fix: inject version via -ldflags so releases stop drifting (#1081)

.codeclimate.yml

@@ -31,7 +31,4 @@ checks:
     config:
       threshold: 10
 exclude_patterns:
-- "doc/"
-- "examples/"
-- "images/"
 - "resources/"

.dockerignore

@@ -1,5 +1,24 @@
 Dockerfile
 *.md
-images/*
-examples/*
-.idea
+.idea
+*.json
+*.log
+*.html
+*.test
+*.out
+.glide/
+*.exe
+*.dll
+*.so
+*.dylib
+*.zip
+*.tar
+*.tar.gz
+*.tar.bz2
+*.tar.xz
+*.tgz
+*.rar
+*.7z
+*.gz
+*.bz2
+*.xz

.gitattributes

@@ -1,2 +1 @@
-*.ads linguist-language=Lua
 *.go text eol=lf

.github/workflows/docker.yml

@@ -11,40 +11,47 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+          driver-opts: network=host
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
-          images: caffix/amass
+          images: owaspamass/amass
           tags: |
             type=semver,pattern=v{{major}}
             type=semver,pattern=v{{major}}.{{minor}}
             type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
+          labels: |
+            org.opencontainers.image.title=OWASP Amass
+            org.opencontainers.image.description=In-depth attack surface mapping and asset discovery
+            org.opencontainers.image.vendor=OWASP Foundation
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: linux/amd64,linux/arm64
-      -
-        name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
-          context: ./
+          context: .
+          push: true
           file: ./Dockerfile
           builder: ${{ steps.buildx.outputs.name }}
           platforms: linux/amd64,linux/arm64
-          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.github/workflows/go.yml

@@ -2,7 +2,7 @@ name: tests
 
 on:
   push:
-    branches: [ "master", "develop" ]
+    branches: [ "main", "develop" ]
   pull_request:
     branches: develop
 
@@ -12,17 +12,19 @@ jobs:
     strategy:
       matrix:
         os: [ "ubuntu-latest", "macos-latest", "windows-latest" ]
-        go-version: [ "1.19" ]
+        go-version: [ "1.26.0" ]
     runs-on: ${{ matrix.os }}
+    env:
+      CGO_ENABLED: 0
     steps:
       -
         name: setup Go ${{ matrix.go-version }}
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go-version }}
       -
         name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: simple test
         run: go test -v ./...
@@ -31,21 +33,17 @@ jobs:
         run: go test -v ./...
         env:
           GOGC: 1
-      -
-        name: test with race detector
-        run: go test -v -race ./...
   coverage:
     name: Coverage
     runs-on: ubuntu-latest
+    env:
+      CGO_ENABLED: 0
     steps:
       - name: setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.19
+          go-version: 1.26.0
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: measure coverage
         run: go test -v -coverprofile=coverage.out ./...
-      - name: report coverage
-        run: |
-          bash <(curl -s https://codecov.io/bash)

.github/workflows/goreleaser.yml

@@ -11,29 +11,26 @@ permissions:
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
+    env:
+      CGO_ENABLED: 0
     steps:
       -
         name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       -
         name: set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-      -
-        name: set up CycloneDX
-        uses: CycloneDX/gh-gomod-generate-sbom@v1
-        with:
-          version: v1
+          go-version: 1.26.0
       -
         name: run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser
           version: latest
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.AMASS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}

.github/workflows/lint.yml

@@ -10,21 +10,23 @@ jobs:
     strategy:
       matrix:
         os: [ "ubuntu-latest", "macos-latest", "windows-latest" ]
-        go-version: [ "1.19" ]
+        go-version: [ "1.26.0" ]
     runs-on: ${{ matrix.os }}
+    env:
+      CGO_ENABLED: 0
     steps:
       -
         name: setup
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
       -
         name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       -
         name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v9
         with:
           version: latest
-          args: --timeout=10m
+          args: --timeout=60m
           only-new-issues: true

.gitignore

@@ -4,6 +4,11 @@
 *.so
 *.dylib
 
+# Output from Amass tooling
+*.json
+*.log
+*.html
+
 # Test binary, build with `go test -c`
 *.test
 

.goreleaser.yaml

@@ -1,23 +1,31 @@
+version: 2
 project_name: amass
 
 before:
   hooks:
-  - go mod download
+  - go mod tidy
 
 builds:
   -
-    main: ./cmd/amass/
+    main: ./cmd/amass
     binary: amass
+    env:
+      - CGO_ENABLED=0
+    ldflags:
+      - -s -w
+      - -X github.com/owasp-amass/amass/v5/internal/afmt.Version=v{{ .Version }}
     goos:
       - windows
       - linux
       - darwin
-      - freebsd
     goarch:
       - amd64
       - 386
       - arm
       - arm64
+    goarm:
+      - 6
+      - 7
     ignore:
       - goos: darwin
         goarch: 386
@@ -29,34 +37,16 @@ builds:
         goarch: arm
       - goos: windows
         goarch: arm64
-      - goos: freebsd
-        goarch: arm
 
 archives:
   -
-    name_template: >-
-      {{ .ProjectName }}_
-      {{- title .Os }}_
-      {{- if eq .Arch "darwin" }}macos
-      {{- else if eq .Arch "386" }}i386
-      {{- else }}{{ .Arch }}{{ end }}
+    name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
     wrap_in_directory: true
-    format: zip
     files:
       - LICENSE
       - README.md
-      - examples/config.yaml
-      - examples/datasources.yaml
-
-sboms:
-  - documents:
-      - "{{ .Binary }}_{{ .Os }}_{{ .Arch }}.bom.json"
-    artifacts: binary
-    cmd: cyclonedx-gomod
-    env:
-      - GOOS={{ .Os }}
-      - GOARCH={{ .Arch }}
-    args: [ "app", "-main", "cmd/amass", "-licenses", "-packages", "-json", "-output", "$document", "../" ]
+      - resources/config.yaml
+      - resources/datasources.yaml
 
 checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
@@ -72,22 +62,3 @@ release:
   github:
     owner: owasp-amass
     name: amass
-
-brews:
-  -
-    name: amass
-    repository:
-      owner: owasp-amass
-      name: homebrew-amass
-      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
-    url_template: "https://github.com/owasp-amass/amass/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
-    commit_author:
-      name: caffix
-      email: caffix@users.noreply.github.com
-    folder: Formula
-    homepage: "https://owasp.org/www-project-amass/"
-    description: "In-depth Attack Surface Mapping and Asset Discovery"
-    test: |
-      system "#{bin}/amass --version"
-    install: |
-      bin.install "amass"

CONTRIBUTING.md

@@ -1,11 +1,13 @@
 # Contributing
 
-Thank you for considering making contributions to Amass! Start by taking a look at the [open issues](https://github.com/owasp-amass/amass/issues) for things we need help with!
+Thank you for considering making contributions to the OWASP Amass Project! Start by joining our [Discord server](https://discord.gg/ANTyEDUXt5), taking a look at the [Documentation](https://owasp-amass.github.io/docs/), and checking out the [open issues](https://github.com/owasp-amass/amass/issues) for things we need help with!
 
 Please follow standard github best practices: fork the repo, branch from the tip of develop, make some commits, and submit a pull request to develop. 
 
 Please make sure to use `gofmt` before every commit - the easiest way to do this is have your editor run it for you upon saving a file. Otherwise, run the following command in the project root directory: `go fmt ./...`
 
+It is recommended that you use the Golang Linter before every commit, to help you catch errors and to write clean code: `golangci-lint run ./...`
+
 ## Forking
 
 Please note that Go requires code to live under absolute paths, which complicates forking.
@@ -22,15 +24,15 @@ For instance, to create a fork and work on a branch of it, user 'foo' would:
   * `git remote add origin git@github.com:foo/amass.git`
 
 Now `origin` refers to the foo fork and `upstream` refers to the OWASP version.
-So foo can `git push -u origin master` to update his/her fork, and make pull requests to OWASP from there.
+So foo can `git push -u origin develop` to update his/her fork, and make pull requests to OWASP from there.
 Of course, replace `foo` with your git handle.
 
 To pull in updates from the original repo, run
 
     * `git fetch upstream`
-    * `git rebase upstream/master` (or whatever branch you want)
+    * `git rebase upstream/main` (or whatever branch you want)
 
-Please don't make Pull Requests to `master`.
+Please do not make pull requests to `main`.
 
 ### Development Procedure:
 - the latest state of development is on `develop`