From 9fbad3f8ce69bb059baf04e98a6327e7e898b9ff Mon Sep 17 00:00:00 2001 From: Bobby Zhang Date: Thu, 27 Jul 2023 12:22:35 -0400 Subject: [PATCH 1/3] Add goreleaser support --- .gitignore | 2 ++ .goreleaser.yaml | 33 +++++++++++++++++++++++++++++++++ go.sum | 2 -- 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 .goreleaser.yaml diff --git a/.gitignore b/.gitignore index 76902418b4..a876f6530e 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,5 @@ build/ pgp/keyrings/aptly2*.gpg pgp/keyrings/aptly2*.gpg~ pgp/keyrings/.#* + +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000000..a7d61f0221 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,33 @@ +# Check the documentation at https://goreleaser.com +before: + hooks: + - rm -rf ./dist + - go mod tidy + - go generate ./... +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + goarch: + - amd64 + +archives: + - format: tar.gz + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} +checksum: + name_template: 'checksums.txt' +snapshot: + name_template: "{{ incpatch .Version }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' diff --git a/go.sum b/go.sum index 97e4582652..1676eed9dd 100644 --- a/go.sum +++ b/go.sum @@ -308,8 +308,6 @@ github.com/smira/go-aws-auth v0.0.0-20180731211914-8b73995fd8d1 h1:VPv+J50mFyP42 github.com/smira/go-aws-auth v0.0.0-20180731211914-8b73995fd8d1/go.mod h1:KKhbssKjyR//TUP31t3ksE2b6oeAw328JzwmFJnzRCw= github.com/smira/go-ftp-protocol v0.0.0-20140829150050-066b75c2b70d h1:rvtR4+9N2LWPo0UHe6/aHvWpqD9Dhf10P2bfGFht74g= github.com/smira/go-ftp-protocol v0.0.0-20140829150050-066b75c2b70d/go.mod h1:Jm7yHrROA5tC42gyJ5EwiR8EWp0PUy0qOc4sE7Y8Uzo= -github.com/smira/go-xz v0.0.0-20220607140411-c2a07d4bedda h1:WWMF6Bz2r8/91uUs4ZYk10zSSflqHDE5Ot3/s1yz+x4= -github.com/smira/go-xz v0.0.0-20220607140411-c2a07d4bedda/go.mod h1:RdN8UkuBr4amSnXBHKWkn6p1mXqYjHw+Yvxz8gQfU5A= github.com/smira/go-xz v0.1.0 h1:1zVLT1sITUKcWNysfHMLZWJ2Yh7yJfhREsgmUdK4zb0= github.com/smira/go-xz v0.1.0/go.mod h1:OmdEWnIIkuLzRLHGF4YtjDzF9VFUevEcP6YxDPRqVrs= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= From e4facd5f8f075c2f5f8048a9c378f29e86ae8114 Mon Sep 17 00:00:00 2001 From: Bobby Zhang Date: Thu, 27 Jul 2023 13:10:13 -0400 Subject: [PATCH 2/3] Update goreleaser.yaml --- .goreleaser.yaml | 30 +++++++++--------------------- 1 file changed, 9 insertions(+), 21 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index a7d61f0221..b970e525d6 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -5,29 +5,17 @@ before: - go mod tidy - go generate ./... builds: - - env: - - CGO_ENABLED=0 + - env: [CGO_ENABLED=0] goos: - linux goarch: - amd64 + - arm64 -archives: - - format: tar.gz - name_template: >- - {{ .ProjectName }}_ - {{- title .Os }}_ - {{- if eq .Arch "amd64" }}x86_64 - {{- else if eq .Arch "386" }}i386 - {{- else }}{{ .Arch }}{{ end }} - {{- if .Arm }}v{{ .Arm }}{{ end }} -checksum: - name_template: 'checksums.txt' -snapshot: - name_template: "{{ incpatch .Version }}-next" -changelog: - sort: asc - filters: - exclude: - - '^docs:' - - '^test:' +nfpms: +- file_name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Arch }}' + maintainer: 'Bobby Zhang' + license: MIT + formats: + - deb + - rpm From 12fbbbc58090b373e6bf84c669d4fd9befdcf97a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 01:46:10 +0000 Subject: [PATCH 3/3] fix: system/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- system/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/system/requirements.txt b/system/requirements.txt index 39b43f1562..6dd240f5c1 100644 --- a/system/requirements.txt +++ b/system/requirements.txt @@ -4,3 +4,4 @@ requests-unixsocket python-swiftclient flake8 termcolor +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability