alpha:bugfix - fixing errors with alpha workflow publish release (#860)

Replaced workflow action used to publish the release, also had to change binary names to match the actual name in release, since the new action does not support renaming during publish. The binary names changes let to another change, i had to change the goreleaser Dockerfiles to match correct binary according to architecture.

Depends on a new devkit tag with the ZupIT/horusec-devkit#140 fixes.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
(cherry picked from commit a176a24)

.github/workflows/alpha.yml

@@ -27,12 +27,12 @@ jobs:
       COSIGN_KEY_LOCATION: /tmp/cosign.key
       COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
 
-
     steps:
       - name: Checkout
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
+
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
@@ -43,6 +43,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
@@ -91,6 +92,7 @@ jobs:
           cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-cli:alpha
         env:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
+
       - name: Create local tag
         run: mage -v createAlphaTag
 
@@ -106,65 +108,69 @@ jobs:
           GORELEASER_CURRENT_TAG: v0.0.0-alpha
           CURRENT_DATE: ${{ steps.date.outputs.date }}
           CLI_VERSION: alpha
+
       - name: Delete outdate release
         uses: dev-drprasad/delete-tag-and-release@v0.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           delete_release: true
           tag_name: alpha
+
       - name: Update alpha release
-        uses: meeDamian/github-release@2.0
+        uses: softprops/action-gh-release@v1
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          tag: alpha
           name: alpha
-          draft: false
+          tag_name: alpha
           prerelease: true
-          commitish: ${{ github.sha }}
-          gzip: false
-          allow_override: true
-          files: |
-            checksums.txt:./dist/checksums.txt
-            checksums.txt.sig:./dist/checksums.txt.sig
-            cosign.pub:./deployments/cosign.pub
-            horusec_linux_amd64:./dist/horusec_linux_amd64/horusec
-            horusec_linux_amd64.sig:./dist/horusec_linux_amd64/horusec.sig
-            horusec_linux_x86:./dist/horusec_linux_386/horusec
-            horusec_linux_x86.sig:./dist/horusec_linux_386/horusec.sig
-            horusec_mac_amd64:./dist/horusec_darwin_amd64/horusec
-            horusec_mac_amd64.sig:./dist/horusec_darwin_amd64/horusec.sig
-            horusec_win_amd64.exe:./dist/horusec_windows_amd64/horusec.exe
-            horusec_win_amd64.exe.sig:./dist/horusec_windows_amd64/horusec.exe.sig
-            horusec_win_x86.exe:./dist/horusec_windows_386/horusec.exe
-            horusec_win_x86.exe.sig:./dist/horusec_windows_386/horusec.exe.sig
-            horusec_linux_arm64:./dist/horusec_linux_arm64/horusec
-            horusec_linux_arm64.sig:./dist/horusec_linux_arm64/horusec.sig
-            horusec_win_arm64.exe:./dist/horusec_windows_arm64/horusec.exe
-            horusec_win_arm64.exe.sig:./dist/horusec_windows_arm64/horusec.exe.sig
-            horusec_mac_arm64:./dist/horusec_darwin_arm64/horusec
-            horusec_mac_arm64.sig:./dist/horusec_darwin_arm64/horusec.sig
-
-
-            horusec_linux_amd64_stand_alone:./dist/horusec-standalone_linux_amd64/horusec
-            horusec_linux_amd64_stand_alone.sig:./dist/horusec-standalone_linux_amd64/horusec.sig
-            horusec_linux_x86_stand_alone:./dist/horusec-standalone_linux_386/horusec
-            horusec_linux_x86_stand_alone.sig:./dist/horusec-standalone_linux_386/horusec.sig
-            horusec_mac_amd64_stand_alone:./dist/horusec-standalone_darwin_amd64/horusec
-            horusec_mac_amd64_stand_alone.sig:./dist/horusec-standalone_darwin_amd64/horusec.sig
-            horusec_win_amd64_stand_alone.exe:./dist/horusec-standalone_windows_amd64/horusec.exe
-            horusec_win_amd64_stand_alone.exe.sig:./dist/horusec-standalone_windows_amd64/horusec.exe.sig
-            horusec_win_x86.exe_stand_alone:./dist/horusec-standalone_windows_386/horusec.exe
-            horusec_win_x86.exe_stand_alone.sig:./dist/horusec-standalone_windows_386/horusec.exe.sig
-            horusec_linux_arm64_stand_alone:./dist/horusec-standalone_linux_arm64/horusec
-            horusec_linux_arm64_stand_alone.sig:./dist/horusec-standalone_linux_arm64/horusec.sig
-            horusec_win_arm64_stand_alone.exe:./dist/horusec-standalone_windows_arm64/horusec.exe
-            horusec_win_arm64_stand_alone.exe.sig:./dist/horusec-standalone_windows_arm64/horusec.exe.sig
-            horusec_mac_arm64_stand_alone:./dist/horusec-standalone_darwin_arm64/horusec
-            horusec_mac_arm64_stand_alone.sig:./dist/horusec-standalone_darwin_arm64/horusec.sig
-
+          draft: false
+          target_commitish: ${{ github.sha }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           body: |
+            ## Description
+
+            This tag it's updated every time there's a change in the main branch. It's a developement tag and should not be used in production.
+
             ## Docker images
+
             - `docker pull horuszup/horusec-cli:alpha`
+          files: |
+            ./dist/checksums.txt
+            ./dist/checksums.txt.sig
+            ./deployments/cosign.pub
+            ./dist/horusec_linux_amd64/horusec_linux_amd64
+            ./dist/horusec_linux_amd64/horusec_linux_amd64.sig
+            ./dist/horusec_linux_386/horusec_linux_x86
+            ./dist/horusec_linux_386/horusec_linux_x86.sig
+            ./dist/horusec_darwin_amd64/horusec_mac_amd64
+            ./dist/horusec_darwin_amd64/horusec_mac_amd64.sig
+            ./dist/horusec_windows_amd64/horusec_win_amd64.exe
+            ./dist/horusec_windows_amd64/horusec_win_amd64.exe.sig
+            ./dist/horusec_windows_386/horusec_win_x86.exe
+            ./dist/horusec_windows_386/horusec_win_x86.exe.sig
+            ./dist/horusec_linux_arm64/horusec_linux_arm64
+            ./dist/horusec_linux_arm64/horusec_linux_arm64.sig
+            ./dist/horusec_windows_arm64/horusec_win_arm64.exe
+            ./dist/horusec_windows_arm64/horusec_win_arm64.exe.sig
+            ./dist/horusec_darwin_arm64/horusec_mac_arm64
+            ./dist/horusec_darwin_arm64/horusec_mac_arm64.sig
+
+            ./dist/horusec-standalone_linux_amd64/horusec_linux_amd64_stand_alone
+            ./dist/horusec-standalone_linux_amd64/horusec_linux_amd64_stand_alone.sig
+            ./dist/horusec-standalone_linux_386/horusec_linux_x86_stand_alone
+            ./dist/horusec-standalone_linux_386/horusec_linux_x86_stand_alone.sig
+            ./dist/horusec-standalone_darwin_amd64/horusec_mac_amd64_stand_alone
+            ./dist/horusec-standalone_darwin_amd64/horusec_mac_amd64_stand_alone.sig
+            ./dist/horusec-standalone_windows_amd64/horusec_win_amd64_stand_alone.exe
+            ./dist/horusec-standalone_windows_amd64/horusec_win_amd64_stand_alone.exe.sig
+            ./dist/horusec-standalone_windows_386/horusec_win_x86_stand_alone.exe
+            ./dist/horusec-standalone_windows_386/horusec_win_x86_stand_alone.exe.sig
+            ./dist/horusec-standalone_linux_arm64/horusec_linux_arm64_stand_alone
+            ./dist/horusec-standalone_linux_arm64/horusec_linux_arm64_stand_alone.sig
+            ./dist/horusec-standalone_windows_arm64/horusec_win_arm64_stand_alone.exe
+            ./dist/horusec-standalone_windows_arm64/horusec_win_arm64_stand_alone.exe.sig
+            ./dist/horusec-standalone_darwin_arm64/horusec_mac_arm64_stand_alone
+            ./dist/horusec-standalone_darwin_arm64/horusec_mac_arm64_stand_alone.sig
+
       - name: Push updates
-        run: mage -v gitPushAlpha
+        run: mage -v gitPushAlpha

deployments/Dockerfile-gorelease → deployments/Dockerfile-gorelease-amd64

@@ -14,6 +14,6 @@
 
 FROM docker:20.10-git
 
-COPY /horusec /usr/local/bin/horusec
+COPY /horusec_linux_amd64 /usr/local/bin/horusec
 
 CMD [ "sh" ]

deployments/Dockerfile-gorelease-arm64

@@ -0,0 +1,19 @@
+# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM docker:20.10-git
+
+COPY /horusec_linux_arm64 /usr/local/bin/horusec
+
+CMD [ "sh" ]

go.mod

@@ -3,7 +3,7 @@ module github.com/ZupIT/horusec
 go 1.17
 
 require (
-	github.com/ZupIT/horusec-devkit v1.0.20
+	github.com/ZupIT/horusec-devkit v1.0.21
 	github.com/ZupIT/horusec-engine v0.3.6
 	github.com/bmatcuk/doublestar/v4 v4.0.2
 	github.com/briandowns/spinner v1.16.0
@@ -28,46 +28,30 @@ require (
 
 require (
 	github.com/Microsoft/go-winio v0.5.1 // indirect
-	github.com/Microsoft/hcsshim v0.9.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/bits-and-blooms/bitset v1.2.1 // indirect
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect
-	github.com/containerd/cgroups v1.0.2 // indirect
 	github.com/containerd/containerd v1.5.8 // indirect
-	github.com/containerd/continuity v0.2.1 // indirect
-	github.com/containerd/fifo v1.0.0 // indirect
-	github.com/containerd/ttrpc v1.1.0 // indirect
-	github.com/containerd/typeurl v1.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/distribution v2.7.1+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
-	github.com/gogo/googleapis v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-github/v40 v40.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/klauspost/compress v1.13.6 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mattn/go-colorable v0.1.11 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mitchellh/mapstructure v1.4.2 // indirect
-	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/sys/mountinfo v0.5.0 // indirect
 	github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/runc v1.0.2 // indirect
-	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect
-	github.com/opencontainers/selinux v1.10.0 // indirect
 	github.com/pelletier/go-toml v1.9.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -76,10 +60,8 @@ require (
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/stretchr/objx v0.3.0 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
-	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
+	golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect
 	golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20211124211545-fe61309f8881 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect