go-project-template

command module

v1.4.0 Latest Latest Go to latest Published: Sep 22, 2023 License: Unlicense Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/capnspacehook/go-project-template

Links

Open Source Insights

README ¶

go-project-template

Template repository for Go projects. Contains an example Go application and a minimal Dockerfile.

Details

Dependabot is configured to keep Go, Docker and Github Actions dependencies up to date by opening pull requests when new versions are released.

Multiple workflows are configured that will:

Lint Go code
Check that go.mod is tidied
Check that generated files are up to date
Test Go code and fuzz for 10 minutes
Lint the Dockerfile with hadolint
Lint workflow files with actionlint
Build, publish and sign Docker images with cosign
Build, sign, publish binaries and create releases with goreleaser and cosign

Almost all workflows will trigger when appropriate files are modified from pushes or pull requests. Binaries will only be released when a semver compatible tag is pushed however.

Usage

Use this repository as a template and build your project from it.

Almost all workflow files will work without modification, as will releasing Docker images and binaries with goreleaser. Note that only linux/amd64 images and binaries are built by default, so you may need to add more target operating systems and/or architectures based off of your requirements.

The Check generated files job assumes code generation tools will be installed by running go generate.

The Test workflow will still pass if no tests or fuzz tests are present, so when you do add tests and fuzz tests the workflow will run them without needing any changes from you.

When you want to change the Go version that is used in workflows, simply change the version of Go in the go directive of go.mod.

Verifying releases

Verifying binaries or Docker images both require cosign.

Verifying binaries

Download the checksums file, certificate and signature and the archive to the same directory.

Extract the binary from the archive, verify the checksums file and verify the contents of the binary:

tar xfs go-project-template_<version>_linux_amd64.tar.gz
cosign verify-blob --certificate checksums.txt.crt --signature checksums.txt.sig checksums.txt
sha256sum -c checksums.txt

Verifying Docker images

Simply check the signature of the image with cosign:

COSIGN_EXPERIMENTAL=true cosign verify ghcr.io/capnspacehook/go-project-template | jq

You can verify the image was built by Github Actions by inspecting the Issuer and Subject fields of the output.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL