distributable:
  url: https://github.com/golang/vuln/archive/refs/tags/v{{version}}.tar.gz
  strip-components: 1

versions:
  github: golang/vuln/tags

provides:
  - bin/govulncheck

build:
  dependencies:
    go.dev: ^1.19
  script: |
    go mod download
    mkdir -p "{{ prefix }}"/bin
    go build -v -trimpath -ldflags="$LDFLAGS" -o $BUILDLOC ./cmd/govulncheck
  env:
    GOPROXY: https://proxy.golang.org,direct
    GOSUMDB: sum.golang.org
    GO111MODULE: on
    CGO_ENABLED: 0
    BUILDLOC: '{{prefix}}/bin/govulncheck'
    LDFLAGS:
      - -s
      - -w
    linux:
      # or segmentation fault
      # fix found here https://github.com/docker-library/golang/issues/402#issuecomment-982204575
      LDFLAGS:
      - -buildmode=pie

test:
  fixture: |
    package main

    import (
            "fmt"
            "os"

            "golang.org/x/text/language"
    )

    func main() {
            for _, arg := range os.Args[1:] {
                    tag, err := language.Parse(arg)
                    if err != nil {
                            fmt.Printf("%s: error: %v\n", arg, err)
                    } else if tag == language.Und {
                            fmt.Printf("%s: undefined\n", arg)
                    } else {
                            fmt.Printf("%s: tag %s\n", arg, tag)
                    }
            }
    }
  dependencies:
    go.dev: ^1.19
  script:
    - go mod init vuln.tutorial
    - cp $FIXTURE main.go
    - go mod tidy
    - go get golang.org/x/text@v0.3.5
    - (govulncheck ./... 2>&1 || true) | grep GO-2021-0113