test-go

test go

🔗 Table of Contents

• Usage
  • Go CLI
  • Binary
  • Docker
• Dev
  • Run linter and formatter
  • Run test
• Support & Assistance
• Contributing
• Security
• License

🪐 Usage

🐹 Go CLI

Install the package go install github.com/m0nsterrr/test-go@latest.

🪛 Binary

version="1.0.0"
platform="linux-amd64"

# Download binary
wget "https://github.com/m0nsterrr/test-go/releases/download/v${version}/test-go-${version}-${platform}.tar.gz"

# Verify checksum (recommended but not required)
wget "https://github.com/m0nsterrr/test-go/releases/download/v${version}/checksums.txt"
sha256sum --ignore-missing -c checksums.txt

# Verify binary signature (recommended but not required)
cosign verify-blob \
  --certificate-identity "https://github.com/M0NsTeRRR/test-go/.github/workflows/release.yml@refs/tags/v${version}" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --cert "https://github.com/m0nsterrr/test-go/releases/download/v${version}/test-go-${version}-${platform}.pem" \
  --signature "https://github.com/m0nsterrr/test-go/releases/download/v${version}/test-go-${version}-${platform}.sig" \
  ./test-go-${version}-${platform}.tar.gz

# Extract binary
tar -xvzf test-go-${version}-${platform}.tar.gz

# Verify SBOM attestation (recommended but not required)
wget "https://github.com/m0nsterrr/test-go/releases/download/v${version}/test-go-${version}-${platform}.sbom.bundle"
cosign verify-blob-attestation \
  --type=cyclonedx \
  --new-bundle-format \
  --certificate-identity "https://github.com/M0NsTeRRR/test-go/.github/workflows/release.yml@refs/tags/v${version}" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --bundle test-go-${version}-${platform}.sbom.bundle
  ./test-go-${version}-${platform}.tar.gz

# Scan SBOM attestation, SBOM attestation was saved from the previous step  (recommended but not required)
jq -r '.dsseEnvelope.payload' test-go-${version}-${platform}.sbom.bundle | base64 -d | jq -r '.predicate' > ./test-go-${version}-${platform}-extracted.sbom.bundle
trivy sbom ./test-go-${version}-${platform}-extracted.sbom.bundle

🐳 Docker

version="1.0.0"

# Pull image
docker pull ghcr.io/m0nsterrr/test-go:v${version}

# Verify image signature (recommended but not required)
cosign verify ghcr.io/m0nsterrr/test-go:v${version} \
  --certificate-identity "https://github.com/M0NsTeRRR/test-go/.github/workflows/release.yml@refs/tags/v${version}" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

# Verify image attestation (recommended but not required)
cosign verify-attestation ghcr.io/m0nsterrr/test-go:v${version} \
  --type=cyclonedx \
  --certificate-identity "https://github.com/M0NsTeRRR/test-go/.github/workflows/release.yml@refs/tags/v${version}" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" > ./extracted-sbom.cdx.json

# Scan SBOM attestation, SBOM attestation was saved from the previous step  (recommended but not required)
trivy sbom ./extracted-sbom.cdx.json

🛠️ Dev

Install Go.

Run linter and formatter

golangci-lint must be installed.

golangci-lint run
go fmt .

Run test

go test

Devcontainer

A dev container is available; the documentation can be found on how to use it here.

🙋‍♂️ Support & Assistance

• Take a look at the support document on guidelines for tips on how to ask the right questions.
• For all questions/features/bugs/issues head over here.

🤝 Contributing

• Please review the Code of Conduct for guidelines on ensuring everyone has the best experience interacting with the community.
• We welcome and encourage contributions to this project ! Please review the contributing doc for submitting issues/a guide on submitting pull requests and helping out.

🛡️ Security

See security file for details.

⚖️ License

See here.