add releaser mechanism

.github/workflows/release.yml

@@ -0,0 +1,70 @@
+name: cfsec release
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  build:
+    name: releasing cfsec
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - uses: actions/setup-go@v2
+      with:
+        stable: 'false'
+        go-version: '1.17'
+    - run: go version
+
+#    - name: Import GPG key
+#      id: import_gpg
+#      uses: crazy-max/ghaction-import-gpg@v3
+#      with:
+#        gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+#        passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
+#    - name: Login to docker.io registry
+#      uses: docker/login-action@v1
+#      with:
+#        username: ${{ secrets.DOCKERHUB_USER }}
+#        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Release
+      uses: goreleaser/goreleaser-action@v2
+      with:
+       version: latest
+       args: release --rm-dist
+      env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+#    - name: Release Docs
+#      run: make publish-docs
+#      env:
+#          DOCS_GITHUB_TOKEN: ${{ secrets.DOCS_GITHUB_TOKEN }}
+#
+## temporary hack to copy over the aquasec images to legacy docker hub repo
+#    - name: Login to docker.io registry
+#      uses: docker/login-action@v1
+#      with:
+#        username: ${{ secrets.TFSEC_DOCKERHUB_USER }}
+#        password: ${{ secrets.TFSEC_DOCKERHUB_TOKEN }}
+#
+#    - name: Tfsec image building for docker tfsec
+#      run: make clone-image-tfsec
+#
+#
+#  # temporary hack to copy over the aquasec images to github packages
+#    - name: Docker Login
+#      uses: docker/login-action@v1
+#      with:
+#        registry: ghcr.io
+#        username: ${{ github.repository_owner }}
+#        password: ${{ secrets.GITHUB_TOKEN }}
+#
+#    - name: Tfsec image building for github
+#      run: make clone-image-github

.goreleaser.yml

@@ -0,0 +1,119 @@
+before:
+  hooks:
+    - go mod tidy
+    - go mod vendor
+builds:
+  -
+    id: cfsec
+    main: ./cmd/cfsec
+    binary: cfsec
+    ldflags:
+    - "-X github.com/aquasecurity/tfsec/version.Version={{.Version}} -s -w -extldflags '-fno-PIC -static'"
+    env:
+      - CGO_ENABLED=0
+      - GOFLAGS=-mod=vendor
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+
+checksum:
+  name_template: '{{ .ProjectName }}_checksums.txt'
+
+snapshot:
+  name_template: "{{ .Tag }}-next"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+#signs:
+#  - artifacts: binary
+#    signature: "${artifact}.D66B222A3EA4C25D5D1A097FC34ACEFB46EC39CE.sig"
+
+archives:
+  -
+    format: binary
+    name_template: "{{ .Binary}}-{{ .Os }}-{{ .Arch }}"
+
+release:
+  prerelease: auto
+  github:
+    owner: aquasecurity
+    name: cfsec
+
+#dockers:
+#  -
+#    goos: linux
+#    goarch: amd64
+#    ids:
+#    - tfsec
+#
+#    dockerfile: Dockerfile
+#    skip_push: auto
+#    image_templates:
+#    - "aquasec/cfsec:latest"
+#    - "aquasec/cfsec:{{ .Tag }}"
+#    - "aquasec/cfsec:v{{ .Major }}.{{ .Minor }}"
+#    - "aquasec/cfsec-alpine:latest"
+#    - "aquasec/cfsec-alpine:{{ .Tag }}"
+#    - "aquasec/cfsec-alpine:v{{ .Major }}.{{ .Minor }}"
+#  -
+#    goos: linux
+#    goarch: amd64
+#    ids:
+#    - tfsec
+#
+#    dockerfile: Dockerfile.scratch
+#    skip_push: auto
+#    image_templates:
+#    - "aquasec/cfsec-scratch:latest"
+#    - "aquasec/cfsec-scratch:{{ .Tag }}"
+#    - "aquasec/cfsec-scratch:v{{ .Major }}.{{ .Minor }}"
+#  -
+#    goos: linux
+#    goarch: amd64
+#    ids:
+#    - tfsec
+#
+#    dockerfile: Dockerfile.ci
+#    skip_push: auto
+#    image_templates:
+#    - "aquasec/cfsec-ci:latest"
+#    - "aquasec/cfsec-ci:{{ .Tag }}"
+#    - "aquasec/cfsec-ci:v{{ .Major }}.{{ .Minor }}"
+#
+#  -
+#    goos: linux
+#    goarch: amd64
+#    ids:
+#    - tfsec
+#
+#    dockerfile: Dockerfile
+#    image_templates:
+#    - "aquasec/cfsec:{{ .Tag }}"
+#    - "aquasec/cfsec-alpine:{{ .Tag }}"
+#  -
+#    goos: linux
+#    goarch: amd64
+#    ids:
+#    - tfsec
+#
+#    dockerfile: Dockerfile.scratch
+#    image_templates:
+#    - "aquasec/cfsec-scratch:{{ .Tag }}"
+#  -
+#    goos: linux
+#    goarch: amd64
+#    ids:
+#    - tfsec
+#
+#    dockerfile: Dockerfile.ci
+#    image_templates:
+#    - "aquasec/cfsec-ci:{{ .Tag }}"

.pre-commit-hooks.yaml

@@ -0,0 +1,20 @@
+- id: cfsec
+  name: cfsec
+  description: cfsec is a tool to statically analyze Cloudformation templates to spot potential security issues.
+  language: golang
+  entry: cfsec
+  types: [cloudformation]
+
+- id: cfsec-docker
+  name: cfsec Docker
+  description: cfsec is a tool to statically analyze Cloudformation templates to spot potential security issues, uses projects official docker image.
+  language: docker_image
+  entry: aquasec/cfsec-alpine
+  types: [cloudformation]
+
+- id: cfsec-system
+  name: cfsec system
+  description: cfsec is a tool to statically analyze Cloudformation templates to spot potential security issues, uses systems installed cfsec.
+  language: system
+  entry: cfsec
+  types: [cloudformation]