intelops · santoshkal · Oct 1, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
diff --git a/.ci.yml b/.ci.yml
@@ -10,7 +10,6 @@ linters:
     - errcheck
     - gosimple
     - govet
-    - ineffassign
     - staticcheck
     - unused
     - misspell
@@ -27,4 +26,4 @@ issues:
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
   max-issues-per-linter: 0
   # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
-  max-same-issues: 0
+  max-same-issues: 0
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -8,8 +8,10 @@ updates:
   - package-ecosystem: "gomod" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
-      interval: "weekly"
+    target-branch: "pre-main"
+    interval: "weekly"
   - package-ecosystem: "github-actions"
     directory: "/"
+    target-branch: "pre-main"
     schedule:
       interval: "weekly"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -17,36 +17,43 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
         with:
-          go-version: "1.22"
+          go-version: "1.23"
           cache: false
       - name: Run tests
-        run: go test ./... -coverprofile=coverage.out -coverpkg=./... -covermode=atomic
+        run: |
+          go mod tidy
+          go test ./... -coverprofile=coverage.out -coverpkg=./... -covermode=atomic
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6
+        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6
         with:
-          version: v1.59
+          version: v1.60
           args: -v --config=.ci.yml
           skip-pkg-cache: true
           skip-build-cache: true
 
       - name: Static check
         uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1
         with:
-          version: "2023.1.6"
+          version: "2024.1.1"
           install-go: false
-          cache-key: "1.22"
+          cache-key: "1.23"
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
         with:
           scan-type: "fs"
           ignore-unfixed: true
           format: sarif
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
+        env:
+          # Use AWS' ECR mirror for the trivy-db image, as GitHub's Container
+          # Registry is returning a TOOMANYREQUESTS error.
+          # Ref: https://github.com/aquasecurity/trivy-action/issues/389
+          TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2"
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3
+        uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3
         with:
           sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -19,19 +19,19 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0 # this is important, otherwise it won't checkout the full tree (i.e. no previous tags)
-      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
+      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
         with:
           go-version: 1.22 # Go version
           cache: true
       - name: Run tests
         run: go test ./... -coverprofile=coverage.out -coverpkg=./... -covermode=atomic
 
-      - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.5 # installs cosign
-      - uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17 installs syft
-      - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6 # run goreleaser
+      - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.5 # installs cosign
+      - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.17 installs syft
+      - uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6 # run goreleaser
         id: goreleaser
         with:
           version: latest

diff --git a/.gitignore b/.gitignore
@@ -13,3 +13,4 @@ todo.md
 results.json
 .env
 !pkg/validate/testdata/Dockerfile/
+demo/
diff --git a/cmd/artifact_pull.go b/cmd/artifact_pull.go
@@ -7,11 +7,11 @@ import (
 	"path/filepath"
 
 	"github.com/fatih/color"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
 
 	"github.com/intelops/genval/pkg/oci"
 	"github.com/intelops/genval/pkg/utils"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
 )
 
 var pullCmd = &cobra.Command{
@@ -106,8 +106,8 @@ func runPullArtifactCmd(cmd *cobra.Command, args []string) error {
 	defer spin.Stop()
 
 	if err := oci.PullArtifact(context.Background(), pullArgs.creds, pullArgs.dest, pullArgs.path); err != nil {
-		fe := color.RedString("Error pulling artifact from remote: %v", err)
-		return fmt.Errorf(fe)
+		errorMessage := color.RedString("Error pulling artifact from remote: %v", err)
+		return fmt.Errorf("%s", errorMessage)
 	}
 	spin.Stop()
 	color.Green("Artifact from %s pulled and stored in :%s", pullArgs.dest, pullArgs.path)

diff --git a/cmd/artifact_push.go b/cmd/artifact_push.go
@@ -17,10 +17,11 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
 	"github.com/google/go-containerregistry/pkg/v1/types"
-	"github.com/intelops/genval/pkg/oci"
-	"github.com/intelops/genval/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+
+	"github.com/intelops/genval/pkg/oci"
+	"github.com/intelops/genval/pkg/utils"
 )
 
 var pushCmd = &cobra.Command{
@@ -200,8 +201,13 @@ func runPushCmd(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	log.Infof(color.GreenString("✔ Artifact pushed successfully to: %v", pushArgs.dest))
-	log.Infof(color.GreenString("✔ Digest: %v", digest))
-	log.Infof(color.GreenString("✔ Digest URL: %v\n", digestURL))
+	// Create formatted messages # Fix govet warnings
+	artifactMessage := color.GreenString("✔ Artifact pushed successfully to: %v", pushArgs.dest)
+	digestMessage := color.GreenString("✔ Digest: %v", digest)
+	digestURLMessage := color.GreenString("✔ Digest URL: %v\n", digestURL)
+
+	log.Info(artifactMessage)
+	log.Info(digestMessage)
+	log.Info(digestURLMessage)
 	return nil
 }
diff --git a/cmd/cel_infrafile.go b/cmd/cel_infrafile.go
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,3 +13,4 @@ todo.md @@
     results.json
     .env
     !pkg/validate/testdata/Dockerfile/
+    demo/