ci: Add windows amd64 to goreleaser config

[benbp]

Adds windows+amd64 to the release configuration so copa can run on windows OS (but still target a linux container).

Tested:

⇉ ⇉ ⇉ goreleaser release --snapshot --clean --config .goreleaser.yml                                                                                                                                               • starting release...
... other stuff ...
• building binaries
• building                                       binary=dist/copacetic_darwin_amd64_v1/copa
• building                                       binary=dist/copacetic_linux_amd64_v1/copa
• building                                       binary=dist/copacetic_windows_amd64_v1/copa.exe
• building                                       binary=dist/copacetic_darwin_arm64/copa
• building                                       binary=dist/copacetic_linux_arm64/copa

Runs locally using snapshot build:

PS C:\Users\ben\Desktop> .\copa.exe -h
Project Copacetic: container patching tool

Usage:
  copa [flags]
  copa [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  patch       Patch container images with upgrade packages specified by a vulnerability report

Flags:
      --debug     enable debug level logging
  -h, --help      help for copa
  -v, --version   version for copa

Use "copa [command] --help" for more information about a command.
PS C:\Users\ben\Desktop> .\copa.exe --version
copa version 0.0.0-SNAPSHOT-67c7e29
PS C:\Users\ben\Downloads>

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (2b9f177) 33.02% compared to head (3020af3) 33.02%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #388   +/-   ##
=======================================
  Coverage   33.02%   33.02%           
=======================================
  Files          17       17           
  Lines        1626     1626           
=======================================
  Hits          537      537           
  Misses       1060     1060           
  Partials       29       29           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sozercan]

@benbp curious, did you test patching under windows? i am guessing you are targeting linux containers, as copa won't work for windows containers

[benbp]

@benbp curious, did you test patching under windows? i am guessing you are targeting linux containers, as copa won't work for windows containers

Correct, I'm still targeting linux containers. I haven't tested patching, I will do so and report back.

[salaxander]

@benbp Any results from trying to patch an image on Windows?

[benbp]

@salaxander I had it working last week, but just for a scenario where no patches had to be made. I was running into some trouble actually patching an image, but believe it was related to the yum cache on my test image, not copa. Need to come back around to it, I don't actually have a good windows machine setup myself for testing this so dependent on others for it.

C:\Users\ben\copa>trivy image --vuln-type os --ignore-unfixed -f json -o trivy.json foobar.azurecr.io/foobar/foobar:foobar
2023-10-24T14:59:36.894-0700    INFO    Vulnerability scanning is enabled
2023-10-24T14:59:36.894-0700    INFO    Secret scanning is enabled
2023-10-24T14:59:36.894-0700    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-10-24T14:59:36.894-0700    INFO    Please see also https://aquasecurity.github.io/trivy/v0.46/docs/scanner/secret/#recommendation for faster secret detection
2023-10-24T14:59:36.905-0700    INFO    Detected OS: cbl-mariner
2023-10-24T14:59:36.906-0700    INFO    Detecting CBL-Mariner vulnerabilities...

C:\Users\ben\copa>copa patch -i foobar.azurecr.io/foobar/foobar:foobar -r trivy.json -t patched --addr buildx://demo
time="2023-10-24T14:59:42-07:00" level=warning msg="No update packages were specified to apply"
[+] Building 8.4s (1/2)
[+] Building 8.8s (2/2) FINISHED
 => docker-image://foobar.azurecr.io/foobar/foobar:foobar
 => => resolve foobar.azurecr.io/foobar/foobar:foobar
 => => sha256:80b4721cd0c0473359ec6a37bff8ec87b8aff638c246e49b2daa7ec138bbfe48 6.60MB / 6.60MB
 => => sha256:6b8d27d1c29e3af414dc1784d946d5ec223026832538093cc6db304d6bdc23c6 93B / 93B
 => => sha256:f6b24043e6a2c753eb6687942eeab30ef11ae65086d6fbd910bb721ac31dc763 72.75MB / 72.75MB
 => => sha256:cfe1aeec28bdca4bea939c1e14fced498122a2b2d2559c89ea6db2d87f89a590 4.46kB / 4.46kB
 => exporting to docker image format
 => => exporting layers
 => => exporting manifest sha256:b21f9f861592acb8e7a599b3982a841164b68a72ede1ec875a4160245528aa71
 => => exporting config sha256:2b742557e4fc9090bc979dd0987b562f49204bed6396dedb891603d11a6d6ce9
 => => sending tarball

[sozercan]

Ideally, we should have a test for this in the CI if we want to officially support this. Darwin binaries are missing this too (#405)

[benbp]

@salaxander @sozercan success (Docker Desktop for windows v4.25.0, Windows 11, WSL2 engine enabled)

PS C:\Users\ben\Desktop\copa> ./copa patch -i registry.hub.docker.com/library/ubuntu:focal-20230308 -r .\ubuntu-old.json -t copapatch --addr buildx://copa
[+] Building 9.7s (9/9) FINISHED
 => CACHED docker-image://docker.io/library/ubuntu:20.04                                                                                                                                                                              0.4s
 => => resolve docker.io/library/ubuntu:20.04                                                                                                                                                                                         0.3s
 => docker-image://registry.hub.docker.com/library/ubuntu:focal-20230308                                                                                                                                                              0.6s
 => => resolve registry.hub.docker.com/library/ubuntu:focal-20230308                                                                                                                                                                  0.6s
 => apt update                                                                                                                                                                                                                        5.6s
 => apt install busybox-static                                                                                                                                                                                                        3.1s
 => CACHED copy /bin/busybox /bin/busybox                                                                                                                                                                                             0.0s
 => CACHED mkdir /copa-out                                                                                                                                                                                                            0.0s
 => CACHED /bin/busybox sh -c if [ -f /var/lib/dpkg/status ]; then cp /var/lib/dpkg/status /copa-out ; fi && if [ -d /var/lib/dpkg/status.d ]; then ls -1 /var/lib/dpkg/status.d > copa-outstatus.d ; fi                              0.0s
 => CACHED diff (copy /bin/busybox /bin/busybox) -> (/bin/busybox sh -c if [ -f /var/lib/dpkg/status ]; then cp /var/lib/dpkg/status /copa-out ; fi && if [ -d /var/lib/dpkg/status.d ]; then ls -1 /var/lib/dpkg/status.d > copa-ou  0.0s
 => exporting to client directory                                                                                                                                                                                                     0.1s
 => => copying files 87.68kB                                                                                                                                                                                                          0.0s
[+] Building 15.2s (6/6) FINISHED
 => CACHED docker-image://registry.hub.docker.com/library/ubuntu:focal-20230308                                                                                                                                                       0.5s
 => => resolve registry.hub.docker.com/library/ubuntu:focal-20230308                                                                                                                                                                  0.5s
 => apt update                                                                                                                                                                                                                        6.2s
 => sh -c apt install --no-install-recommends --allow-change-held-packages -y libncursesw6 libtinfo6 ncurses-base ncurses-bin perl-base libncurses6 && apt clean -y                                                                   8.0s
 => sh -c grep "^Package:\|^Version:" "/var/lib/dpkg/status" >> "results.manifest"                                                                                                                                                    0.2s
 => diff (sh -c apt install --no-install-recommends --allow-change-held-packages -y libncursesw6 libtinfo6 ncurses-base ncurses-bin perl-base libncurses6 && apt clean -y) -> (sh -c grep "^Package:\|^Version:" "/var/lib/dpkg/stat  0.1s
 => => diffing                                                                                                                                                                                                                        0.1s
 => exporting to client directory                                                                                                                                                                                                     0.1s
 => => copying files 4.12kB                                                                                                                                                                                                           0.0s
time="2023-11-07T13:23:24-05:00" level=info msg="Validated package libncursesw6 version 6.2-0ubuntu2.1 meets requested version 6.2-0ubuntu2.1"
time="2023-11-07T13:23:24-05:00" level=info msg="Validated package libtinfo6 version 6.2-0ubuntu2.1 meets requested version 6.2-0ubuntu2.1"
time="2023-11-07T13:23:24-05:00" level=info msg="Validated package ncurses-base version 6.2-0ubuntu2.1 meets requested version 6.2-0ubuntu2.1"
time="2023-11-07T13:23:24-05:00" level=info msg="Validated package ncurses-bin version 6.2-0ubuntu2.1 meets requested version 6.2-0ubuntu2.1"
time="2023-11-07T13:23:24-05:00" level=info msg="Validated package perl-base version 5.30.0-9ubuntu0.4 meets requested version 5.30.0-9ubuntu0.4"
time="2023-11-07T13:23:24-05:00" level=info msg="Validated package libncurses6 version 6.2-0ubuntu2.1 meets requested version 6.2-0ubuntu2.1"
[+] Building 15.4s (6/6) FINISHED
 => CACHED docker-image://registry.hub.docker.com/library/ubuntu:focal-20230308                                                                                                                                                       0.4s
 => => resolve registry.hub.docker.com/library/ubuntu:focal-20230308                                                                                                                                                                  0.4s
 => apt update                                                                                                                                                                                                                        6.1s
 => sh -c apt install --no-install-recommends --allow-change-held-packages -y libncursesw6 libtinfo6 ncurses-base ncurses-bin perl-base libncurses6 && apt clean -y                                                                   6.4s
 => diff (apt update) -> (sh -c apt install --no-install-recommends --allow-change-held-packages -y libncursesw6 libtinfo6 ncurses-base ncurses-bin perl-base libncurses6 && apt clean -y)                                            0.0s
 => merge (docker-image://registry.hub.docker.com/library/ubuntu:focal-20230308, diff (apt update) -> (sh -c apt install --no-install-recommends --allow-change-held-packages -y libncursesw6 libtinfo6 ncurses-base ncurses-bin per  0.0s
 => exporting to docker image format                                                                                                                                                                                                  2.3s
 => => exporting layers                                                                                                                                                                                                               0.6s
 => => exporting manifest sha256:2c0d03802169ec8cdc0e5e6e602027a768749dda4080513e9ddb2f651fb01ddf                                                                                                                                     0.0s
 => => exporting config sha256:f617f6bac6e94bec6b871b3a1c124f38321f4f2bf14e0fc8b4f03aaadf08f5c4                                                                                                                                       0.0s
 => => sending tarball                                                                                                                                                                                                                1.7s
time="2023-11-07T13:23:40-05:00" level=info msg="Loaded image: registry.hub.docker.com/library/ubuntu:copapatch"

PS C:\Users\ben\Desktop\copa> docker image ls | sls 'focal|patch'

ubuntu                                   focal-20230308    1c5c8d0b973a   8 months ago   72.8MB
registry.hub.docker.com/library/ubuntu   copapatch         f617f6bac6e9   8 months ago   81.6MB