* follow convention for naming catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cataloger name example
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate to binny and taskfile
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update binny to not require github token
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* added support for automatically building snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* detect source changes for snapshot builds
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fail workflow explicitly when snapshot cache restoral fails
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* match snapshot restoral paths
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* label PRs when the json schema changes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* moderate pr comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* be more strict about processing file names
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont show the title in the release notes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont upload assets on the release pipeline
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump action-slack action to v3.15.1
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove custom go mod and build cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix: update codeql-analysis for go 1.21
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* nit: remove comment
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* Bump the golang.org/x/exp dependency and fix a build breakage.
---------
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
* Introduce indexed embedded CPE dictionary
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
* Don't generate cpe-index on make snapshot
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
* Add unit tests for individual addEntry funcs
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
* migrate CPE index build to go generate and add periodic workflow
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add test to ensure generated cpe index is wired up to function that uses it
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add bubbletea UI
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* swap pipeline to go 1.20.x and add attest guard for cosign binary
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update note in developing.md about the required golang version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix merge conflict for windows path handling
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* temp test for attest handler
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add addtional test iterations for background reader
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] try to reflect metadata types... probably wont work
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* refactor to add unit test to ensure there is coverage in the schema
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] generate metadata container
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add generation of metadata container struct for JSON schema generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update linter script to account for code generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix: only cache java packages and not source content
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* fix: add gradle to matched files for ci checksum
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* pin kernel and modules version for kernel fixtures
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* cache kernel fixtures in CI
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update CLI test image with pinned kernel deps
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update the kernel version found in integration tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add release trigger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* deduplicate version and changelog calls + add gh checks
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add more chronicle verbosity, but not when triggering releases
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump chronicle version to get --version-file feature
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update bootstrap tool workflow to include glow
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add version prefix check on tags in release quality gate
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* feat: update golang to 1.19
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
* chore: break out json schema drift check into separate script
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* chore: update git index refresh
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* initial working version
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* added build settings to pkg metadata
wip - unit tests
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* handle mach-O FatFiles
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add support to mod replace
fixed golang catalger tests
trying GH Actions with go 1.18rc1
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* log error
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* use go-macholibre for extraction
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* cleaner tests
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add version to main module
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* check macho file with macholibre
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* run golangci in its own workflow
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip - golangci workflow
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix golangci wf yml
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix golangci wf yml
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip - golangci wf
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip - golangci wf
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* get arch from bin file headers
upgrade macholibre
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* test new stereoscope lazy reader interface
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* remove devel version from golang cataloger
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* switch github workflows to go1.18 stable
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add union reader interface in golang cataloger
update stereoscope
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* simpler golangci validation
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix makefile
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* get archs refactor
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* nolint for golang version
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix go bin tests
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* feedback changes
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* golangci nolint needs a \n before package
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* cleanup
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* move golangci-lint to its own jobs again
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix ci yaml
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add support for xcoff files
add arch assets to test bin file types
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* clean up golangci-lint config
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* nolint for xcoff
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* explain nolints
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* remove unused xcoff testdata assets
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* make go bin test-fixtures in docker
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix make clean with -f
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* update json output schema
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* update schema version in test fixture
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* feedback changes
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* explain possible empty main module
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* reduce parallelism of builds and increase install.sh test setup buffer
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* change logging mechanism for signing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* restore automatic parallelism determination for goreleaser
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rm logging goreleaser version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* refactor signing steps in release/snapshot workflows
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* show signing logs on snapshot or release failure
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update install.sh + tests to account for new goreleaser changes
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update cli tests to account for new goreleaser build names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix acceptance test to use new snapshot bin path
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add notarization
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* address review comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] get assets based on gh api
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* put install.sh download_asset fn under test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* put install.sh install_asset fn under test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use zip for darwin installs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix install.sh negative test cases
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* allow errors to propagate in install.sh
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove exit on error from install.sh tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add more docs around install.sh helpers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add integration tests for install.sh
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add install.sh testing to pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add install test cache to CI
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* make colors globally available
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* test download against github release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* always test release-based install against latest release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use better install.sh test names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update build tags, ui support, and stereoscope, and release for windows support
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* rollback goreleaser version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update go sum
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
This reverts commit 06dcd3261d.
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
