add more files

Signed-off-by: Bailin He <[email protected]>
metal-toolbox · May 28, 2024 · f03d3a5 · f03d3a5
1 parent 4bc42d4
commit f03d3a5
Show file tree

Hide file tree

Showing 14 changed files with 645 additions and 2 deletions.
diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml
@@ -0,0 +1,67 @@
+env:
+  APP_NAME: ${BUILDKITE_PIPELINE_SLUG}
+  IMAGE_REPO: ghcr.io/metal-toolbox/${APP_NAME}
+  IMAGE_TAG: ${BUILDKITE_BUILD_NUMBER}-${BUILDKITE_COMMIT:0:8}
+
+steps:
+- label: ":golangci-lint: lint :lint-roller:"
+  key: "lint"
+  plugins:
+    - docker#v5.10.0:
+        environment:
+          - GOFLAGS=-buildvcs=false
+        image: "registry.hub.docker.com/golangci/golangci-lint:v1.57-alpine"
+        command: ["golangci-lint", "run", "-v", "--timeout", "5m"]
+
+- label: ":test_tube: test"
+  key: "test"
+  plugins:
+    - docker-compose#v4.16.0:
+        cli-version: 2
+        run: go
+        config: docker-compose-ci.yml
+        command: ["make", "test"]
+
+- label: ":golang: build"
+  key: "gobuild"
+  artifact_paths: "bin/${APP_NAME}"
+  plugins:
+    - docker#v5.10.0:
+        image: "golang:1.22"
+        environment:
+          - CGO_ENABLED=0
+          - GOOS=linux
+        command: ["go", "build", "-buildvcs=false", "-mod=mod", "-a", "-o", "bin/$APP_NAME"]
+
+- label: ":docker: docker build and publish"
+  key: "build"
+  depends_on: ["lint", "test", "gobuild"]
+  env:
+    BUILDKITE_PLUGINS_ALWAYS_CLONE_FRESH: "true"
+  commands: |
+    #!/bin/bash
+    echo --- Retrieve Artifacts
+    buildkite-agent artifact download "bin/${APP_NAME}" .
+    # move it to where we expect and make sure it is executable
+    cp bin/${APP_NAME} ${APP_NAME}
+    chmod +x ${APP_NAME}
+  plugins:
+    - docker-login#v2.1.0:
+        username: metal-buildkite
+        password-env: SECRET_GHCR_PUBLISH_TOKEN
+        server: ghcr.io
+    - equinixmetal-buildkite/docker-metadata#v1.0.0:
+        images:
+        - "${IMAGE_REPO}"
+        extra_tags:
+        - "${IMAGE_TAG}"
+    - equinixmetal-buildkite/docker-build#v1.1.0:
+        push: true
+        build-args:
+          - NAME=${APP_NAME}
+    - equinixmetal-buildkite/trivy#v1.18.5:
+        severity: CRITICAL,HIGH
+        ignore-unfixed: true
+        security-checks: config,secret,vuln
+        skip-files: 'cosign.key,Dockerfile.dev'
+
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @metal-toolbox/identity-core
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,47 @@
+# name: goreleaser
+
+# on:
+#   push:
+#     tags:
+#       - 'v*.*.*'
+
+# jobs:
+#   goreleaser:
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: write
+#       id-token: write
+#       packages: write
+#     steps:
+#       -
+#         name: Login to GHCR
+#         uses: docker/login-action@v2
+#         with:
+#           registry: ghcr.io
+#           username: ${{ github.actor }}
+#           password: ${{ secrets.GITHUB_TOKEN }}
+#       -
+#         name: Checkout
+#         uses: actions/checkout@v4
+#         with:
+#           fetch-depth: 0
+#       -
+#         name: Set up Go
+#         uses: actions/setup-go@v4
+#         with:
+#           go-version: "1.22"
+#       -
+#         name: install cosign
+#         uses: sigstore/cosign-installer@main
+#       -
+#         uses: anchore/sbom-action/[email protected]
+#       -
+#         name: Run GoReleaser
+#         uses: goreleaser/goreleaser-action@v5
+#         with:
+#           version: latest
+#           args: release --clean
+#         env:
+#           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#           COSIGN_EXPERIMENTAL: 1
+#           GOVERSION: "1.22"
diff --git a/.gitignore b/.gitignore
@@ -62,4 +62,6 @@ Temporary Items
 go.work
 go.work.sum
 
+bin
 tmp
+governor-extension-sdk
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,61 @@
+linters-settings:
+  goimports:
+    local-prefixes: go.metalkube.net/mf-example-microservice
+  gofumpt:
+    extra-rules: true
+
+linters:
+  enable:
+    # default linters
+    - deadcode
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - structcheck
+    - typecheck
+    - unused
+    - varcheck
+
+    # additional linters
+    - bodyclose
+    - gocritic
+    - gocyclo
+    - goerr113
+    - gofmt
+    - gofumpt
+    - goimports
+    - gomnd
+    - govet
+    - misspell
+    - noctx
+    - revive
+    - stylecheck
+    - whitespace
+    - wsl
+
+issues:
+  exclude:
+    # Default excludes from `golangci-lint run --help` with EXC0002 removed
+    # EXC0001 errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
+    - Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv). is not checked
+    # EXC0002 golint: Annoying issue about not having a comment. The rare codebase has such comments
+    # - (comment on exported (method|function|type|const)|should have( a package)? comment|comment should be of the form)
+    # EXC0003 golint: False positive when tests are defined in package 'test'
+    - func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
+    # EXC0004 govet: Common false positives
+    - (possible misuse of unsafe.Pointer|should have signature)
+    # EXC0005 staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
+    - ineffective break statement. Did you mean to break out of the outer loop
+    # EXC0006 gosec: Too many false-positives on 'unsafe' usage
+    - Use of unsafe calls should be audited
+    # EXC0007 gosec: Too many false-positives for parametrized shell calls
+    - Subprocess launch(ed with variable|ing should be audited)
+    # EXC0008 gosec: Duplicated errcheck checks
+    - (G104|G307)
+    # EXC0009 gosec: Too many issues in popular repos
+    - (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
+    # EXC0010 gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
+    - Potential file inclusion via variable
+  exclude-use-default: false
diff --git a/Makefile b/Makefile
@@ -0,0 +1,34 @@
+all: lint test
+PHONY: test coverage lint golint clean vendor docker-up docker-down unit-test
+GOOS=linux
+# use the working dir as the app name, this should be the repo name
+APP_NAME=$(shell basename $(CURDIR))
+
+test: | unit-test
+
+unit-test:
+	@echo Running unit tests...
+	@go test -cover -short -tags testtools ./...
+
+lint: golint
+
+golint: | vendor
+	@echo Linting Go files...
+	@golangci-lint run --build-tags "-tags testtools"
+
+bin/${APP_NAME}:
+	@go mod download
+	@CGO_ENABLED=0 GOOS=linux go build -mod=readonly -v -o bin/${APP_NAME}
+
+build: bin/${APP_NAME}
+
+clean: docker-clean
+	@echo Cleaning...
+	@rm -f app
+	@rm -rf ./dist/
+	@rm -rf coverage.out
+	@go clean -testcache
+
+vendor:
+	@go mod download
+	@go mod tidy
-Original file line number
+Diff line change
@@ Expand Up / @@ -62,4 +62,6 @@ Temporary Items @@
     go.work
     go.work.sum
+    bin
     tmp
+    governor-extension-sdk