Spring cleaning and update rivets to latest release (#205)

Do some spring cleaning like I've been doing to other repos here.

Also needed to update rivets because we've been pinned to an
*unreleased* commit for a long time now. I blame go for not making this
obvious. I decided to fix this now so that we can back on track and only
use merged code paths. Getting the rivets PR merged and then updating
this line comes next.

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @joelrebel @splaspood @DoctorVin

.github/workflows/codeql-analysis.yml

@@ -13,12 +13,12 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ main ]
+    branches: [main]
   schedule:
-    - cron: '34 3 * * 0'
+    - cron: "34 3 * * 0"
 
 jobs:
   analyze:
@@ -32,41 +32,33 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go' ]
+        language: ["go"]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      - name: Build binary
+        run: make build-linux
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/push-pr-lint.yaml

@@ -5,45 +5,45 @@ jobs:
   lint-test:
     runs-on: ubuntu-latest
     steps:
-    - name: Install Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: '1.20'
-    - name: Checkout code
-      uses: actions/checkout@v3
-    - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
-      with:
-        args: --config .golangci.yml --timeout 2m
-        version: v1.52.0
-    - name: Test
-      run: go test ./...
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: golangci-lint
+        run: make lint
+
+      - name: Test
+        run: go test ./...
   build:
     runs-on: ubuntu-latest
     needs: [lint-test]
     steps:
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '1.20'
-
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
 
       - name: build binary
         run: make build-linux
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build Alloy Docker image - no push
         id: dockerbuild-alloy
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
-           context: .
-           push: false
-           tags: ghcr.io/metal-toolbox/alloy:latest
-           file: Dockerfile
+          context: .
+          push: false
+          tags: ghcr.io/metal-toolbox/alloy:latest
+          file: Dockerfile
 
       - name: Scan image - Alloy
         id: scan-Alloy-image

.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: release
 on:
   push:
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
 
 jobs:
   goreleaser:
@@ -13,35 +13,33 @@ jobs:
       id-token: write
       packages: write
     steps:
-      -
-        name: Login to GHCR
-        uses: docker/login-action@v2
+      - name: Login to GHCR
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Checkout
-        uses: actions/checkout@v3
+
+      - name: Checkout
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      -
-        name: Set up Go
-        uses: actions/setup-go@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
-      -
-        name: install cosign
+          go-version-file: go.mod
+
+      - name: install cosign
         uses: sigstore/cosign-installer@main
-      -
-        uses: anchore/sbom-action/download-syft@v0.13.4
-      -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+
+      - uses: anchore/sbom-action/download-syft@v0.13.4
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
         with:
           version: latest
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COSIGN_EXPERIMENTAL: 1
-          GOVERSION: "1.20"

.goreleaser.yaml

@@ -12,7 +12,6 @@ builds:
       - darwin
     ldflags:
       - -X "github.com/metal-toolbox/alloy/internal/version.AppVersion={{ .Version }}"
-        -X "github.com/metal-toolbox/alloy/internal/version.GoVersion={{ .Env.GOVERSION }}"
         -X "github.com/metal-toolbox/alloy/internal/version.GitCommit={{ .Commit }}"
         -X "github.com/metal-toolbox/alloy/internal/version.GitBranch={{ .Branch }}"
         -X "github.com/metal-toolbox/alloy/internal/version.BuildDate={{ .Date }}"

Makefile

@@ -15,7 +15,7 @@ REPO := "https://github.com/metal-toolbox/alloy.git"
 
 ## lint
 lint:
-	golangci-lint run --config .golangci.yml
+	go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.0 run --config .golangci.yml --timeout=2m
 
 ## Go test
 test: lint