Correct Go version

.github/workflows/storage-advisor-release.yaml

@@ -29,6 +29,6 @@ jobs:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         goos: ${{ matrix.goos }}
         goarch: ${{ matrix.goarch }}
-        goversion: 1.20
+        goversion: 1.20.13
         project_path: "./tools/storage-advisor"
         binary_name: "storage-advisor"

tools/storage-advisor/Dockerfile

@@ -16,7 +16,12 @@ FROM ubuntu AS bin
 RUN apt-get update && apt-get install -y ca-certificates && update-ca-certificates
 
 COPY --from=build /storage-advisor /storage-advisor
-ENTRYPOINT ["/storage-advisor", "--mode=aws"]
+ENTRYPOINT ["/storage-advisor"]
+
+ENV USER_NAME=advisor
+RUN addgroup --gid 1001 $USER_NAME && \
+    adduser --ingroup $USER_NAME --shell /bin/false --disabled-password --uid 1001 $USER_NAME
+USER $USER_NAME
 
 LABEL com.joom.retention.maxCount=5
 LABEL com.joom.retention.maxCountGroup=develop

tools/storage-advisor/src/main.go

@@ -10,7 +10,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
-	"github.com/aws/smithy-go"
+	smithy "github.com/aws/smithy-go"
 	"github.com/fatih/color"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
@@ -62,27 +62,28 @@ func main() {
 
 		stsOutput, err := sts.NewFromConfig(cfg).GetCallerIdentity(rootCtx, &sts.GetCallerIdentityInput{})
 		if err != nil {
-			fmt.Printf("Error: unable to get your AWS indentity\n\n" +
-				"Possibly, you did not login to AWS or your token has expired.\n" +
-				"Please try to login again. Then, verify your identity using\n\n" +
-				"    aws sts get-caller-identity\n\n" +
-				"If you are logged in, but still see this error, you might not\n" +
-				"have permissions to list S3 bucket. Double-check that IAM role\n" +
-				"associated with the role printed by the above command.\n\n")
-
+			fmt.Printf("Error: unable to get your AWS indentity: %v\n\n"+
+				"Possibly, you did not login to AWS or your token has expired.\n"+
+				"Please try to login again. Then, verify your identity using\n\n"+
+				"    aws sts get-caller-identity\n\n"+
+				"If you are logged in, but still see this error, you might not\n"+
+				"have permissions to list S3 bucket. Double-check that IAM role\n"+
+				"associated with the role printed by the above command.\n\n", err)
 			return
 		}
 		identity := *stsOutput.Arn
 		fmt.Printf("Info: your AWS identity is %s\n", identity)
 
 		buckets, issues, err := runS3Checks(rootCtx, client)
-		var ae smithy.APIError
-		if errors.As(err, &ae) {
-			color.Red("Could not list buckets: %s: %s", ae.ErrorCode(), ae.ErrorMessage())
-			return
-		} else {
-			color.Red("Could not list buckets: %s", err.Error())
-			return
+		if err != nil {
+			var ae smithy.APIError
+			if errors.As(err, &ae) {
+				color.Red("Could not list buckets: %s: %s", ae.ErrorCode(), ae.ErrorMessage())
+				return
+			} else {
+				color.Red("Could not list buckets: %s", err.Error())
+				return
+			}
 		}
 
 		writeBasicIssues(issues, identity)

tools/storage-advisor/src/s3Issues.go

@@ -510,6 +510,8 @@ func summarizeIssues(results []Finding, checkName string) {
 // The function tries to run and return something in face of all errors, and will only
 // return error is we can't do anything -- like we can't list buckets.
 func runS3Checks(ctx context.Context, s3client *s3.Client) ([]Bucket, []FindingWithBucket, error) {
+	fmt.Printf(green("Running S3 checks\n\n"))
+
 	buckets, err := listBuckets(s3client)
 	if err != nil {
 		return nil, nil, err