Merge pull request #142 from ANDDEV-OSS/&DEV/OCI_Container_Support

Support for clair v4 and OCI

Author: datadot

.devcontainer/Dockerfile.devcontainer

@@ -0,0 +1,25 @@
+# Use a Go development container as the base image
+FROM mcr.microsoft.com/devcontainers/go:1-1.23-bookworm
+
+# Install Docker dependencies and tools
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        gnupg && \
+    # Create keyrings directory and download Docker GPG key
+    install -m 0755 -d /etc/apt/keyrings && \
+    curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \
+    chmod a+r /etc/apt/keyrings/docker.asc && \
+    # Add Docker repository
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+    $(. /etc/os-release && echo "${VERSION_CODENAME}") stable" | \
+    tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+    # Update and install Docker
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+        docker-ce \
+        docker-ce-cli \
+        containerd.io \
+        docker-buildx-plugin \
+        docker-compose-plugin

.devcontainer/devcontainer.json

@@ -0,0 +1,32 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/go
+{
+  "name": "Go",
+  "dockerComposeFile": "../docker-compose.devcontainers.yml",
+  "service": "clair-scanner",
+  "workspaceFolder": "/workspaces/clair-scanner",
+  "shutdownAction": "stopCompose",
+  "customizations": {
+    "extensions": [
+      "ms-azuretools.vscode-docker"
+    ],
+    "vscode": {
+      "extensions": [
+        "ms-azuretools.vscode-docker",
+        "ms-vscode.makefile-tools",
+        "golang.Go"
+      ]
+    }
+  },
+  "postCreateCommand": {
+    "configure-docker": "sudo chown $(whoami) /var/run/docker.sock",
+    "docker-pull": "docker pull python:bullseye"
+  }
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // "forwardPorts": [],
+  // Use 'postCreateCommand' to run commands after the container is created.
+  // "postCreateCommand": "go version",
+  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+  // "remoteUser": "root"
+}

.github/workflows/build-and-release.yaml

@@ -0,0 +1,98 @@
+name: Build, Test, and Release
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+-prerelease-[0-9]+'
+      - '[0-9]+.[0-9]+.[0-9]+' # Trigger on semantic version tags (e.g., v1.0.0)
+
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        goos: [linux, windows, darwin]
+        goarch: [amd64, arm64]
+    steps:
+      # Step 1: Checkout code
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      # Step 2: Set up Go
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.22
+
+      # Step 3: Run Go tests
+      - name: Run Go tests
+        run: |
+          go test ./... -v
+
+      # Step 4: Build the Go app for each platform
+      - name: Build for ${{ matrix.goos }}-${{ matrix.goarch }}
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+        run: |
+          mkdir -p dist
+          output_name=clair-scanner_${GOOS}-${GOARCH}
+          [ "$GOOS" = "windows" ] && output_name+=".exe"
+          go build -o dist/$output_name
+
+      # Step 5: Upload binaries as artifacts for inspection
+      - name: Upload binaries
+        uses: actions/upload-artifact@v3
+        with:
+          name: clair-scanner_${{ matrix.goos }}_${{ matrix.goarch }}
+          path: dist/
+
+  release:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      # Step 1: Checkout code
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      # Step 2: Download build artifacts
+      - name: Download binaries
+        uses: actions/download-artifact@v3
+        with:
+          path: dist/
+
+      - name: Determine if Prerelease
+        id: prerelease-check
+        run: |
+          if [[ "${GITHUB_REF_NAME}" =~ -prerelease-[0-9]+$ ]]; then
+            echo "is_prerelease=true" >> $GITHUB_ENV
+          else
+            echo "is_prerelease=false" >> $GITHUB_ENV
+          fi
+
+      # Step 3: Create GitHub Release
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref_name }}
+          name: Release ${{ github.ref_name }}
+          body: |
+            Automated release for ${{ github.ref_name }}.
+          draft: false
+          prerelease: ${{ env.is_prerelease }}
+
+      # Step 4: Upload binaries to the release
+      - name: Upload Release Assets
+        run: |
+          pwd
+          ls -alh dist/
+          find dist/ -type f -print0 | while IFS= read -r -d '' file; do
+            echo "Uploading: $file"
+            gh release upload "${{ github.ref_name }}" "$file"
+          done
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,4 +1,7 @@
 vendor
 clair-scanner
 *.out
-dist
+dist
+clair_report.json
+clair-scanner_*
+report.txt

.travis.yml

@@ -0,0 +1,16 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch main.go",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}",
+            "args": ["--clair", "http://localhost:8080", "--threshold=High", "--report", "clair_report.json", "python:bullseye"]
+        }
+    ]
+}

.vscode/launch.json

@@ -0,0 +1,3 @@
+{
+    "makefile.configureOnOpen": false
+}

.vscode/settings.json

@@ -10,12 +10,15 @@ build:
 installLocal:
 	CGO_ENABLED=0 go install
 
-docker:
-	@cd docker && \
-		docker build -t golang-cross-compile .
-
-cross: docker
-	docker run -ti --rm -e CGO_ENABLED=0 -v $(CURDIR):/gopath/src/clair-scanner -w /gopath/src/clair-scanner golang-cross-compile gox -osarch="darwin/amd64 darwin/386 linux/amd64 linux/386 windows/amd64 windows/386" -output "dist/{{.Dir}}_{{.OS}}_{{.Arch}}"
+cross:
+	@archs="linux/386 linux/amd64 linux/arm linux/arm64 darwin/amd64 darwin/arm64"; \
+	for arch in $$archs; do \
+		GOOS=$$(echo $$arch | cut -d'/' -f1); \
+		GOARCH=$$(echo $$arch | cut -d'/' -f2); \
+		echo "Building for $$GOOS/$$GOARCH"; \
+		CMD="GOOS=$$GOOS GOARCH=$$GOARCH go build -o clair-scanner_$${GOOS}_$${GOARCH}"; \
+		eval $$CMD; \
+	done
 
 clean:
 	rm -rf dist
@@ -30,8 +33,8 @@ test:
 	go test
 
 pull:
-	docker pull alpine:3.5
-	docker pull debian:jessie
+	docker pull alpine:3.20
+	docker pull debian:bookworm
 
 db:
 	docker run -p 5432:5432 -d --name db arminc/clair-db:latest
@@ -41,10 +44,12 @@ clair:
 	docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:latest
 	@sleep 5
 
-integration: pull db clair
-	go test -v -covermode=count -coverprofile=coverage.out -ip $(shell ipconfig getifaddr en0) -tags integration
+#integration: pull db clair
+integration:
+	go test -v -covermode=count -coverprofile=coverage.out -ip 127.0.0.1 -tags integration
 
-integrationlinux: pull db clair
-	go test -v -covermode=count -coverprofile=coverage.out -ip $(shell ifconfig docker0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1) -tags integration
+#integrationlinux: pull db clair
+integration:
+	go test -v -covermode=count -coverprofile=coverage.out -ip 127.0.0.1 -tags integration
 
 release: integrationlinux build cross