Merge pull request #6 from breml/add-goreleaser

Add goreleaser

Author: breml

.github/workflows/release.yml

@@ -0,0 +1,32 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - 'v[0-9]*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.goreleaser.yml

@@ -0,0 +1,31 @@
+# This is an example .goreleaser.yml file with some sane defaults.
+# Make sure to check the documentation at http://goreleaser.com
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+builds:
+  - main: ./cmd/bidichk
+    binary: bidichk
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+archives:
+  - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    replacements:
+      darwin: Darwin
+      linux: Linux
+      windows: Windows
+      386: i386
+      amd64: x86_64
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  skip: true
+release:
+  github:
+    owner: breml
+    name: bidichk

README.md

@@ -1,6 +1,6 @@
 # bidichk - checks for dangerous unicode character sequences
 
-[![Test Status](https://github.com/breml/bidichk/workflows/Go%20Matrix/badge.svg)](https://github.com/breml/logstash-config/actions?query=workflow%3AGo%20Matrix) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+[![Test Status](https://github.com/breml/bidichk/workflows/Go%20Matrix/badge.svg)](https://github.com/breml/bidichk/actions?query=workflow%3AGo%20Matrix) [![Go Report Card](https://goreportcard.com/badge/github.com/breml/bidichk)](https://goreportcard.com/report/github.com/breml/bidichk) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
 
 bidichk finds dangerous unicode character sequences in Go source files.
 
@@ -18,6 +18,46 @@ The following unicode characters are considered dangerous:
 * U+2068: FIRST-STRONG-ISOLATE
 * U+2069: POP-DIRECTIONAL-ISOLATE
 
+## Installation
+
+Download `bidichk` from the [releases](https://github.com/breml/bidichk/releases) or get the latest version from source with:
+
+```shell
+go get github.com/breml/bidichk/cmd/bidichk
+```
+
+## Usage
+
+### golangci-lint
+
+[golangci-lint](https://golangci-lint.run) supports thelper, so you can enable this linter and use it.
+
+### Shell
+
+Check everything:
+
+```shell
+bidichk ./...
+```
+
+### Enable only required unicode runes
+
+If you run bidichk via golangci-lint look at [.golangci.example.yml](https://golangci-lint.run/usage/configuration/#config-file) for an example of the configuration.
+
+Otherwise you can run bidichk with `--disallowed-runes` flag to specify the runes you consider harmful.
+
+E.g. the following command considers only the `LEFT-TO-RIGHT-OVERRIDE` unicode rune as dangerous:
+
+```shell
+bidichk --disallowed-runes LEFT-TO-RIGHT-OVERRIDE ./...
+```
+
+For the full list of supported unicode runes [see above](#considered-dangerous-unicode-characters) or use
+
+```shell
+bidichk --help
+```
+
 ## Inspiration
 
 * ['Trojan Source' Bug Threatens the Security of All Code](https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/)

pkg/bidichk/bidichk.go

@@ -120,6 +120,7 @@ type bidichk struct {
 	disallowedRunes disallowedRunes
 }
 
+// NewAnalyzer return a new bidichk analyzer.
 func NewAnalyzer() *analysis.Analyzer {
 	bidichk := bidichk{}
 	bidichk.disallowedRunes = make(map[string]rune, len(runeLookup))