Bug fixes and optimizations (#133)

* Dependency updates
* Updates workflows

Author: djschleen

.devcontainer/devcontainer.json

@@ -0,0 +1,7 @@
+{
+  "name": "hookz-devcontainer",
+  "image": "mcr.microsoft.com/devcontainers/go:1-1.22-bookworm",
+  "features": {
+    "ghcr.io/devcontainers-contrib/features/starship:1": {}
+  }
+}

.github/workflows/codeql-analysis.yml

@@ -65,3 +65,4 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
+

.github/workflows/go-quality.yml

@@ -6,12 +6,12 @@ jobs:
     steps:
       - 
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - 
         name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: '1.18'
+          go-version: '1.22'
       - 
         name: Install Dependencies
         run: |

.github/workflows/release.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       # - 
@@ -24,27 +24,31 @@ jobs:
       #     snapcraft_token: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
       -
         name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.18
-      -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser
-          version: ${{ env.GITHUB_REF_NAME }}
-          args: release --rm-dist
-        env:
-          GITHUB_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}
+          go-version: '1.22'
+          check-latest: true
+      - 
+        run: go version
       - 
         name: Generate SBOM
         uses: anchore/sbom-action@v0
         with:
           artifact-name: hookz.cyclonedx.json
           path: .
+          format: cyclonedx-json
       - 
         name: Release SBOM
         uses: anchore/sbom-action/publish-sbom@v0
         with:
           sbom-artifact-match: ".*\\.cyclonedx.json$"
+      -
+        name: Run GoReleaser
+        uses: goreleaser/[email protected]
+        with:
+          distribution: goreleaser
+          version: ${{ env.GITHUB_REF_NAME }}
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}
 

.gitignore

@@ -16,5 +16,6 @@
 
 hookz
 coverage.out
+coverage.html
 
 .DS_Store

.hookz.yaml

@@ -1,10 +1,10 @@
   version: 2.4.3
   sources:
-    - source: github.com/anchore/syft/cmd/syft@latest
-    - source: github.com/devops-kung-fu/hinge@latest
-    - source: github.com/kisielk/errcheck@latest      
-    - source: golang.org/x/lint/golint@latest
-    - source: github.com/fzipp/gocyclo/cmd/gocyclo@latest
+      - source: github.com/devops-kung-fu/hinge@latest
+      - source: github.com/kisielk/errcheck@latest      
+      - source: honnef.co/go/tools/cmd/staticcheck@latest
+      - source: github.com/fzipp/gocyclo/cmd/gocyclo@latest
+      - source: golang.org/x/vuln/cmd/govulncheck@latest
   hooks:
     - type: pre-commit
       actions:
@@ -20,32 +20,30 @@
         - name: "gofmt: Run gofmt to format the code"
           exec: gofmt
           args: ["-s", "-w", "**/*.go"]
-        - name: "golint: Lint all go files"
-          exec: golint
-          args: ["-set_exit_status", "./..."] #to error out, add the arg "-set_exit_status"
+        # - name: "staticcheck: Lint all go files"
+        #   exec: staticcheck
+        #   args: ["-f", "stylish", "-checks", "all", "./..."] #to error out, add the arg "-set_exit_status"
         - name: "errcheck: Ensure that errors are checked"
           exec: errcheck
           args: ["-ignoretests", "./..."]
+        - name: "govulncheck: Check for vulnerabilities"
+          exec: govulncheck
+          args: ["./..."]
         - name: "gocyclo: Check cyclomatic complexities"
           exec: gocyclo
-          args: ["-over", "14", "."]
+          args: ["-over", "9", "."]
         - name: Hinge
           exec: hinge
           args: ["."]
         - name: "go: Build (Ensure pulled modules do not break the build)"
           exec: go
-          args: ["build", "-v"]
+          args: ["build", "-v", "./..."]
         - name: "go: Run all tests"
           exec: go
           args: ["test", "-v", "-coverprofile=coverage.out", "./..."]
         - name: "go: Test coverage"
           exec: go
           args: ["tool", "cover", "-func=coverage.out"]
-        - name: "syft: Generate a Software Bill of Materials (SBoM)"
-          script: "
-            #!/bin/bash \n
-            syft . -o cyclonedx-json=sbom/hookz.cyclonedx.json &> /dev/null \n
-            "
         - name: "git: Add all changed files during the pre-commit stage"
           exec: git
           args: ["add", "."]

Makefile

@@ -20,6 +20,7 @@ check: build ## Tests the pre-commit hooks if they exist
 
 test: ## Runs tests and coverage
 	@go test -v -coverprofile=coverage.out ./... && go tool cover -func=coverage.out
+	@go tool cover -html=coverage.out -o coverage.html
 
 install: build ## Builds an executable local version of Hookz and puts in in /usr/local/bin
 	@sudo chmod +x hookz

go.mod

@@ -1,15 +1,17 @@
 module github.com/devops-kung-fu/hookz
 
-go 1.18
+go 1.22
+
+toolchain go1.22.0
 
 require (
 	github.com/dustin/go-humanize v1.0.1
-	github.com/gookit/color v1.5.3
+	github.com/gookit/color v1.5.4
 	github.com/jarcoal/httpmock v1.2.0
 	github.com/segmentio/ksuid v1.0.4
-	github.com/spf13/afero v1.9.5
-	github.com/spf13/cobra v1.7.0
-	github.com/stretchr/testify v1.8.0
+	github.com/spf13/afero v1.11.0
+	github.com/spf13/cobra v1.8.0
+	github.com/stretchr/testify v1.8.4
 	gopkg.in/yaml.v2 v2.4.0
 )
 
@@ -20,7 +22,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )