add boilerplates and ci jobs for lint

.github/dependabot.yml

@@ -1,13 +1,26 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+---
 version: 2
 updates:
-- package-ecosystem: gomod
-  directory: "/"
-  schedule:
-    interval: weekly
-  open-pull-requests-limit: 10
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+    groups:
+      all:
+        update-types:
+          - "patch"
 
-- package-ecosystem: "github-actions"
-  directory: "/"
-  schedule:
-    interval: weekly
-  open-pull-requests-limit: 10
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+    groups:
+      all:
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/boilerplate.yaml

@@ -0,0 +1,40 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+name: Boilerplate
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+
+jobs:
+
+  check:
+    permissions:
+      contents: read
+
+    name: Boilerplate Check
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false # Keep running if one leg fails.
+      matrix:
+        extension:
+        - go
+        - sh
+
+        # Map between extension and human-readable name.
+        include:
+        - extension: go
+          language: Go
+        - extension: sh
+          language: Bash
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - uses: chainguard-dev/actions/boilerplate@main
+        with:
+          extension: ${{ matrix.extension }}
+          language: ${{ matrix.language }}

.github/workflows/go-tests.yaml

@@ -1,10 +1,15 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
 name: Go Tests
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - "main"
   pull_request:
-    branches: [ "main" ]
+    branches:
+      - "main"
 
 jobs:
   test:
@@ -28,5 +33,15 @@ jobs:
 
       - uses: chainguard-dev/actions/goimports@main
 
+      - name: install libyara-dev
+        run: |
+          sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic main restricted universe multiverse"
+          sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-updates main restricted universe multiverse"
+          sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse"
+          sudo add-apt-repository -n -y "deb http://security.ubuntu.com/ubuntu mantic-security main restricted universe multiverse"
+
+          sudo apt update && sudo apt install libyara-dev -y
+
       - name: Test
-        run: make test
+        run: |
+          make test

.github/workflows/style.yaml

@@ -0,0 +1,119 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+name: Code Style
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+  push:
+    branches:
+      - 'main'
+
+jobs:
+
+  gofmt:
+    name: check gofmt
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - name: Set up Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: '1.21'
+          check-latest: true
+
+      - uses: chainguard-dev/actions/gofmt@main
+        with:
+          args: -s
+
+  goimports:
+    name: check goimports
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - name: Set up Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: '1.21'
+          check-latest: true
+
+      - uses: chainguard-dev/actions/goimports@main
+
+  golangci-lint:
+    name: golangci-lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - name: Set up Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: '1.21'
+          check-latest: true
+
+      - name: install libyara-dev
+        run: |
+          sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic main restricted universe multiverse"
+          sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-updates main restricted universe multiverse"
+          sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse"
+          sudo add-apt-repository -n -y "deb http://security.ubuntu.com/ubuntu mantic-security main restricted universe multiverse"
+
+          sudo apt update && sudo apt install libyara-dev -y
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v3.7.1
+        with:
+          version: v1.57
+          args: --timeout=5m
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - name: Set up Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: '1.21'
+          check-latest: true
+
+      - uses: chainguard-dev/actions/trailing-space@main
+        if: ${{ always() }}
+
+      - uses: chainguard-dev/actions/eof-newline@main
+        if: ${{ always() }}
+
+      - uses: reviewdog/action-tflint@master
+        if: ${{ always() }}
+        with:
+          github_token: ${{ secrets.github_token }}
+          fail_on_error: true
+
+      - uses: reviewdog/action-misspell@5bd7be2fc7ae56a517184f5c4bbcf2fd7afe3927 # v1.17.0
+        if: ${{ always() }}
+        with:
+          github_token: ${{ secrets.github_token }}
+          fail_on_error: true
+          locale: "US"
+          exclude: |
+            **/go.sum
+            **/third_party/**
+            ./*.yml
+
+      - uses: get-woke/woke-action-reviewdog@d71fd0115146a01c3181439ce714e21a69d75e31 # v0
+        if: ${{ always() }}
+        with:
+          github-token: ${{ secrets.github_token }}
+          reporter: github-pr-check
+          level: error
+          fail-on-error: true

.golangci.yml

@@ -1,6 +1,6 @@
 run:
   # The default runtime timeout is 1m, which doesn't work well on Github Actions.
-  timeout: 4m
+  timeout: 10m
 
 # NOTE: This file is populated by the lint-install tool. Local adjustments may be overwritten.
 linters-settings:

Makefile

@@ -1,3 +1,6 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
 # BEGIN: lint-install ../bincapz
 # http://github.com/tinkerbell/lint-install
 
@@ -42,4 +45,8 @@ _lint: $(LINTERS)
 .PHONY: fix $(FIXERS)
 fix: $(FIXERS)
 
+.PHONY: test
+test:
+	go test ./... -v
+
 # END: lint-install ../bincapz

README.md

@@ -26,9 +26,9 @@ Enumerates program capabilities and malicious behaviors using fragment analysis.
 
 * go 1.21+
 * yara 4.3+ library - you can use this one-liner to install it if necessary:
-  
+
 ```shell
-brew install yara || sudo apt install libyara-devel \
+brew install yara || sudo apt install libyara-dev \
   || sudo dnf install yara-devel || sudo pacman -S yara
 ```
 

bincapz.go

@@ -1,3 +1,6 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 // bincapz returns information about a binaries capabilities
 package main
 
@@ -29,8 +32,8 @@ func main() {
 	allFlag := flag.Bool("all", false, "Ignore nothing, show all")
 
 	klog.InitFlags(nil)
-	flag.Set("logtostderr", "false")
-	flag.Set("alsologtostderr", "false")
+	_ = flag.Set("logtostderr", "false")
+	_ = flag.Set("alsologtostderr", "false")
 	flag.Parse()
 	args := flag.Args()
 
@@ -77,14 +80,12 @@ func main() {
 	} else {
 		res, err = action.Scan(bc)
 	}
-
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "failed: %v\n", err)
 		os.Exit(3)
 	}
 
-	renderer.Full(*res)
-
+	err = renderer.Full(*res)
 	if err != nil {
 		klog.Errorf("failed: %v", err)
 		os.Exit(1)

bincapz_test.go

@@ -1,10 +1,12 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
 	"bytes"
 	"encoding/json"
 	"io/fs"
-	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -27,9 +29,9 @@ func TestJSON(t *testing.T) {
 
 	fileSystem := os.DirFS(testDataRoot)
 
-	fs.WalkDir(fileSystem, ".", func(path string, d fs.DirEntry, err error) error {
+	fs.WalkDir(fileSystem, ".", func(path string, _ fs.DirEntry, err error) error {
 		if err != nil {
-			log.Fatal(err)
+			t.Fatal(err)
 		}
 		if !strings.HasSuffix(path, ".json") {
 			return nil
@@ -83,7 +85,7 @@ func TestSimple(t *testing.T) {
 
 	fileSystem := os.DirFS(testDataRoot)
 
-	fs.WalkDir(fileSystem, ".", func(path string, d fs.DirEntry, err error) error {
+	fs.WalkDir(fileSystem, ".", func(path string, _ fs.DirEntry, err error) error {
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -197,9 +199,9 @@ func TestMarkdown(t *testing.T) {
 
 	fileSystem := os.DirFS(testDataRoot)
 
-	fs.WalkDir(fileSystem, ".", func(path string, d fs.DirEntry, err error) error {
+	fs.WalkDir(fileSystem, ".", func(path string, _ fs.DirEntry, err error) error {
 		if err != nil {
-			log.Fatal(err)
+			t.Fatal(err)
 		}
 		if !strings.HasSuffix(path, ".md") {
 			return nil

pkg/action/action.go

@@ -1,3 +1,6 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package action
 
 import (

pkg/action/diff.go

@@ -1,3 +1,6 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package action
 
 import (