Add SLSA builder to release binary, and -version/-help flags (#5)

norbjd · May 31, 2024 · 4c73aa5 · 4c73aa5
1 parent 6a3dcf2
commit 4c73aa5
Show file tree

Hide file tree

Showing 6 changed files with 154 additions and 1 deletion.
diff --git a/.github/workflows/.slsa-goreleaser/README.md b/.github/workflows/.slsa-goreleaser/README.md
@@ -0,0 +1,3 @@
+Unfortunately, we can't have a single file with dynamic os/arch, so we have to define one file per target platform we want.
+
+See https://github.com/slsa-framework/slsa-github-generator/blob/v2.0.0/internal/builders/go/README.md#multi-platform-builds.
diff --git a/.github/workflows/.slsa-goreleaser/darwin-amd64.yaml b/.github/workflows/.slsa-goreleaser/darwin-amd64.yaml
@@ -0,0 +1,20 @@
+version: 1
+
+env:
+  - CGO_ENABLED=0
+
+flags:
+  - -trimpath
+
+goos: darwin
+goarch: amd64
+
+main: ./cmd/kueueleuleu/main.go
+
+binary: kueueleuleu-{{ .Os }}-{{ .Arch }}
+
+ldflags:
+  - "-X main.version={{ .Env.VERSION }}"
+  - "-X main.commit={{ .Env.COMMIT }}"
+  - "-X main.commitDate={{ .Env.COMMIT_DATE }}"
+  - "-X main.treeState={{ .Env.TREE_STATE }}"
diff --git a/.github/workflows/.slsa-goreleaser/darwin-arm64.yaml b/.github/workflows/.slsa-goreleaser/darwin-arm64.yaml
@@ -0,0 +1,20 @@
+version: 1
+
+env:
+  - CGO_ENABLED=0
+
+flags:
+  - -trimpath
+
+goos: darwin
+goarch: arm64
+
+main: ./cmd/kueueleuleu/main.go
+
+binary: kueueleuleu-{{ .Os }}-{{ .Arch }}
+
+ldflags:
+  - "-X main.version={{ .Env.VERSION }}"
+  - "-X main.commit={{ .Env.COMMIT }}"
+  - "-X main.commitDate={{ .Env.COMMIT_DATE }}"
+  - "-X main.treeState={{ .Env.TREE_STATE }}"
diff --git a/.github/workflows/.slsa-goreleaser/linux-amd64.yaml b/.github/workflows/.slsa-goreleaser/linux-amd64.yaml
@@ -0,0 +1,20 @@
+version: 1
+
+env:
+  - CGO_ENABLED=0
+
+flags:
+  - -trimpath
+
+goos: linux
+goarch: amd64
+
+main: ./cmd/kueueleuleu/main.go
+
+binary: kueueleuleu-{{ .Os }}-{{ .Arch }}
+
+ldflags:
+  - "-X main.version={{ .Env.VERSION }}"
+  - "-X main.commit={{ .Env.COMMIT }}"
+  - "-X main.commitDate={{ .Env.COMMIT_DATE }}"
+  - "-X main.treeState={{ .Env.TREE_STATE }}"
diff --git a/.github/workflows/slsa-goreleaser.yaml b/.github/workflows/slsa-goreleaser.yaml
@@ -0,0 +1,48 @@
+name: SLSA go releaser
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  args:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.ldflags.outputs.version }}
+      commit: ${{ steps.ldflags.outputs.commit }}
+      commit-date: ${{ steps.ldflags.outputs.commit-date }}
+      tree-state: ${{ steps.ldflags.outputs.tree-state }}
+    steps:
+      - id: checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v4.1.6
+        with:
+          fetch-depth: 0
+      - id: ldflags
+        run: |
+          echo "version=$(git describe --tags --always --dirty | cut -c2-)" >> "$GITHUB_OUTPUT"
+          echo "commit=$GITHUB_SHA" >> "$GITHUB_OUTPUT"
+          echo "commit-date=$(git log --date=iso8601-strict -1 --pretty=%cI)" >> "$GITHUB_OUTPUT"
+          echo "tree-state=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi)" >> "$GITHUB_OUTPUT"
+
+  build:
+    permissions:
+      id-token: write # to sign the provenance
+      contents: write # to upload assets to release
+      actions: read # to read the workflow path
+    strategy:
+      matrix:
+        os:
+          - linux
+          - darwin
+        arch:
+          - amd64
+          - arm64
+        exclude:
+          - os: linux
+            arch: arm64
+    needs: args
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] # cannot reference by digest, see: https://github.com/slsa-framework/slsa-github-generator/blob/v2.0.0/README.md#referencing-slsa-builders-and-generators
+    with:
+      go-version: 1.21
+      config-file: .github/workflows/.slsa-goreleaser/${{matrix.os}}-${{matrix.arch}}.yaml
+      evaluated-envs: "VERSION:${{needs.args.outputs.version}}, COMMIT:${{needs.args.outputs.commit}}, COMMIT_DATE:${{needs.args.outputs.commit-date}}, TREE_STATE:${{needs.args.outputs.tree-state}}"
diff --git a/cmd/kueueleuleu/main.go b/cmd/kueueleuleu/main.go
@@ -32,23 +32,65 @@ import (
 	kyaml "sigs.k8s.io/yaml"
 )
 
+// these variables are filled via ldflags when building: e.g. go build -ldflags="-X main.version=0.0.1" [...].
+//
+//nolint:gochecknoglobals
+var (
+	version    = "unknown"
+	commit     = "unknown"
+	commitDate = "unknown"
+	treeState  = "unknown"
+)
+
 var (
 	errMalformedK8sObject    = errors.New("malformed k8s object")
 	errUnknownK8sObject      = errors.New("unknown k8s object")
 	errUnsupportedConversion = errors.New("unsupported conversion")
 )
 
 func main() {
+	var (
+		displayVersion bool
+		help           bool
+	)
+
+	flag.BoolVar(&displayVersion, "version", false, "output version information and exit")
+	flag.BoolVar(&help, "help", false, "display this help and exit")
+
 	file := flag.String("f", "", "path to YAML file or - (stdin)")
 	flag.Parse()
 
+	if help {
+		displayUsageAndExit(0)
+	}
+
+	if displayVersion {
+		fmt.Fprintf(os.Stdout, `kueueleuleu %s (commit: %s, date: %s, tree state: %s)
+Copyright © 2023 norbjd
+License GPLv3: GNU GPL version 3 <https://gnu.org/licenses/gpl.html>
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY.
+`, version, commit, commitDate, treeState)
+		os.Exit(0)
+	}
+
 	if file == nil || *file == "" {
-		log.Fatal("input is not set")
+		log.Println("input is not set")
+		displayUsageAndExit(1)
 	}
 
 	convertYAML(*file, os.Stdout)
 }
 
+func displayUsageAndExit(exitCode int) {
+	flag.Usage()
+	fmt.Fprintf(os.Stdout, `
+Report bugs to: <https://github.com/norbjd/kueueleuleu/issues>
+kueueleuleu home page: <https://github.com/norbjd/kueueleuleu>
+`)
+	os.Exit(exitCode)
+}
+
 func convertYAML(inputFilename string, w io.Writer) {
 	input := getInput(inputFilename)
 	convertReader(input, w)