 + entrypoint: cmd/cosign # used in integration tests to verify JSON schemas - name: yajsv version: want: v1.4.1 - method: github-release + method: go-install with: - repo: neilpa/yajsv + module: github.com/neilpa/yajsv + entrypoint: # used to release all artifacts - name: goreleaser version: want: v2.0.1 - method: github-release + method: go-install with: - repo: goreleaser/goreleaser + module: github.com/goreleaser/goreleaser/v2 +# entrypoint: cmd # used for organizing imports during static analysis - name: gosimports version: want: v0.3.8 - method: github-release + method: go-install with: - repo: rinchsan/gosimports + module: github.com/rinchsan/gosimports + entrypoint: cmd/gosimports # used at release to generate the changelog - name: chronicle version: want: v0.8.0 - method: github-release + method: go-install with: - repo: anchore/chronicle + module: github.com/anchore/chronicle + entrypoint: cmd/chronicle # used during static analysis for license compliance - name: bouncer @@ -86,6 +95,10 @@ tools: method: github-release with: repo: wagoodman/go-bouncer +# method: go-install +# with: +# module: github.com/wagoodman/go-bouncer +# entrypoint: # used for showing benchmark testing - name: benchstat @@ -112,6 +125,7 @@ tools: - name: gh version: want: v2.51.0 - method: github-release + method: go-install with: - repo: cli/cli + module: github.com/cli/cli/v2 + entrypoint: cmd/gh diff --git a/Makefile b/Makefile index 9089ee6192c..5ea4271a1ef 100644 --- a/Makefile +++ b/Makefile @@ -1,46 +1,17 @@ -OWNER = anchore -PROJECT = syft +.PHONY: * -TOOL_DIR = .tool -BINNY = $(TOOL_DIR)/binny -TASK = $(TOOL_DIR)/task +help: + @go run -C buildtools . -l -.DEFAULT_GOAL := make-default +bootstrap: + @go run -C buildtools . bootstrap -## Bootstrapping targets ################################# +unit: + @go run -C buildtools . $@ -# note: we need to assume that binny and task have not already been installed -$(BINNY): - @mkdir -p $(TOOL_DIR) - @curl -sSfL https://raw.githubusercontent.com/$(OWNER)/binny/main/install.sh | sh -s -- -b $(TOOL_DIR) +# for some reason test does not work without an explicit target - the dir? +test: + @go run -C buildtools . $@ -# note: we need to assume that binny and task have not already been installed -.PHONY: task -$(TASK) task: $(BINNY) - @$(BINNY) install task -q - -.PHONY: ci-bootstrap-go -ci-bootstrap-go: - go mod download - -# this is a bootstrapping catch-all, where if the target doesn't exist, we'll ensure the tools are installed and then try again %: - make $(TASK) - $(TASK) $@ - -## Shim targets ################################# - -.PHONY: make-default -make-default: $(TASK) - @# run the default task in the taskfile - @$(TASK) - -# for those of us that can't seem to kick the habit of typing `make ...` lets wrap the superior `task` tool -TASKS := $(shell bash -c "test -f $(TASK) && $(TASK) -l | grep '^\* ' | cut -d' ' -f2 | tr -d ':' | tr '\n' ' '" ) $(shell bash -c "test -f $(TASK) && $(TASK) -l | grep 'aliases:' | cut -d ':' -f 3 | tr '\n' ' ' | tr -d ','") - -.PHONY: $(TASKS) -$(TASKS): $(TASK) - @$(TASK) $@ - -help: $(TASK) - @$(TASK) -l + @go run -C buildtools . $@ diff --git a/Taskfile.yaml b/Taskfile.yaml index c0a8bc33402..9445dd37554 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -68,32 +68,32 @@ tasks: ## Bootstrap tasks ################################# - binny: - internal: true - # desc: Get the binny tool - generates: - - "{{ .TOOL_DIR }}/binny" - status: - - "test -f {{ .TOOL_DIR }}/binny" - cmd: "curl -sSfL https://raw.githubusercontent.com/anchore/binny/main/install.sh | sh -s -- -b .tool" - silent: true +# binny: +# internal: true +# # desc: Get the binny tool +# generates: +# - "{{ .TOOL_DIR }}/binny" +# status: +# - "test -f {{ .TOOL_DIR }}/binny" +# cmd: "curl -sSfL https://raw.githubusercontent.com/anchore/binny/main/install.sh | sh -s -- -b .tool" +# silent: true tools: desc: Install all tools needed for CI and local development - deps: [binny] +# deps: [binny] aliases: - bootstrap - generates: - - ".binny.yaml" - - "{{ .TOOL_DIR }}/*" - status: - - "{{ .TOOL_DIR }}/binny check -v" - cmd: "{{ .TOOL_DIR }}/binny install -v" +# generates: +# - ".binny.yaml" +# - "{{ .TOOL_DIR }}/*" +# status: +# - "{{ .TOOL_DIR }}/binny check -v" +# cmd: "{{ .TOOL_DIR }}/binny install -v" silent: true update-tools: desc: Update pinned versions of all tools to their latest available versions - deps: [binny] +# deps: [binny] generates: - ".binny.yaml" - "{{ .TOOL_DIR }}/*" @@ -102,13 +102,13 @@ tasks: list-tools: desc: List all tools needed for CI and local development - deps: [binny] +# deps: [binny] cmd: "{{ .TOOL_DIR }}/binny list" silent: true list-tool-updates: desc: List all tools that are not up to date relative to the binny config - deps: [binny] +# deps: [binny] cmd: "{{ .TOOL_DIR }}/binny list --updates" silent: true @@ -118,11 +118,14 @@ tasks: - "{{ .TMP_DIR }}" cmd: "mkdir -p {{ .TMP_DIR }}" + ci-bootstrap-go: + cmd: "go mod download" + ## Static analysis tasks ################################# format: desc: Auto-format all source code - deps: [tools] +# deps: [tools] cmds: - gofmt -w -s . - "{{ .TOOL_DIR }}/gosimports -local github.com/anchore -w ." @@ -130,7 +133,7 @@ tasks: lint-fix: desc: Auto-format all source code + run golangci lint fixers - deps: [tools] +# deps: [tools] cmds: - task: format - "{{ .TOOL_DIR }}/golangci-lint run --tests=false --fix" @@ -142,7 +145,7 @@ tasks: sh: gofmt -l -s . BAD_FILE_NAMES: sh: "find . | grep -e ':' || true" - deps: [tools] +# deps: [tools] cmds: # ensure there are no go fmt differences - cmd: 'test -z "{{ .BAD_FMT_FILES }}" || (echo "files with gofmt issues: [{{ .BAD_FMT_FILES }}]"; exit 1)' @@ -156,7 +159,7 @@ tasks: check-licenses: # desc: Ensure transitive dependencies are compliant with the current license policy - deps: [tools] +# deps: [tools] cmd: "{{ .TOOL_DIR }}/bouncer check ./..." check-go-mod-tidy: @@ -211,7 +214,7 @@ tasks: # note: we don't want to regenerate the snapshot unless we have to. In CI it's probable # that the cache being restored with the correct binary will be rebuilt since the timestamps # and local checksums will not line up. - deps: [tools, snapshot] + deps: [snapshot] sources: - "{{ .SNAPSHOT_BIN }}" - ./test/cli/** @@ -399,7 +402,7 @@ tasks: build: desc: Build the project - deps: [tools, tmpdir] + deps: [tmpdir] generates: - "{{ .PROJECT }}" cmds: @@ -414,7 +417,7 @@ tasks: desc: Create a snapshot release aliases: - build - deps: [tools, tmpdir] + deps: [tmpdir] sources: - cmd/**/*.go - syft/**/*.go @@ -432,7 +435,7 @@ tasks: changelog: desc: Generate a changelog - deps: [tools] +# deps: [tools] generates: - "{{ .CHANGELOG }}" - "{{ .NEXT_VERSION }}" @@ -446,7 +449,7 @@ tasks: release: desc: Create a release interactive: true - deps: [tools] +# deps: [tools] cmds: - cmd: .github/scripts/trigger-release.sh silent: true @@ -462,7 +465,7 @@ tasks: ci-release: # desc: "[CI only] Create a release" - deps: [tools] +# deps: [tools] cmds: - task: ci-check - "{{ .TOOL_DIR }}/chronicle -vvv > CHANGELOG.md" @@ -472,7 +475,7 @@ tasks: ci-release-version-file: # desc: "[CI only] Update the version file" - deps: [tools] +# deps: [tools] cmds: - task: ci-check - ".github/scripts/update-version-file.sh {{ .RELEASE_VERSION }}" diff --git a/buildtools/go.mod b/buildtools/go.mod new file mode 100644 index 00000000000..bcfa4e37fa2 --- /dev/null +++ b/buildtools/go.mod @@ -0,0 +1,11 @@ +module github.com/anchore/syft/buildtools + +go 1.22.0 + +require github.com/kzantow/go-build v0.0.0-20240621190357-037e1844f43f + +require ( + github.com/kr/text v0.2.0 // indirect + golang.org/x/mod v0.14.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/buildtools/go.sum b/buildtools/go.sum new file mode 100644 index 00000000000..2aea72a451c --- /dev/null +++ b/buildtools/go.sum @@ -0,0 +1,16 @@ +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kzantow/go-build v0.0.0-20240621190357-037e1844f43f h1:BTLfdsCjHKo58S3ULdG0pn2VLHjlYrWUvzwypjwNp+g= +github.com/kzantow/go-build v0.0.0-20240621190357-037e1844f43f/go.mod h1:A2nQV6Y2eb8juxo8yN+tZ+YxJ8hDtQzKSScBvJC8zXk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/buildtools/main.go b/buildtools/main.go new file mode 100644 index 00000000000..c99beb9c31d --- /dev/null +++ b/buildtools/main.go @@ -0,0 +1,9 @@ +package main + +import ( + "github.com/kzantow/go-build" +) + +func main() { + build.RunTools() +} diff --git a/go.mod b/go.mod index 5d8fe85f439..623d857f988 100644 --- a/go.mod +++ b/go.mod @@ -98,7 +98,7 @@ require ( github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect github.com/DataDog/zstd v1.5.5 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.2.0 // indirect + github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/Microsoft/hcsshim v0.11.4 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -137,7 +137,7 @@ require ( github.com/felixge/fgprof v0.9.3 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.0 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect github.com/gkampitakis/ciinfo v0.3.0 // indirect github.com/gkampitakis/go-diff v1.3.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect diff --git a/go.sum b/go.sum index b567e8140af..aaf9eacfca8 100644 --- a/go.sum +++ b/go.sum @@ -69,8 +69,9 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= @@ -284,8 +285,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.0 h1:Cn9dkdYsMIu56tGho+fqzh7XmvY2YyGU0FnbhiOsEro= -github.com/gabriel-vasile/mimetype v1.4.0/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmxRtOJlERCzSmRvr8= +github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= +github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/github/go-spdx/v2 v2.3.1 h1:ffGuHTbHuHzWPt53n8f9o8clGutuLPObo3zB4JAjxU8= github.com/github/go-spdx/v2 v2.3.1/go.mod h1:2ZxKsOhvBp+OYBDlsGnUMcchLeo2mrpEBn2L1C+U3IQ= @@ -961,7 +962,6 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=