Ignore prerelease versions on release + add DB update URL (#76)

* ignore prerelease versions when uploading version file on release

* add db update url

.github/scripts/update-version-file.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -ue
+
+BIN="grype"
+DISTDIR=$1
+VERSION=$2
+
+if [[ $VERSION == *-* ]] ; then
+   echo "skipping publishing a version file (this is a pre-release: ${VERSION})"
+   exit 0
+fi
+
+echo "creating and publishing version file"
+
+# create a version file for version-update checks
+echo "${VERSION}" | tee ${DISTDIR}/VERSION
+
+# upload the version file that supports the application version update check
+docker run --rm \
+    -i \
+    -e AWS_DEFAULT_REGION=us-west-2 \
+    -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+    -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
+    -v $(pwd)/${DISTDIR}/:/distmount \
+    amazon/aws-cli \
+        s3 cp /distmount/VERSION s3://toolbox-data.anchore.io/${BIN}/releases/latest/VERSION

.github/workflows/release.yaml

@@ -102,8 +102,8 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
           PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}
           SIGNING_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
-          TOOLBOX_AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
-          TOOLBOX_AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
 
       - uses: actions/upload-artifact@v2
         with:

Makefile

@@ -166,18 +166,8 @@ release: clean-dist ## Build and publish final binaries and packages
 	# verify checksum signatures
 	.github/scripts/verify-signature.sh "$(DISTDIR)"
 
-	# create a version file for version-update checks
-	echo "$(VERSION)" > $(DISTDIR)/VERSION
-
-	# upload the version file that supports the application version update check
-	@docker run --rm \
-		-i \
-		-e AWS_DEFAULT_REGION=us-west-2 \
-		-e AWS_ACCESS_KEY_ID=${TOOLBOX_AWS_ACCESS_KEY_ID} \
-		-e AWS_SECRET_ACCESS_KEY=${TOOLBOX_AWS_SECRET_ACCESS_KEY} \
-		-v $(shell pwd)/$(DISTDIR)/:/distmount \
-		amazon/aws-cli --debug \
-			s3 cp /distmount/VERSION s3://toolbox-data.anchore.io/$(BIN)/releases/latest/VERSION
+	# upload the version file that supports the application version update check (excluding pre-releases)
+	.github/scripts/update-version-file.sh "$(DISTDIR)" "$(VERSION)"
 
 .PHONY: clean
 clean: clean-dist clean-snapshot  ## Remove previous builds and result reports

internal/config/config.go

@@ -65,8 +65,7 @@ func setNonCliDefaultValues(v *viper.Viper) {
 	v.SetDefault("log.structured", false)
 	// e.g. ~/.cache/appname/db
 	v.SetDefault("db.cache-dir", path.Join(xdg.CacheHome, internal.ApplicationName, "db"))
-	// TODO: change me to the production URL before release
-	v.SetDefault("db.update-url", "http://localhost:5000/listing.json")
+	v.SetDefault("db.update-url", internal.DBUpdateURL)
 	v.SetDefault("db.auto-update", true)
 	v.SetDefault("dev.profile-cpu", false)
 	v.SetDefault("check-for-app-update", true)

internal/constants.go

@@ -2,3 +2,4 @@ package internal
 
 // note: do not change this
 const ApplicationName = "grype"
+const DBUpdateURL = "https://toolbox-data.anchore.io/grype/databases/listing.json"