refactor!: remove bundle manifest (#485)

* refactor: remove bundle manifest

Signed-off-by: Nikita Pivkin <[email protected]>

* test: update trivy matrix

Signed-off-by: Nikita Pivkin <[email protected]>

---------

Signed-off-by: Nikita Pivkin <[email protected]>

Author: nikpivkin

cmd/bundle/main.go

@@ -14,20 +14,15 @@ func main() {
 	output := flag.String("out", "bundle.tar.gz", "Output archive file path")
 	flag.Parse()
 
-	githubRef := os.Getenv("GITHUB_REF")
-	if githubRef == "" {
-		log.Println("GITHUB_REF environment variable is not provided")
-	}
-
 	log.Printf("Building bundle from root %q to %q", *root, *output)
-	if err := buildBundle(*root, *output, githubRef); err != nil {
+	if err := buildBundle(*root, *output); err != nil {
 		log.Fatalf("Error: %v", err)
 	}
 	log.Printf("Bundle %q successfully created", *output)
 }
 
-func buildBundle(root, outFile, githubRef string) error {
-	b := bundler.New(".", os.DirFS(root), bundler.WithGithubRef(githubRef))
+func buildBundle(root, outFile string) error {
+	b := bundler.New(".", os.DirFS(root))
 
 	f, err := os.Create(outFile)
 	if err != nil {

integration/check_examples_test.go

@@ -32,7 +32,7 @@ import (
 	"github.com/aquasecurity/trivy-checks/pkg/rego/metadata"
 )
 
-var trivyVersions = []string{"0.57.1", "0.58.1", "latest", "canary"}
+var trivyVersions = []string{"0.61.0", "latest", "canary"}
 
 func TestScanCheckExamples(t *testing.T) {
 	ctx := context.Background()

internal/bundler/bundler.go

@@ -2,7 +2,6 @@ package bundler
 
 import (
 	"archive/tar"
-	"bytes"
 	"compress/gzip"
 	"fmt"
 	"io"
@@ -29,13 +28,11 @@ type Bundler struct {
 	root            string
 	fsys            fs.FS
 	prefix          string // Prefix path inside the archive, e.g. "bundle"
-	githubRef       string // GitHub ref string, e.g. "refs/tags/v1.2.3"
 	filters         []FileFilter
 	plainTransforms []PlainTransform
 
-	jobs     []copyJob
-	files    map[string]string // map of source file paths to their relative destination paths in the bundle
-	manifest []byte            // prepared manifest content with placeholders replaced
+	jobs  []copyJob
+	files map[string]string // map of source file paths to their relative destination paths in the bundle
 }
 
 type Option func(*Bundler)
@@ -55,14 +52,6 @@ func WithPlainTransforms(transforms ...PlainTransform) Option {
 	}
 }
 
-// WithGithubRef sets the GitHub ref string to be used for manifest substitution.
-// The ref should be in the format "refs/tags/v1.2.3".
-func WithGithubRef(ref string) Option {
-	return func(b *Bundler) {
-		b.githubRef = ref
-	}
-}
-
 // New creates a new Bundler instance rooted at at the given directory and using the provided fs.FS.
 func New(root string, fsys fs.FS, opts ...Option) *Bundler {
 	b := &Bundler{
@@ -113,15 +102,13 @@ func defaultFilters() []FileFilter {
 	}
 }
 
-// Build prepares the list of files to archive, processes the manifest, and writes
+// Build prepares the list of files to archive and writes
 // the resulting archive as a compressed tar.gz to the provided io.Writer.
 func (b *Bundler) Build(w io.Writer) error {
 	if err := b.prepareFiles(); err != nil {
 		return err
 	}
-	if err := b.prepareManifest(); err != nil {
-		return err
-	}
+
 	return b.archive(w)
 }
 
@@ -170,44 +157,14 @@ func (b *Bundler) prepareFiles() error {
 	return nil
 }
 
-// prepareManifest reads the manifest template file, replaces the placeholder
-// "[GITHUB_SHA]" with the GitHub release version extracted from b.githubRef
-func (b *Bundler) prepareManifest() error {
-	const (
-		placeholder = "[GITHUB_SHA]"
-		prefix      = "refs/tags/v"
-	)
-
-	data, err := fs.ReadFile(b.fsys, filepath.Join(b.root, "checks", ".manifest"))
-	if err != nil {
-		return fmt.Errorf("read .manifest: %w", err)
-	}
-
-	if b.githubRef != "" {
-		releaseVersion, ok := strings.CutPrefix(b.githubRef, prefix)
-		if !ok {
-			log.Printf("GitHub ref %q does not start with %q — using unchanged value", b.githubRef, prefix)
-		}
-		log.Printf("Using GitHub ref %q -> release version %q", b.githubRef, releaseVersion)
-		data = bytes.ReplaceAll(data, []byte(placeholder), []byte(releaseVersion))
-	}
-
-	b.manifest = data
-	return nil
-}
-
-// archive writes all prepared files and the manifest into a compressed tar.gz archive
+// archive writes all prepared files into a compressed tar.gz archive
 func (b *Bundler) archive(w io.Writer) error {
 	gw := gzip.NewWriter(w)
 	defer gw.Close()
 
 	tw := tar.NewWriter(gw)
 	defer tw.Close()
 
-	if err := b.writeManifest(tw); err != nil {
-		return fmt.Errorf("write manifest: %w", err)
-	}
-
 	var added int
 	for src, dst := range b.files {
 		err := b.addFileToTar(tw, src, b.prefix+dst)
@@ -221,21 +178,6 @@ func (b *Bundler) archive(w io.Writer) error {
 	return nil
 }
 
-func (b *Bundler) writeManifest(tw *tar.Writer) error {
-	hdr := &tar.Header{
-		Name: b.prefix + ".manifest",
-		Mode: 0o644,
-		Size: int64(len(b.manifest)),
-	}
-	if err := tw.WriteHeader(hdr); err != nil {
-		return fmt.Errorf("write manifest header: %w", err)
-	}
-	if _, err := tw.Write(b.manifest); err != nil {
-		return fmt.Errorf("write manifest content: %w", err)
-	}
-	return nil
-}
-
 func (b *Bundler) addFileToTar(tw *tar.Writer, src, dst string) error {
 	fi, err := fs.Stat(b.fsys, src)
 	if err != nil {

internal/bundler/bundler_test.go

@@ -15,7 +15,6 @@ import (
 
 func TestBundlerBuild(t *testing.T) {
 	fsys := fstest.MapFS{
-		"checks/.manifest":                   &fstest.MapFile{Data: []byte("version: [GITHUB_SHA]")},
 		"checks/kubernetes/policy.rego":      &fstest.MapFile{Data: []byte("package kubernetes")},
 		"checks/kubernetes/policy.yaml":      &fstest.MapFile{Data: []byte("should be filtered out")},
 		"checks/kubernetes/policy_test.rego": &fstest.MapFile{Data: []byte("should be filtered out")},
@@ -32,7 +31,7 @@ func TestBundlerBuild(t *testing.T) {
 		"pkg/compliance/README.md":           &fstest.MapFile{Data: []byte("should be filtered out")},
 	}
 
-	b := bundler.New(".", fsys, bundler.WithGithubRef("refs/tags/v1.2.3"))
+	b := bundler.New(".", fsys)
 
 	var buf bytes.Buffer
 	require.NoError(t, b.Build(&buf))
@@ -52,12 +51,6 @@ func TestBundlerBuild(t *testing.T) {
 		}
 		require.NoError(t, err)
 		foundFiles[hdr.Name] = true
-
-		if hdr.Name == ".manifest" {
-			data, err := io.ReadAll(tr)
-			require.NoError(t, err)
-			assert.Contains(t, string(data), "version: 1.2.3")
-		}
 	}
 
 	t.Log(foundFiles)
@@ -73,7 +66,6 @@ func TestBundlerBuild(t *testing.T) {
 		"commands/config/test.yaml",
 		"commands/kubernetes/test.yaml",
 		"specs/compliance/test.yaml",
-		".manifest",
 	}
 
 	assert.Len(t, foundFiles, len(expectedFiles))