diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fe5da5f..c2b8b41 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,129 +1,46 @@ name: "Release" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: push: - # take no actions on push to any branch... - branches-ignore: - - "**" - # ... only act on release tags + branches: + - "main" tags: - "v*" + pull_request: env: - GO_VERSION: "1.18.x" + GO_VERSION: "1.18" jobs: - quality-gate: - environment: release - runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS. - steps: - - uses: actions/checkout@v2 - - # we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main - - name: Ensure tagged commit is on main - run: | - echo "Tag: ${GITHUB_REF##*/}" - git fetch origin main - git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!" - - - name: Check static analysis results - uses: fountainhead/action-wait-for-check@v1.0.0 - id: static-analysis - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/validations.yaml) - checkName: "Static analysis" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check unit test results - uses: fountainhead/action-wait-for-check@v1.0.0 - id: unit - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/validations.yaml) - checkName: "Unit tests" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check acceptance test results (linux) - uses: fountainhead/action-wait-for-check@v1.0.0 - id: acceptance-linux - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/validations.yaml) - checkName: "Acceptance tests (Linux)" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check acceptance test results (mac) - uses: fountainhead/action-wait-for-check@v1.0.0 - id: acceptance-mac - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/validations.yaml) - checkName: "Acceptance tests (Mac)" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check cli test results (linux) - uses: fountainhead/action-wait-for-check@v1.0.0 - id: cli-linux - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/testing.yaml) - checkName: "CLI tests (Linux)" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Quality gate - if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success' || steps.cli-linux.outputs.conclusion != 'success' - run: | - echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}" - echo "Unit Test Status: ${{ steps.unit.outputs.conclusion }}" - echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}" - echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}" - echo "CLI Test (Linux) Status: ${{ steps.cli-linux.outputs.conclusion }}" - false - release: - needs: [quality-gate] runs-on: ubuntu-latest steps: - - - uses: actions/setup-go@v2 - with: - go-version: ${{ env.GO_VERSION }} - - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 with: fetch-depth: 0 - - name: Restore tool cache - id: tool-cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/.tmp - key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - - - name: Restore go cache - id: go-cache - uses: actions/cache@v2.1.3 + - uses: actions/setup-go@v5 with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ env.GO_VERSION }}- + go-version: ${{ env.GO_VERSION }} - - name: (cache-miss) Bootstrap all project dependencies - if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' + - name: Bootstrap all project dependencies run: make bootstrap - - name: Build & publish release artifacts - run: make release + - name: Build + run: | + if [[ "${GITHUB_REF}" = refs/tags/v* ]]; then + make release + else + make RELEASE_FLAGS="--snapshot" release + fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: anchore/sbom-action@v0 - continue-on-error: true - with: - artifact-name: sbom.spdx.json - - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v4 with: name: artifacts path: dist/**/* diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml deleted file mode 100644 index 2c3282d..0000000 --- a/.github/workflows/validations.yaml +++ /dev/null @@ -1,242 +0,0 @@ -name: "Validations" -on: - workflow_dispatch: - push: - branches: - - main - pull_request: - -env: - GO_VERSION: "1.18.x" - -jobs: - - Static-Analysis: - # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline - name: "Static analysis" - runs-on: ubuntu-20.04 - steps: - - uses: actions/setup-go@v2 - with: - go-version: ${{ env.GO_VERSION }} - - - uses: actions/checkout@v2 - - - name: Restore tool cache - id: tool-cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/.tmp - key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - - - name: Restore go cache - id: go-cache - uses: actions/cache@v2.1.3 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ env.GO_VERSION }}- - - - name: (cache-miss) Bootstrap all project dependencies - if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' - run: make bootstrap - - - name: Run static analysis - run: make static-analysis - - # allow for PRs to skip validating the syft version to allow for incremental updates of syft before release. - # In this way checks against the main branch (which are required for release) will fail, but PR checks will not - - name: Ensure syft version is a release version - run: | - echo "GitHub reference: ${GITHUB_REF##*/}" - git fetch origin main - git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && make validate-syft-release-version || echo "skipping syft version check" - - - Unit-Test: - # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline - name: "Unit tests" - runs-on: ubuntu-20.04 - steps: - - uses: actions/setup-go@v2 - with: - go-version: ${{ env.GO_VERSION }} - - - uses: actions/checkout@v2 - - - name: Restore tool cache - id: tool-cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/.tmp - key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - - - name: Restore go cache - id: go-cache - uses: actions/cache@v2.1.3 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ env.GO_VERSION }}- - - - name: (cache-miss) Bootstrap all project dependencies - if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' - run: make bootstrap - - - name: Run unit tests - run: make unit - - Build-Snapshot-Artifacts: - name: "Build snapshot artifacts" - runs-on: ubuntu-20.04 - steps: - - uses: actions/setup-go@v2 - with: - go-version: ${{ env.GO_VERSION }} - - - uses: actions/checkout@v2 - - - name: Restore tool cache - id: tool-cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/.tmp - key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - - - name: Restore go cache - id: go-cache - uses: actions/cache@v2.1.3 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ env.GO_VERSION }}- - - - name: (cache-miss) Bootstrap all project dependencies - if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' - run: make bootstrap - - - name: Build snapshot artifacts - run: make snapshot - - - uses: actions/upload-artifact@v2 - with: - name: artifacts - path: snapshot/**/* - - Acceptance-Linux: - # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline - name: "Acceptance tests (Linux)" - needs: [Build-Snapshot-Artifacts] - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 - with: - name: artifacts - path: snapshot - - - name: Build key for image cache - run: make install-fingerprint - - - name: Restore install.sh test image cache - id: install-test-image-cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/test/install/cache - key: ${{ runner.os }}-install-test-image-cache-${{ hashFiles('test/install/cache.fingerprint') }} - - - name: Restore tool cache - id: tool-cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/.tmp - key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - - - name: Load test image cache - if: steps.install-test-image-cache.outputs.cache-hit == 'true' - run: make install-test-cache-load - - - name: Run install.sh tests (Linux) - run: make install-test - - - name: (cache-miss) Create test image cache - if: steps.install-test-image-cache.outputs.cache-hit != 'true' - run: make install-test-cache-save - - Acceptance-Mac: - # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline - name: "Acceptance tests (Mac)" - needs: [Build-Snapshot-Artifacts] - runs-on: macos-latest - steps: - - uses: actions/checkout@v2 - - - uses: actions/download-artifact@v2 - with: - name: artifacts - path: snapshot - - - name: Install docker CLI - run: | - brew install docker - mkdir ~/.docker - - - name: Run install.sh tests (Mac) - run: make install-test-ci-mac - - Cli-Linux: - # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline - name: "CLI tests (Linux)" - needs: [Build-Snapshot-Artifacts] - runs-on: ubuntu-20.04 - steps: - - uses: actions/setup-go@v2 - with: - go-version: ${{ env.GO_VERSION }} - - - uses: actions/checkout@v2 - with: - # this downloads and initializes LFS, but does not pull the objects - lfs: true - # we need to jump between multiple branches to compare compute a diff, which means we need a deeper clone depth - fetch-depth: 0 - - - name: Restore go cache - id: go-cache - uses: actions/cache@v2.1.3 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-${{ env.GO_VERSION }}- - - - name: Restore tool cache - id: tool-cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/.tmp - key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - - - name: (cache-miss) Bootstrap all project dependencies - if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' - run: make bootstrap - - - name: Build key for tar cache - run: make cli-fingerprint - - - name: Restore CLI test cache - uses: actions/cache@v2.1.3 - with: - path: ${{ github.workspace }}/test/cli/test-fixtures/cache - key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }} - - - uses: actions/download-artifact@v2 - with: - name: artifacts - path: snapshot - - - name: Run CLI Tests (Linux) - run: make cli diff --git a/Makefile b/Makefile index c94c27d..a243eea 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,7 @@ COVER_TOTAL = $(RESULTS_DIR)/unit-coverage-summary.txt LINT_CMD = $(TEMP_DIR)/golangci-lint run --tests=false --timeout=2m --config .golangci.yaml GOIMPORTS_CMD = $(TEMP_DIR)/gosimports -local github.com/anchore RELEASE_CMD=$(TEMP_DIR)/goreleaser release --rm-dist +RELEASE_FLAGS="" SNAPSHOT_CMD=$(RELEASE_CMD) --skip-publish --rm-dist --snapshot OS=$(shell uname | tr '[:upper:]' '[:lower:]') SNAPSHOT_BIN=$(shell realpath $(shell pwd)/$(SNAPSHOT_DIR)/$(REPO)_$(OS)_amd64/$(BIN)) @@ -150,24 +151,20 @@ cli-fingerprint: find test/cli/test-fixtures/image-* -type f -exec md5sum {} + | awk '{print $1}' | sort | md5sum | tee test/cli/test-fixtures/cache.fingerprint && echo "$(CLI_CACHE_BUSTER)" >> test/cli/test-fixtures/cache.fingerprint .PHONY: cli -cli: $(SNAPSHOT_DIR) ## Run CLI tests - chmod 755 "$(SNAPSHOT_BIN)" - SYFT_BINARY_LOCATION='$(SNAPSHOT_BIN)' \ - go test -count=1 -v ./test/cli - -$(SNAPSHOT_DIR): $(TEMP_DIR) ## Build snapshot release binaries and packages +cli: $(call title,Building snapshot artifacts) - # create a config with the dist dir overridden echo "dist: $(SNAPSHOT_DIR)" > $(TEMP_DIR)/goreleaser.yaml cat .goreleaser.yaml >> $(TEMP_DIR)/goreleaser.yaml - $(SNAPSHOT_CMD) --config $(TEMP_DIR)/goreleaser.yaml - .PHONY: install-snapshot install-snapshot: cp $(SNAPSHOT_BIN) ~/.docker/cli-plugins/ +.PHONY: install +install: cli + cp $(SNAPSHOT_BIN) ~/.docker/cli-plugins/ + .PHONY: changelog changelog: clean-changelog CHANGELOG.md @docker run -it --rm \ @@ -186,7 +183,7 @@ validate-syft-release-version: .PHONY: release release: clean-dist CHANGELOG.md $(call title,Publishing release artifacts) - bash -c "$(RELEASE_CMD) --release-notes <(cat CHANGELOG.md)" + bash -c "$(RELEASE_CMD) $(RELEASE_FLAGS) --release-notes <(cat CHANGELOG.md)" .PHONY: clean clean: clean-dist clean-snapshot ## Remove previous builds, result reports, and test cache diff --git a/README.md b/README.md index 8f079e8..97afe8f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,8 @@ +# :warning: Discontinued + +The `docker sbom` command has been removed, please use the [`docker scout sbom` command](https://docs.docker.com/reference/cli/docker/scout/sbom/) +instead. + # sbom-cli-plugin Plugin for Docker CLI to support viewing and creating SBOMs for Docker images using Syft. diff --git a/cmd/root.go b/cmd/root.go index 096f404..b5234e4 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -8,6 +8,7 @@ import ( "strings" "text/template" + "github.com/docker/cli/cli" "github.com/docker/cli/cli/command" "github.com/docker/sbom-cli-plugin/internal" "github.com/docker/sbom-cli-plugin/internal/bus" @@ -50,7 +51,15 @@ func cmd(dockerCli command.Cli) *cobra.Command { SilenceUsage: true, SilenceErrors: true, Version: version.FromBuild().Version, - RunE: newRunner(dockerCli).run, + RunE: func(cmd *cobra.Command, args []string) error { + if len(args) == 0 { + return cmd.Help() + } + return cli.StatusError{ + StatusCode: 1, + Status: `error: docker sbom has been removed, please use "docker scout sbom" command instead`, + } + }, } c.SetVersionTemplate(fmt.Sprintf("%s {{.Version}}, build %s\n", internal.ApplicationName, version.FromBuild().GitCommit))