Merge pull request #8 from 030/4-5-cache-and-upload

[#4][#5][#9][#11][#14] Cache and upload artifacts.

.github/workflows/dip.yml

@@ -0,0 +1,22 @@
+---
+name: DIP
+on: [push]
+jobs:
+  dive:
+    runs-on: ubuntu-latest
+    name: Check whether images are up-to-date
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      # yamllint disable rule:line-length
+      - name: Download DIP
+        run: curl -L https://github.com/030/dip/releases/download/4.1.0/dip-ubuntu-20.04 -o dip && chmod +x dip
+      - name: Check Alpine
+        run: ./dip image --name=alpine --regex=^3\.[0-9]+\.[0-9]+$ --dockerfile
+      - name: Check Golang
+        run: ./dip image --name=golang --regex=^1\.[0-9]+\.[0-9]+-alpine3\.[0-9]+$ --dockerfile
+      - name: Check golangci-lint
+        run: |
+          GOLANGCI_LINT_VERSION=$(./dip image --name=golangci/golangci-lint --regex=^v1\.[0-9]+\.[0-9]+-alpine$)
+          echo "Check whether the latest GolangCI version: '${GOLANGCI_LINT_VERSION}' is used..."
+          grep "golangci-lint:${GOLANGCI_LINT_VERSION}" ./.github/workflows/go.yml

.github/workflows/dive.yml

@@ -0,0 +1,17 @@
+---
+name: Dive CI
+on: [push]
+jobs:
+  dive:
+    runs-on: ubuntu-latest
+    name: Analyze image efficiency
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Build image
+        run: docker build -t utrecht/yaam:${{ github.sha }} .
+      - name: Dive
+        uses: yuichielectric/[email protected]
+        with:
+          image: utrecht/yaam:${{ github.sha }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docker.yml

@@ -0,0 +1,32 @@
+---
+name: Docker
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: version
+        id: version
+        run: echo ::set-output name=version::${GITHUB_REF#refs/tags/}
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: utrecht/yaam:${{ steps.version.outputs.version }}
+          build-args: |
+            VERSION=${{ github.ref }}
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/dockle.yml

@@ -0,0 +1,15 @@
+---
+name: Dockle
+on: [push]
+jobs:
+  dive:
+    runs-on: ubuntu-latest
+    name: Analyze image using dockle
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Build image
+        run: docker build -t utrecht/yaam:${{ github.sha }} .
+      - uses: hands-lab/dockle-action@v1
+        with:
+          image: utrecht/yaam:${{ github.sha }}

.github/workflows/go.yml

@@ -0,0 +1,45 @@
+---
+name: Go
+on: [push]
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: macos-10.15
+            shasum: shasum -a 512
+          - os: ubuntu-20.04
+            shasum: sha512sum
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.19.0
+      - name: Unit tests
+        run: go test ./... -cover
+        if: ${{ startsWith(matrix.os, 'ubuntu') }}
+      - name: Set YAAM deliverable environment variable
+        run: echo "yaam-deliverable=yaam-${{ matrix.os }}" >> $GITHUB_ENV
+      - name: Use the value
+        run: |
+          echo "${{ env.yaam-deliverable }}"
+      - name: Build
+        run: |
+          cd cmd/yaam
+          go build -buildvcs=false -ldflags "-X main.Version=${GITHUB_TAG}" -o \
+            ${{ env.yaam-deliverable }}
+          ${{ matrix.shasum }} ${{ env.yaam-deliverable }} \
+            >${{ env.yaam-deliverable }}.sha512.txt
+          chmod +x ${{ env.yaam-deliverable }}
+          cd ../..
+      - name: Quality
+        run: |
+          docker run --rm -v ${PWD}:/data markdownlint/markdownlint:0.11.0 \
+            README.md -s /data/configs/.markdownlint.rb
+          docker run --rm -v $(pwd):/data cytopia/yamllint:1.26-0.8 .
+          docker run --rm -v $(pwd):/app -w /app -e GOFLAGS=-buildvcs=false \
+            golangci/golangci-lint:v1.48.0-alpine golangci-lint run -v \
+            --timeout 2m30s
+        if: ${{ startsWith(matrix.os, 'ubuntu') }}

.github/workflows/gosec.yml

@@ -0,0 +1,34 @@
+---
+name: Run Gosec
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.19.0
+      - name: Download gosec
+        run: |
+          export GOSEC_URL=https://github.com/securego/gosec/releases/download
+          export GOSEC_VERSION=2.11.0
+          export GOSEC=${GOSEC_URL}/v${GOSEC_VERSION}/gosec_${GOSEC_VERSION}
+          curl -L ${GOSEC}_linux_amd64.tar.gz -o gosec.tar.gz
+          tar -xvf gosec.tar.gz
+          chmod +x gosec
+          ./gosec --version
+      - name: Run gosec
+        run: |
+          go version
+          ./gosec ./...

.github/workflows/hadolint.yml

@@ -0,0 +1,11 @@
+name: Hadolint
+on: [push]
+jobs:
+  dive:
+    runs-on: ubuntu-latest
+    name: Analyze image using hadolint
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: Dockerfile

.github/workflows/release.yml

@@ -0,0 +1,78 @@
+---
+name: Release
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  release:
+    name: Create Release
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: macos-10.15
+            shasum: shasum -a 512
+          - os: ubuntu-20.04
+            shasum: sha512sum
+          - os: windows-2019
+            shasum: sha512sum
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.19.0
+      - name: Set N3DR deliverable environment variable
+        run: echo "yaam-deliverable=yaam-${{ matrix.os }}" >> $GITHUB_ENV
+        if: |
+          ${{ startsWith(matrix.os, 'mac') || startsWith(matrix.os, 'ubuntu') }}
+      - name: Set N3DR deliverable environment variable on Windows
+        run: echo "yaam-deliverable=yaam-${{ matrix.os }}" >> $env:GITHUB_ENV
+        if: ${{ startsWith(matrix.os, 'windows') }}go
+      - name: Use the value
+        run: |
+          echo "${{ env.yaam-deliverable }}"
+      - name: Check whether all versions have been updated
+        run: |
+          version=$(echo "${{ github.ref }}" | sed -e "s|.*\/\(.*\)$|\1|")
+          echo "Version: ${version}"
+          echo "Checking build/package/snap/snapcraft.yaml..."
+          grep ${version} build/package/snap/snapcraft.yaml
+          echo "Checking README.md..."
+          grep "yaam:${version}" README.md
+        # yamllint disable rule:line-length
+        if: ${{ startsWith(matrix.os, 'mac') || startsWith(matrix.os, 'ubuntu') }}
+      - name: Create release
+        run: ./scripts/build.sh
+        env:
+          N3DR_DELIVERABLE: ${{ env.yaam-deliverable }}
+          GITHUB_TAG: ${{ github.ref }}
+          SHA512_CMD: ${{ matrix.shasum }}
+        if: ${{ startsWith(matrix.os, 'mac') || startsWith(matrix.os, 'ubuntu') }}
+      - name: Create release windows
+        shell: cmd
+        run: |
+          echo "GITHUB_TAG: '${{ github.ref }}'"
+          echo "N3DR_DELIVERABLE: '${{ env.yaam-deliverable }}'"
+          cd cmd/yaam
+          go build -buildvcs=false -ldflags "-X main.Version=${{ github.ref }}" -o "${{ env.yaam-deliverable }}"
+          sha512sum "${{ env.yaam-deliverable }}" > "${{ env.yaam-deliverable }}.sha512.txt"
+          chmod +x "${{ env.yaam-deliverable }}"
+          ls yaam-windows-2019
+        if: ${{ startsWith(matrix.os, 'windows') }}
+        # yamllint enable rule:line-length
+      - name: Upload binaries to release
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: cmd/yaam/${{ env.yaam-deliverable }}
+          asset_name: ${{ env.yaam-deliverable }}
+          tag: ${{ github.ref }}
+      - name: Upload checksums
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: cmd/yaam/${{ env.yaam-deliverable }}.sha512.txt
+          asset_name: ${{ env.yaam-deliverable }}.sha512.txt
+          tag: ${{ github.ref }}

.github/workflows/sonarcloud.yml

@@ -0,0 +1,37 @@
+---
+name: SonarCloud
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  sonarcloud:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.19.0
+      - name: Unit test
+        run: |
+          go test -short -cover -v -coverprofile=coverage.txt \
+          -covermode=atomic ./...
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarcloud-github-action@master
+        with:
+          args: >
+            -Dsonar.organization=030-github
+            -Dsonar.projectKey=030_yaam
+            -Dsonar.exclusions=internal/goswagger/**
+            -Dsonar.sources=.
+            -Dsonar.coverage.exclusions=**/*_test.go,internal/goswagger/**/*,cmd/**/*
+            -Dsonar.verbose=true
+            -Dsonar.go.coverage.reportPaths="coverage.txt"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/trivy.yml

@@ -0,0 +1,22 @@
+---
+name: Trivy
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t utrecht/yaam:${{ github.sha }} .
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: "utrecht/yaam:${{ github.sha }}"
+          format: "table"
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"

Dockerfile

@@ -0,0 +1,23 @@
+FROM golang:1.19.0-alpine3.16 as builder
+ENV USERNAME=yaam
+ENV BASE=/opt/${USERNAME}
+COPY . /go/${USERNAME}/
+WORKDIR /go/${USERNAME}/cmd/${USERNAME}/
+RUN apk add --no-cache curl=~7 git=~2 && \
+  CGO_ENABLED=0 go build -ldflags "-X main.Version=${VERSION}" -buildvcs=false && \
+  curl -sL https://gist.githubusercontent.com/030/54fc7ae735a163c09dcf6f3699d87e81/raw/b82514f50525e0ebf843e0dbf9bef1a382ccd40f/openshift-docker-user-entrypoint.sh > entrypoint.sh && \
+  curl -sL https://gist.githubusercontent.com/030/34a2bf3f7f1cd427dc36c86dcb1e8cf7/raw/e1be7ef3c2c1a8441e406a669a0f6b6d97dcc984/openshift-docker-user.sh > user.sh && \
+  chmod +x user.sh && \
+  ./user.sh
+
+FROM alpine:3.16.2
+ENV BIN=/usr/local/bin/
+ENV USERNAME=yaam
+ENV BASE=/opt/${USERNAME}
+ENV BASE_BIN=${BASE}/bin
+ENV PATH=${BASE_BIN}:${PATH}
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /opt/ /opt/
+USER $USERNAME
+ENTRYPOINT ["entrypoint.sh"]
+CMD ["yaam"]