upgrade tool management

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
anchore · May 2, 2024 · 2c7945d · 2c7945d
1 parent be167e8
commit 2c7945d
Show file tree

Hide file tree

Showing 9 changed files with 664 additions and 454 deletions.
diff --git a/.binny.yaml b/.binny.yaml
@@ -0,0 +1,104 @@
+tools:
+  # we want to use a pinned version of binny to manage the toolchain (so binny manages itself!)
+  - name: binny
+    version:
+      want: v0.7.0
+    method: github-release
+    with:
+      repo: anchore/binny
+
+  # used to produce SBOMs during release
+  - name: syft
+    version:
+      want: latest
+    method: github-release
+    with:
+      repo: anchore/syft
+
+  # used to sign mac binaries at release
+  - name: quill
+    version:
+      want: v0.4.1
+    method: github-release
+    with:
+      repo: anchore/quill
+
+  # used for linting
+  - name: golangci-lint
+    version:
+      want: v1.57.2
+    method: github-release
+    with:
+      repo: golangci/golangci-lint
+
+  # used for showing the changelog at release
+  - name: glow
+    version:
+      want: v1.5.1
+    method: github-release
+    with:
+      repo: charmbracelet/glow
+
+  # used for signing the checksums file at release
+  - name: cosign
+    version:
+      want: v2.2.4
+    method: github-release
+    with:
+      repo: sigstore/cosign
+
+  # used in integration tests to verify JSON schemas
+  - name: yajsv
+    version:
+      want: v1.4.1
+    method: github-release
+    with:
+      repo: neilpa/yajsv
+
+  # used to release all artifacts
+  - name: goreleaser
+    version:
+      want: v1.25.1
+    method: github-release
+    with:
+      repo: goreleaser/goreleaser
+
+  # used for organizing imports during static analysis
+  - name: gosimports
+    version:
+      want: v0.3.8
+    method: github-release
+    with:
+      repo: rinchsan/gosimports
+
+  # used at release to generate the changelog
+  - name: chronicle
+    version:
+      want: v0.8.0
+    method: github-release
+    with:
+      repo: anchore/chronicle
+
+  # used during static analysis for license compliance
+  - name: bouncer
+    version:
+      want: v0.4.0
+    method: github-release
+    with:
+      repo: wagoodman/go-bouncer
+
+  # used for running all local and CI tasks
+  - name: task
+    version:
+      want: v3.36.0
+    method: github-release
+    with:
+      repo: go-task/task
+
+  # used for triggering a release
+  - name: gh
+    version:
+      want: v2.48.0
+    method: github-release
+    with:
+      repo: cli/cli
diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
@@ -9,14 +9,18 @@ inputs:
     description: "Python version to install"
     required: true
     default: "3.10"
+  go-dependencies:
+    description: "Download go dependencies"
+    required: true
+    default: "true"
   cache-key-prefix:
     description: "Prefix all cache keys with this value"
     required: true
-    default: "831180ac26"
-  build-cache-key-prefix:
-    description: "Prefix build cache key with this value"
+    default: "1ac8281053"
+  compute-fingerprints:
+    description: "Compute test fixture fingerprints"
     required: true
-    default: "f8b6d31dea"
+    default: "true"
   bootstrap-apt-packages:
     description: "Space delimited list of tools to install via apt"
     default: "libxml2-utils"
@@ -26,37 +30,29 @@ runs:
   steps:
     # note: go mod and build is automatically cached on default with v4+
     - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
+      if: inputs.go-version != ''
       with:
         go-version: ${{ inputs.go-version }}
 
     - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0
       with:
         python-version: ${{ inputs.python-version }}
 
-    - name: Restore python cache
-      id: python-venv-cache
-      uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
-      with:
-        path: |
-          test/quality/venv
-          test/quality/vulnerability-match-labels/venv
-        key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-python-${{ inputs.python-version }}-${{ hashFiles('**/test/quality/**/requirements.txt') }}
-
     - name: Restore tool cache
       id: tool-cache
-      uses: actions/cache@v3
+      uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
       with:
-        path: ${{ github.workspace }}/.tmp
-        key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-tool-${{ hashFiles('Makefile') }}
+        path: ${{ github.workspace }}/.tool
+        key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-tool-${{ hashFiles('.binny.yaml') }}
 
-    - name: (cache-miss) Bootstrap project tools
+    - name: Install project tools
       shell: bash
-      if: steps.tool-cache.outputs.cache-hit != 'true'
-      run: make bootstrap-tools
+      run: make tools
 
-    - name: Bootstrap go dependencies
+    - name: Install go dependencies
+      if: inputs.go-dependencies == 'true'
       shell: bash
-      run: make bootstrap-go
+      run: make ci-bootstrap-go
 
     - name: Install apt packages
       if: inputs.bootstrap-apt-packages != ''
@@ -65,5 +61,6 @@ runs:
         DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y ${{ inputs.bootstrap-apt-packages }}
 
     - name: Create all cache fingerprints
+      if: inputs.compute-fingerprints == 'true'
       shell: bash
       run: make fingerprints
diff --git a/.github/scripts/go-mod-tidy-check.sh b/.github/scripts/go-mod-tidy-check.sh
@@ -4,19 +4,18 @@ set -eu
 ORIGINAL_STATE_DIR=$(mktemp -d "TEMP-original-state-XXXXXXXXX")
 TIDY_STATE_DIR=$(mktemp -d "TEMP-tidy-state-XXXXXXXXX")
 
-trap "cp -v ${ORIGINAL_STATE_DIR}/* ./ && rm -fR ${ORIGINAL_STATE_DIR} ${TIDY_STATE_DIR}" EXIT
+trap "cp -p ${ORIGINAL_STATE_DIR}/* ./ && git update-index -q --refresh && rm -fR ${ORIGINAL_STATE_DIR} ${TIDY_STATE_DIR}" EXIT
 
-echo "Capturing original state of files..."
-cp -v go.mod go.sum "${ORIGINAL_STATE_DIR}"
+# capturing original state of files...
+cp go.mod go.sum "${ORIGINAL_STATE_DIR}"
 
-echo "Capturing state of go.mod and go.sum after running go mod tidy..."
+# capturing state of go.mod and go.sum after running go mod tidy...
 go mod tidy
-cp -v go.mod go.sum "${TIDY_STATE_DIR}"
-echo ""
+cp go.mod go.sum "${TIDY_STATE_DIR}"
 
 set +e
 
-# Detect difference between the git HEAD state and the go mod tidy state
+# detect difference between the git HEAD state and the go mod tidy state
 DIFF_MOD=$(diff -u "${ORIGINAL_STATE_DIR}/go.mod" "${TIDY_STATE_DIR}/go.mod")
 DIFF_SUM=$(diff -u "${ORIGINAL_STATE_DIR}/go.sum" "${TIDY_STATE_DIR}/go.sum")
 

diff --git a/.github/scripts/syft-released-version-check.sh b/.github/scripts/syft-released-version-check.sh
diff --git a/.github/workflows/update-bootstrap-tools.yml b/.github/workflows/update-bootstrap-tools.yml
@@ -1,14 +1,10 @@
-name: PR for latest versions of bootstrap tools
+name: PR for latest versions of tools
 on:
   schedule:
     - cron: "0 8 * * *" # 3 AM EST
 
   workflow_dispatch:
 
-env:
-  GO_VERSION: "1.21.x"
-  GO_STABLE_VERSION: true
-
 permissions:
   contents: read
 
@@ -17,66 +13,54 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'anchore/grype' # only run for main repo
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
 
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      - name: Bootstrap environment
+        uses: ./.github/actions/bootstrap
         with:
-          go-version: ${{ env.GO_VERSION }}
-          stable: ${{ env.GO_STABLE_VERSION }}
-
-      - run: |
-          GOLANGCILINT_LATEST_VERSION=$(go list -m -json github.com/golangci/golangci-lint@latest 2>/dev/null | jq -r '.Version')
-          BOUNCER_LATEST_VERSION=$(go list -m -json github.com/wagoodman/go-bouncer@latest 2>/dev/null | jq -r '.Version')
-          CHRONICLE_LATEST_VERSION=$(go list -m -json github.com/anchore/chronicle@latest 2>/dev/null | jq -r '.Version')
-          GORELEASER_LATEST_VERSION=$(go list -m -json github.com/goreleaser/goreleaser@latest 2>/dev/null | jq -r '.Version')
-          GOSIMPORTS_LATEST_VERSION=$(go list -m -json github.com/rinchsan/gosimports@latest 2>/dev/null | jq -r '.Version')
-          YAJSV_LATEST_VERSION=$(go list -m -json github.com/neilpa/yajsv@latest 2>/dev/null | jq -r '.Version')
-          QUILL_LATEST_VERSION=$(go list -m -json github.com/anchore/quill@latest 2>/dev/null | jq -r '.Version')
-          GLOW_LATEST_VERSION=$(go list -m -json github.com/charmbracelet/glow@latest 2>/dev/null | jq -r '.Version')
-
-          # update version variables in the Makefile
-          sed -r -i -e 's/^(GOLANGCILINT_VERSION := ).*/\1'${GOLANGCILINT_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(BOUNCER_VERSION := ).*/\1'${BOUNCER_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(CHRONICLE_VERSION := ).*/\1'${CHRONICLE_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(GORELEASER_VERSION := ).*/\1'${GORELEASER_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(GOSIMPORTS_VERSION := ).*/\1'${GOSIMPORTS_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(YAJSV_VERSION := ).*/\1'${YAJSV_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(QUILL_VERSION := ).*/\1'${QUILL_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(GLOW_VERSION := ).*/\1'${GLOW_LATEST_VERSION}'/' Makefile
+          bootstrap-apt-packages: ""
+          compute-fingerprints: "false"
+          go-dependencies: false
 
-          # export the versions for use with create-pull-request
-          echo "GOLANGCILINT=$GOLANGCILINT_LATEST_VERSION" >> $GITHUB_OUTPUT
-          echo "BOUNCER=$BOUNCER_LATEST_VERSION" >> $GITHUB_OUTPUT
-          echo "CHRONICLE=$CHRONICLE_LATEST_VERSION" >> $GITHUB_OUTPUT
-          echo "GORELEASER=$GORELEASER_LATEST_VERSION" >> $GITHUB_OUTPUT
-          echo "GOSIMPORTS=$GOSIMPORTS_LATEST_VERSION" >> $GITHUB_OUTPUT
-          echo "YAJSV=$YAJSV_LATEST_VERSION" >> $GITHUB_OUTPUT
-          echo "QUILL=$QUILL_LATEST_VERSION" >> $GITHUB_OUTPUT
-          echo "GLOW=$GLOW_LATEST_VERSION" >> $GITHUB_OUTPUT
+      - name: "Update tool versions"
         id: latest-versions
+        run: |
+          make update-tools
+          make list-tools
+          
+          export NO_COLOR=1
+          delimiter="$(openssl rand -hex 8)"
+          
+          {
+            echo "status<<${delimiter}"
+            make list-tool-updates
+            echo "${delimiter}"
+          } >> $GITHUB_OUTPUT
+          
+          {
+            echo "### Tool version status"
+            echo "\`\`\`"
+            make list-tool-updates
+            echo "\`\`\`"
+          } >> $GITHUB_STEP_SUMMARY
 
-      - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+      - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
         id: generate-token
         with:
           app_id: ${{ secrets.TOKEN_APP_ID }}
           private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
 
-      - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
+      - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e #v6.0.5
         with:
           signoff: true
           delete-branch: true
-          branch: auto/latest-bootstrap-tools
+          branch: auto/latest-tools
           labels: dependencies
-          commit-message: 'chore(deps): update bootstrap tools to latest versions'
-          title: 'chore(deps): update bootstrap tools to latest versions'
+          commit-message: 'chore(deps): update tools to latest versions'
+          title: 'chore(deps): update tools to latest versions'
           body: |
-            - [golangci-lint ${{ steps.latest-versions.outputs.GOLANGCILINT }}](https://github.com/golangci/golangci-lint/releases/tag/${{ steps.latest-versions.outputs.GOLANGCILINT }})
-            - [bouncer ${{ steps.latest-versions.outputs.BOUNCER }}](https://github.com/wagoodman/go-bouncer/releases/tag/${{ steps.latest-versions.outputs.BOUNCER }})
-            - [chronicle ${{ steps.latest-versions.outputs.CHRONICLE }}](https://github.com/anchore/chronicle/releases/tag/${{ steps.latest-versions.outputs.CHRONICLE }})
-            - [goreleaser ${{ steps.latest-versions.outputs.GORELEASER }}](https://github.com/goreleaser/goreleaser/releases/tag/${{ steps.latest-versions.outputs.GORELEASER }})
-            - [gosimports ${{ steps.latest-versions.outputs.GOSIMPORTS }}](https://github.com/rinchsan/gosimports/releases/tag/${{ steps.latest-versions.outputs.GOSIMPORTS }})
-            - [yajsv ${{ steps.latest-versions.outputs.YAJSV }}](https://github.com/neilpa/yajsv/releases/tag/${{ steps.latest-versions.outputs.YAJSV }})
-            - [quill ${{ steps.latest-versions.outputs.QUILL }}](https://github.com/anchore/quill/releases/tag/${{ steps.latest-versions.outputs.QUILL }})  
-            - [glow ${{ steps.latest-versions.outputs.GLOW }}](https://github.com/charmbracelet/glow/releases/tag/${{ steps.latest-versions.outputs.GLOW }})  
-            This is an auto-generated pull request to update all of the bootstrap tools to the latest versions.
+            ```
+            ${{ steps.latest-versions.outputs.status }}
+            ```
+            This is an auto-generated pull request to update all of the tools to the latest versions.
           token: ${{ steps.generate-token.outputs.token }}