Merge pull request #1 from goproslowyo/initial

Add a Makefile and GitHub action to run unit tests and coverage report

Author: goproslowyo

.github/workflows/main.yml

@@ -0,0 +1,39 @@
+# This workflow will sort in{dex,active}.md and commit the changes back to the repository.
+name: Build secinfo Binary
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the main branch
+  push:
+    branches: [main]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout repository
+        with:
+          fetch-depth: 0
+
+      - name: Fetch all tags
+        run: git fetch --force --tags
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: Login to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/tests.yaml

@@ -5,12 +5,15 @@ on:
     branches: ["main"]
   pull_request:
     branches: ["main"]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
-  build:
+  test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+        name: Checkout repository
         with:
           # default fetch-depth is insufficent to find previous coverage notes
           fetch-depth: 10
@@ -20,11 +23,18 @@ jobs:
         with:
           go-version: 1.18
 
-      - name: Test
+      - name: Run tests and coverage report
         run: make test
 
       - uses: gwatts/go-coverage-action@v1
         id: coverage
+        name: Post coverage report to pull request
         with:
           test-args: '["-v"]'
           coverage-threshold: 85
+
+      - uses: actions/upload-artifact@v3
+        name: Upload coverage artifact
+        with:
+          name: coverage-report
+          path: coverage.html

.gitignore

@@ -1,6 +1,9 @@
 # Binaries for programs and plugins
 secinfo
 
+# Gorelease binaries
+dist/
+
 # Test binary, built with `go test -c`
 *.test
 

.goreleaser.yaml

@@ -0,0 +1,36 @@
+builds:
+  - ldflags:
+      - -s -w -extldflags "-static" -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=goreleaser
+    tags:
+      - osusergo
+      - netgo
+      - static
+    env:
+      - CGO_ENABLED=0
+    # targets:
+    #   - linux_amd64_v4
+    goos:
+      - linux
+    goarch:
+      - amd64
+    goamd64:
+      - v4
+    # hooks:
+    # post: upx --ultra-brute "{{ .Path }}" && upx -vt "{{ .Path }}"
+
+dockers:
+  - goos: linux # GOOS of the built binaries/packages that should be used.
+    # GOARCH of the built binaries/packages that should be used.
+    goarch: amd64
+    # GOAMD64 of the built binaries/packages that should be used.
+    goamd64: "v4"
+    # Templates of the Docker image names.
+    extra_files:
+      - go.mod
+      - go.sum
+      - secinfo.go
+      - streamers
+    image_templates:
+      - "ghcr.io/goproslowyo/secinfo:{{ .Tag }}"
+      - "ghcr.io/goproslowyo/secinfo:latest"
+    # skip_push: "true"

Dockerfile

@@ -0,0 +1,20 @@
+FROM golang:latest as builder
+
+COPY go.mod go.sum /build/
+COPY secinfo.go /build/
+COPY streamers /build/streamers
+
+WORKDIR /build
+
+RUN apt update && apt install -y upx
+RUN CGO_ENABLED=0 go build -v -ldflags '-s -w -extldflags "-static"' -tags 'osusergo,netgo,static' -asmflags 'all=-trimpath={{.Env.GOPATH}}' .
+RUN upx --ultra-brute secinfo && upx -t secinfo
+
+FROM scratch
+
+WORKDIR /app
+
+COPY --from=builder /build/secinfo .
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+CMD ["/app/secinfo"]

Makefile

@@ -12,14 +12,18 @@ cover: test
 clean:
 	rm -rf coverage.out coverage.html
 	rm -rf secinfo secinfo.test
+	rm -rf dist
 
 build:
-	rm secinfo
-	CGO_ENABLED=0 go build -v -tags 'osusergo,netgo,static' -ldflags '-s -w -extldflags "-static"' .
+	@echo ${VERSION}
+	CGO_ENABLED=0 GOAMD64=v4 go build -v -trimpath -tags 'osusergo,netgo,static' -ldflags '-s -w -extldflags "-static"' .
 
 docker-build:
 	docker build -t secinfo:${VERSION} .
 
+release:
+	goreleaser release --snapshot --rm-dist
+
 docker-run:
 	docker run -it -v ${PWD}/templates:/app/templates -v ${PWD}/index.md:/app/index.md -v ${PWD}/streamers.csv:/app/streamers.csv secinfo:${VERSION}
 

README.md

@@ -12,6 +12,25 @@ Check the `Makefile` for all options but you've got `make {docs,test,cover,clean
 
 When running `docker-run`, we assume you're providing `streamers.csv` from the infosecstreams repo. You can check the invocation of the `docker run ...` command in the Makefile for further details.
 
+### Test Mode
+
+When developing, you'll likely not want to actually hit the API and use the internet. Instead you can reference static json files.
+
+If the `SECINFO_TEST` environment variable is set (to literally any non-empty string), we'll use the test files instead of hitting the API.
+
+```go
+// Check environ SECINFO_TEST exists
+if os.Getenv("SECINFO_TEST") == "" { ... }
+else {
+  // Read active.json into active struct
+  f, _ := ioutil.ReadFile("active.json")
+  _ = json.Unmarshal([]byte(f), &active)
+  // Read inactive.json into inactive struct
+  f, _ = ioutil.ReadFile("inactive.json")
+  _ = json.Unmarshal([]byte(f), &inactive)
+}
+```
+
 ## Usage
 
 Ensure there's a `streamers.csv` in the CWD of the secinfo binary.