Fixed findings

engity-com · Oct 10, 2024 · 539bb63 · 539bb63
1 parent b78c37f
commit 539bb63
Show file tree

Hide file tree

Showing 9 changed files with 7 additions and 214 deletions.
diff --git a/.github/workflows/pr-publish.yaml b/.github/workflows/pr-publish.yaml
@@ -1,7 +1,7 @@
 name: Pull-Requests Images
 
 env:
-  LABEL_NAME: "test publish"
+  LABEL_NAME: "test_publish"
   WORKFLOW_CI_FN: "ci.yaml"
   GITHUB_TOKEN: ${{ github.token }}
   GITHUB_PR_ID: ${{github.event.number}}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,23 +18,14 @@ jobs:
   release:
     name: "Release"
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/engity-com/build-images/go
     steps:
-      - name: Install Ubuntu dependencies
-        run: sudo apt install libpam0g-dev
-
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Install Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache-dependency-path: |
-            go.sum
-
       - name: Cache
         uses: actions/cache@v4
         with:

diff --git a/cmd/build/build-artifact.go b/cmd/build/build-artifact.go
@@ -1,9 +1,7 @@
 package main
 
 import (
-	"archive/tar"
 	"fmt"
-	"io"
 	"iter"
 	gos "os"
 	"strings"
@@ -12,7 +10,6 @@ import (
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 
 	"github.com/engity-com/bifroest/pkg/common"
-	"github.com/engity-com/bifroest/pkg/errors"
 )
 
 type buildArtifactCloser func() error
@@ -109,12 +106,6 @@ func (this buildArtifacts) onlyOfType(t buildArtifactType) iter.Seq[*buildArtifa
 	})
 }
 
-func (this buildArtifacts) onlyOfEdition(e edition) iter.Seq[*buildArtifact] {
-	return this.filter(func(candidate *buildArtifact) bool {
-		return candidate.edition == e
-	})
-}
-
 func (this buildArtifacts) withoutType(t buildArtifactType) iter.Seq[*buildArtifact] {
 	return this.filter(func(candidate *buildArtifact) bool {
 		return candidate.t != t
@@ -179,145 +170,6 @@ func (this *buildArtifact) toLayer(otherItems iter.Seq2[imageArtifactLayerItem,
 	return result.layer, nil
 }
 
-func (this *buildArtifact) toTarReader(configFilename string) func() (io.ReadCloser, error) {
-	return func() (io.ReadCloser, error) {
-		success := false
-		pr, pw := io.Pipe()
-		result := &buildArtifactTarReader{owner: this, pr: pr, pw: pw}
-		defer common.IgnoreErrorIfFalse(&success, result.Close)
-
-		bf, err := this.openFile()
-		if err != nil {
-			return nil, err
-		}
-		defer common.IgnoreErrorIfFalse(&success, bf.Close)
-
-		bfi, err := bf.Stat()
-		if err != nil {
-			return nil, err
-		}
-
-		cf, err := gos.Open(configFilename)
-		if err != nil {
-			return nil, err
-		}
-		defer common.IgnoreErrorIfFalse(&success, cf.Close)
-
-		cfi, err := cf.Stat()
-		if err != nil {
-			return nil, err
-		}
-
-		adjustPath := func(in string) string {
-			// Also at Windows we need to always use /, because of the TAR format.
-			// The OCI runtime will fix this back to \ at execution.
-			in = strings.ReplaceAll(in, "\\", "/")
-			if len(in) > 3 && (in[0] == 'C' || in[0] == 'c') && in[1] == ':' && in[2] == '/' {
-				in = "Files/" + in[3:]
-			}
-			return in
-		}
-
-		go func() {
-			tw := tar.NewWriter(pw)
-			defer common.IgnoreCloseError(tw)
-
-			var format tar.Format
-			var paxRecords map[string]string
-
-			if this.platform.os == osWindows {
-				format = tar.FormatPAX
-				paxRecords = map[string]string{
-					"MSWINDOWS.rawsd": windowsUserOwnerAndGroupSID,
-				}
-
-				if err := tw.WriteHeader(&tar.Header{
-					Typeflag:   tar.TypeDir,
-					Name:       "Files",
-					Size:       bfi.Size(),
-					Mode:       0555,
-					Format:     format,
-					PAXRecords: paxRecords,
-					ModTime:    this.time,
-				}); err != nil {
-					_ = pw.CloseWithError(err)
-					return
-				}
-				if err := tw.WriteHeader(&tar.Header{
-					Typeflag:   tar.TypeDir,
-					Name:       "Hives",
-					Size:       bfi.Size(),
-					Mode:       0555,
-					Format:     format,
-					PAXRecords: paxRecords,
-					ModTime:    this.time,
-				}); err != nil {
-					_ = pw.CloseWithError(err)
-					return
-				}
-			}
-
-			if err := tw.WriteHeader(&tar.Header{
-				Typeflag:   tar.TypeReg,
-				Name:       adjustPath(this.platform.os.bifroestBinaryFilePath()),
-				Size:       bfi.Size(),
-				Mode:       0755,
-				Format:     format,
-				PAXRecords: paxRecords,
-				ModTime:    this.time,
-			}); err != nil {
-				_ = pw.CloseWithError(err)
-				return
-			}
-
-			if _, err := io.Copy(tw, bf); err != nil && !errors.Is(err, io.ErrClosedPipe) {
-				_ = pw.CloseWithError(err)
-				return
-			}
-
-			if err := tw.WriteHeader(&tar.Header{
-				Typeflag:   tar.TypeReg,
-				Name:       adjustPath(this.platform.os.bifroestConfigFilePath()),
-				Size:       cfi.Size(),
-				Mode:       0644,
-				Format:     format,
-				PAXRecords: paxRecords,
-				ModTime:    this.time,
-			}); err != nil {
-				_ = pw.CloseWithError(err)
-				return
-			}
-
-			if _, err := io.Copy(tw, cf); err != nil && !errors.Is(err, io.ErrClosedPipe) {
-				_ = pw.CloseWithError(err)
-				return
-			}
-
-			_ = pw.CloseWithError(nil)
-		}()
-
-		success = true
-		return result, nil
-
-	}
-}
-
-type buildArtifactTarReader struct {
-	owner *buildArtifact
-	pr    *io.PipeReader
-	pw    *io.PipeWriter
-}
-
-func (this *buildArtifactTarReader) Read(p []byte) (n int, err error) {
-	return this.pr.Read(p)
-}
-
-func (this *buildArtifactTarReader) Close() (rErr error) {
-	defer common.KeepCloseError(&rErr, this.pr)
-	defer common.KeepCloseError(&rErr, this.pw)
-	return nil
-}
-
 // userOwnerAndGroupSID is a magic value needed to make the binary executable
 // in a Windows container.
 //

diff --git a/cmd/build/build-binary.go b/cmd/build/build-binary.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	gos "os"
-	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
@@ -142,40 +141,3 @@ func (this *buildBinary) compile(ctx context.Context, p *platform) (*buildArtifa
 	success = true
 	return a, nil
 }
-
-func (this *buildBinary) buildLdFlags(ctx context.Context, _ os, _ arch, e edition, forTesting bool, version string) (string, error) {
-	fail := func(err error) (string, error) {
-		return "", err
-	}
-
-	testPrefix := ""
-	testSuffix := ""
-	if forTesting {
-		testPrefix = "TEST"
-		testSuffix = "TEST"
-	}
-	commit, err := this.build.commit(ctx)
-	if err != nil {
-		return fail(err)
-	}
-
-	return "-s -w" +
-		fmt.Sprintf(" -X main.edition=%v", e) +
-		fmt.Sprintf(" -X main.version=%s%s%s", testPrefix, version, testSuffix) +
-		fmt.Sprintf(" -X main.revision=%s", commit) +
-		fmt.Sprintf(" -X main.vendor=%s", this.build.vendor) +
-		fmt.Sprintf(" -X main.buildAt=%s", this.build.timeFormatted()), nil
-}
-
-func (this *buildBinary) outputName(o os, a arch, e edition, forTesting bool, version string) string {
-	dir := filepath.Join(this.build.dest, version)
-	_ = gos.MkdirAll(dir, 0755)
-
-	fn := fmt.Sprintf("%s-%v-%v-%v", this.prefix, o, a, e)
-	if forTesting {
-		fn += "-test"
-	}
-	fn += o.execExt()
-
-	return filepath.Join(dir, fn)
-}
diff --git a/cmd/build/build-image-layer.go b/cmd/build/build-image-layer.go
@@ -25,10 +25,6 @@ type imageArtifactLayerItem struct {
 	mode       gos.FileMode
 }
 
-func (this imageArtifactLayerItem) open() (*gos.File, error) {
-	return gos.Open(this.sourceFile)
-}
-
 func createImageArtifactLayer(os os, id string, time time.Time, items iter.Seq2[imageArtifactLayerItem, error]) (*buildImageLayer, error) {
 	fail := func(err error) (*buildImageLayer, error) {
 		return nil, fmt.Errorf("cannot create tar layer: %w", err)

diff --git a/cmd/build/build.go b/cmd/build/build.go
@@ -248,10 +248,6 @@ func (this *build) time() time.Time {
 	}
 }
 
-func (this *build) timeFormatted() string {
-	return this.time().Format(time.RFC3339)
-}
-
 func (this *build) getBuildContext(ctx context.Context) (*buildContext, error) {
 	for {
 		if v := this.buildContextP.Load(); v != nil {
@@ -369,7 +365,7 @@ func (this *build) resolveStages(ctx context.Context) (buildStages, error) {
 			return nil, err
 		}
 		// Ok, in this case allow images...
-		if pr.isOpen() && pr.hasLabel("test publish") {
+		if pr.isOpen() && pr.hasLabel("test_publish") {
 			return allBuildStageVariants, nil
 		}
 	}

diff --git a/cmd/build/dependencies-images-files.go b/cmd/build/dependencies-images-files.go
@@ -184,7 +184,7 @@ func (this *dependenciesImagesFiles) getFileFromLayer(layer v1.Layer, sourceFn,
 			return failf("cannot read TAR from uncompressed part of layer: %w", err)
 		}
 		if strings.EqualFold(header.Name, sourceFn) {
-			to, err := gos.OpenFile(targetFn, gos.O_TRUNC|gos.O_CREATE|gos.O_WRONLY, 644)
+			to, err := gos.OpenFile(targetFn, gos.O_TRUNC|gos.O_CREATE|gos.O_WRONLY, 0644)
 			if err != nil {
 				return failf("cannot create file %q: %w", targetFn, err)
 			}

diff --git a/cmd/build/os.go b/cmd/build/os.go
@@ -31,10 +31,6 @@ func (this os) String() string {
 	return v
 }
 
-func (this os) ociString() string {
-	return this.String()
-}
-
 func (this *os) Set(plain string) error {
 	v, ok := stringToOs[plain]
 	if !ok {

diff --git a/cmd/build/version.go b/cmd/build/version.go
@@ -11,9 +11,9 @@ import (
 )
 
 var (
-	versionPattern = regexp.MustCompile("^\\w[\\w.-]{0,127}$")
+	versionPattern = regexp.MustCompile(`^\w[\w.-]{0,127}$`)
 
-	versionNormalizePattern = regexp.MustCompile("[^\\w]+")
+	versionNormalizePattern = regexp.MustCompile(`[^\w]+`)
 )
 
 type version struct {