feat: linux arm64

.github/actions/linux-build/Dockerfile

@@ -16,7 +16,7 @@ RUN apt-get update && \
     ) && \
     \
     apt-get update && \
-    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin git && \
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin git gcc-aarch64-linux-gnu gcc-aarch64-linux-g++ && \
     \
     wget --output-document=/tmp/go.tar.gz https://go.dev/dl/go1.21.0.linux-amd64.tar.gz && \
     tar --extract --gunzip --file=/tmp/go.tar.gz --directory=/usr/local && \

.github/workflows/canary.yml

@@ -61,56 +61,56 @@ jobs:
           DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
 
-  build-darwin:
-    needs: [tag]
-    name: build-darwin
-    runs-on: macos-12
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          ref: ${{ needs.tag.outputs.ref }}
-      - run: git fetch --force --tags
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: 1.21
-      - name: Setup Gon
-        run: brew install Bearer/tap/gon
-      - name: Import Code-Signing Certificates
-        uses: Apple-Actions/import-codesign-certs@v2
-        with:
-          # The certificates in a PKCS12 file encoded as a base64 string
-          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-          # The password used to import the PKCS12 file.
-          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      - shell: bash
-        run: |
-          echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-      - id: cache
-        uses: actions/cache@v4
-        with:
-          path: dist/darwin
-          key: darwin-${{ env.sha_short }}-canary
-      - uses: goreleaser/goreleaser-action@v5
-        if: steps.cache.outputs.cache-hit != 'true' # do not run if cache hit
-        name: Run GoReleaser
-        with:
-          distribution: goreleaser-pro
-          version: latest
-          args: release --clean --split -f ./.goreleaser/canary.yaml
-        env:
-          GOOS: darwin
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          AC_USERNAME: ${{ secrets.AC_USERNAME }}
-          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-          AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
-          AC_APPLICATION_IDENTITY: ${{ secrets.AC_APPLICATION_IDENTITY }}
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+  # build-darwin:
+  #   needs: [tag]
+  #   name: build-darwin
+  #   runs-on: macos-12
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v4
+  #       with:
+  #         fetch-depth: 0
+  #         ref: ${{ needs.tag.outputs.ref }}
+  #     - run: git fetch --force --tags
+  #     - name: Set up Go
+  #       uses: actions/setup-go@v5
+  #       with:
+  #         go-version: 1.21
+  #     - name: Setup Gon
+  #       run: brew install Bearer/tap/gon
+  #     - name: Import Code-Signing Certificates
+  #       uses: Apple-Actions/import-codesign-certs@v2
+  #       with:
+  #         # The certificates in a PKCS12 file encoded as a base64 string
+  #         p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+  #         # The password used to import the PKCS12 file.
+  #         p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+  #     - shell: bash
+  #       run: |
+  #         echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+  #     - id: cache
+  #       uses: actions/cache@v4
+  #       with:
+  #         path: dist/darwin
+  #         key: darwin-${{ env.sha_short }}-canary
+  #     - uses: goreleaser/goreleaser-action@v5
+  #       if: steps.cache.outputs.cache-hit != 'true' # do not run if cache hit
+  #       name: Run GoReleaser
+  #       with:
+  #         distribution: goreleaser-pro
+  #         version: latest
+  #         args: release --clean --split -f ./.goreleaser/canary.yaml
+  #       env:
+  #         GOOS: darwin
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  #         AC_USERNAME: ${{ secrets.AC_USERNAME }}
+  #         AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+  #         AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
+  #         AC_APPLICATION_IDENTITY: ${{ secrets.AC_APPLICATION_IDENTITY }}
+  #         GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
 
   publish:
-    needs: [tag, build-darwin, build-linux]
+    needs: [tag, build-linux]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

.gitignore

@@ -20,3 +20,5 @@ bearer
 docs/yarn.lock
 
 /internal/parser/sitter/config_variables/build
+
+internal/detectors/dotnet/**/obj

.goreleaser/canary.yaml

@@ -9,24 +9,4 @@ release:
   draft: true
   header: |
     ## Canary ({{ .Date }})
-  mode: append
-
-dockers:
-  - image_templates:
-      - "docker.io/bearer/bearer:canary-amd64"
-    use: buildx
-    goos: linux
-    goarch: amd64
-    ids:
-      - linux
-    build_flag_templates:
-      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
-      - "--label=org.opencontainers.image.description=A data-first security scanner that finds risks and vulnerabilities in your code so you can protect sensitive data (PHI, PD, PII)."
-      - "--label=org.opencontainers.image.vendor=Bearer"
-      - "--label=org.opencontainers.image.version={{ .Version }}"
-      - "--label=org.opencontainers.image.created={{ .Date }}"
-      - "--label=org.opencontainers.image.source=https://github.com/bearer/bearer"
-      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
-      - "--label=org.opencontainers.image.url=https://bearer.com"
-      - "--label=org.opencontainers.image.documentation=https://docs.bearer.com"
-      - "--platform=linux/amd64"
+  mode: append

.goreleaser/common.yaml

@@ -48,34 +48,17 @@ builds:
     goos:
       - linux
     goarch:
-      - 386
-      - amd64
+      - arm64
     ldflags:
       - -w
       - -X "github.com/bearer/bearer/cmd/bearer/build.Version={{.Version}}"
       - -X "github.com/bearer/bearer/cmd/bearer/build.CommitSHA={{.Commit}}"
+    overrides:
+      - goos: linux
+        goarch: arm64
+        env:
+          - CC=aarch64-linux-gnu-gcc
+          - CXX=gcc-aarch64-linux-g++
 
 checksum:
   name_template: "checksums.txt"
-
-changelog:
-  sort: asc
-  filters:
-    exclude:
-      - "^docs:"
-      - "^test:"
-      - "^ci:"
-
-nfpms:
-  - formats:
-      - deb
-      - rpm
-      - archlinux
-    vendor: Bearer
-    homepage: "https://bearer.com"
-    maintainer: "Bearer <[email protected]>"
-    description: "A data-first security scanner that finds risks and vulnerabilities in your code so you can protect sensitive data (PHI, PD, PII)."
-    license: "Elastic License 2.0"
-    file_name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}-{{.Arch}}"
-    dependencies:
-      - git

contrib/install.sh

@@ -57,6 +57,7 @@ get_binaries() {
     darwin/arm64) BINARIES="bearer" ;;
     linux/386) BINARIES="bearer" ;;
     linux/amd64) BINARIES="bearer" ;;
+    linux/arm64) BINARIES="bearer" ;;
     *)
       log_crit "platform $PLATFORM is not supported.  Make sure this script is up-to-date and file request at https://github.com/${PREFIX}/issues/new"
       exit 1