Foundation laying

.editorconfig

@@ -0,0 +1,11 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = true

devops/setup-gpg/README.md → .github/actions/setup-gpg/README.md

@@ -3,6 +3,7 @@
 This composite action will setup your github action to use a supplied gpg key.
 
 ## Supported Platforms
+
 - GPG
 - rpmsign/rpm
 - debsign
@@ -28,7 +29,8 @@ jobs:
           gpg-key-name: "Aerospike"
 ```
 
-### Example RPM and GPG useage
+### Example RPM and GPG usage
+
 ```yaml
 name: GPG sign rpm
 on: workflow_dispatch

devops/setup-gpg/action.yaml → .github/actions/setup-gpg/action.yaml

@@ -1,44 +1,50 @@
-name: "Setup GPG"
-description: "Configures this action to run gpg with a given key and pass"
+name: Setup GPG
+description: Configures this action to run gpg with a given key and pass
 inputs:
-  gpg-private-key: # id of input
+  gpg-private-key:
+    description: GPG private key exported as an ASCII armored version or its base64 encoding
+    # id of input
     required: true
-  gpg-key-pass: # id of input
+  gpg-key-pass:
+    description: GPG key pass
+    # id of input
     required: true
-  gpg-key-name: # id of input
+  gpg-key-name:
+    description: GPG key name
+    # id of input
     required: true
-    default: "Aerospike"
+    default: Aerospike
   gpg-public-key:
-    description: "GPG public key exported as an ASCII armored version or its base64 encoding"
+    description: GPG public key exported as an ASCII armored version or its base64 encoding
     required: true
 runs:
-  using: "composite"
+  using: composite
   steps:
-    - name: "check if private key is not empty"
+    - name: check if private key is not empty
       env:
         PRIVATE_KEY: ${{ inputs.gpg-private-key }}
       if: ${{ env.PRIVATE_KEY == '' }}
       run: |
         echo "the gpg-private-key was empty"
         exit 1
       shell: bash
-    - name: "check if key name is not empty"
+    - name: check if key name is not empty
       env:
         KEY_NAME: ${{ inputs.gpg-key-name }}
       if: ${{ env.KEY_NAME == '' }}
       run: |
         echo "the gpg-key-name was empty"
         exit 1
       shell: bash
-    - name: "check if key pass is not empty"
+    - name: check if key pass is not empty
       env:
         KEY_PASS: ${{ inputs.gpg-key-pass }}
       if: ${{ env.KEY_PASS == '' }}
       run: |
         echo "the secret gpg-key-pass was empty"
         exit 1
       shell: bash
-    - name: "check if public key pass is empty"
+    - name: check if public key pass is empty
       env:
         PUBLIC_KEY: ${{ inputs.gpg-public-key }}
       if: ${{ env.PUBLIC_KEY == '' }}

.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directories:
+      - /
+    schedule:
+      interval: daily

.github/workflows/sign-deb-test.yaml

@@ -0,0 +1,40 @@
+name: GPG sign DEB
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+permissions: read-all
+jobs:
+  sign-deb:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - ubuntu-22.04
+          - ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: setup GPG
+        uses: ./.github/actions/setup-gpg/
+        with:
+          gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
+          gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
+          gpg-key-pass: ${{ secrets.GPG_PASS }}
+          gpg-key-name: aerospike-inc
+
+      - name: Install debsigs
+        run: |
+          sudo apt-get update -y && sudo apt-get install debsigs -y
+
+      # It is required to use ether rpm or gpg directly to cache the password.
+      # This should be fixed in the future
+      # You can instead use the --passphrase-file flag if you want
+
+      - name: GPG sign deb # gpg sign and verify deb packages
+        env:
+          GPG_TTY: no-tty
+        run: |
+          debsigs --sign builder tests/*.deb
+          debsigs --verify tests/*.deb

.github/workflows/sign-file-example.yaml → .github/workflows/sign-file-test.yaml

@@ -1,24 +1,30 @@
 name: GPG sign file
-on: 
+on:
   workflow_dispatch:
   pull_request:
     branches:
       - main
+permissions: read-all
 jobs:
-  sign-deb:
-    runs-on: ubuntu-22.04
+  sign-file:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - ubuntu-22.04
+          - ubuntu-24.04
     steps:
-      - uses: actions/checkout@master
-      
+      - uses: actions/checkout@v4
+
       - name: setup GPG
-        uses: ./devops/setup-gpg
+        uses: ./.github/actions/setup-gpg/
         with:
           gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
           gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
           gpg-key-pass: ${{ secrets.GPG_PASS }}
-          gpg-key-name: "aerospike-inc"
-   
-      - name: GPG sign artifacts  # Signing other artifacts
+          gpg-key-name: aerospike-inc
+
+      - name: GPG sign artifacts # Signing other artifacts
         env:
           GPG_TTY: no-tty
           GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}

.github/workflows/sign-rpm-example.yaml → .github/workflows/sign-rpm-test.yaml

@@ -1,28 +1,33 @@
 name: GPG sign RPM
-on: 
+on:
   workflow_dispatch:
   pull_request:
     branches:
       - main
+permissions: read-all
 jobs:
   sign-rpm:
-    runs-on: ubuntu-22.04
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - ubuntu-22.04
+          - ubuntu-24.04
     steps:
-      - uses: actions/checkout@master
-      
+      - uses: actions/checkout@v4
+
       - name: setup GPG
-        uses: ./devops/setup-gpg
+        uses: ./.github/actions/setup-gpg/
         with:
           gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
           gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
           gpg-key-pass: ${{ secrets.GPG_PASS }}
-          gpg-key-name: "aerospike-inc"
-   
-      - name: Sign and check rpm # gpg sign and verify rpm packages 
+          gpg-key-name: aerospike-inc
+
+      - name: Sign and check rpm # gpg sign and verify rpm packages
         env:
           GPG_TTY: no-tty
         # your rpm here
         run: |
           rpm --addsign tests/*.rpm
           rpm --checksig tests/*.rpm
-

.github/workflows/trunk-ci.yaml

@@ -0,0 +1,26 @@
+name: Pull Request
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions: read-all
+
+jobs:
+  trunk_check:
+    name: Trunk Code Quality Runner
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write # For trunk to post annotations
+      contents: read # For repo checkout
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Trunk Code Quality
+        uses: trunk-io/trunk-action@v1

.gitignore

@@ -0,0 +1 @@
+.DS_Store

.prettierrc.yaml

@@ -0,0 +1,4 @@
+# Tabs is an accessibility accommodation for some users.
+# You might be fine with 2 spaces, some people need 6 visual spaces.
+useTabs: true
+bracketSpacing: true

.trunk/.gitignore

@@ -0,0 +1,9 @@
+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml
+tmp

.trunk/configs/.markdownlint.yaml

@@ -0,0 +1,2 @@
+# Prettier friendly markdownlint config (all formatting rules disabled)
+extends: markdownlint/style/prettier

.trunk/trunk.yaml

@@ -0,0 +1,36 @@
+# This file controls the behavior of Trunk: https://docs.trunk.io/cli
+# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
+version: 0.1
+cli:
+  version: 1.22.9
+# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
+plugins:
+  sources:
+    - id: trunk
+      ref: v1.6.6
+      uri: https://github.com/trunk-io/plugins
+# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
+runtimes:
+  enabled:
+    - [email protected]
+    - [email protected]
+# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
+lint:
+  enabled:
+    - [email protected]
+    - git-diff-check
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+actions:
+  disabled:
+    - trunk-announce
+    - trunk-check-pre-push
+    - trunk-share-with-everyone
+  enabled:
+    - commitlint
+    - trunk-check-pre-commit
+    - trunk-upgrade-available
+    - trunk-fmt-pre-commit

.vscode/extensions.json

@@ -0,0 +1,9 @@
+{
+	"recommendations": [
+		"trunk.io",
+		"streetsidesoftware.code-spell-checker",
+		"editorconfig.editorconfig"
+	],
+	// these are extensions that either duplicate or cause conflicts with trunk linters
+	"unwantedRecommendations": ["kennylong.kubernetes-yaml-formatter"]
+}

.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+	"yaml.schemas": {},
+	"cSpell.words": ["aerospike", "kennylong", "kennylong's"]
+}