%define		debug %nil
%define		debug_package %nil
%define		commitshot d3c0d7c

Name:		vet
Version:	1.5.11
Release:	1
Summary:	Tool to achieve policy driven vetting of open source dependencies
URL:		https://github.com/safedep/vet
Source0:	%{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Group:		Development/Other
License:	ASL 2.0
BuildRequires:	go
BuildRequires:	git-core
BuildRequires:	upx

%description
Automate Open Source Package Vetting in CI/CD

vet is a tool for identifying risks in open source software
supply chain. It goes beyond just vulnerabilities and 
provides visibility on OSS package risks due to it's 
license, popularity, security hygiene, and more. vet is 
designed with the goal of enabling trusted OSS package 
consumption by integrating with CI/CD and policy as code
as guardrails.

%prep
%setup -q

%build
export GOPROXY=direct
go build --ldflags="-s -w -X main.version=%{version} -X main.commit=%{commitshot} " -o bin/%{name} .

upx bin/%{name}

# gen bash completion
bin/%{name} completion bash > %{name}-completion-bash.txt

%install
install -Dm0755 bin/%{name} %{buildroot}%{_bindir}/%{name}
install -Dm0644 %{name}-completion-bash.txt %{buildroot}%{_datadir}/bash-completion/completions/%{name}

%files
%doc README.md LICENSE docs/docs/*
%{_bindir}/%{name}
%{_datadir}/bash-completion/completions/%{name}