Skip to content

Commit

Permalink
Merge branch 'development'
Browse files Browse the repository at this point in the history
  • Loading branch information
0xERR0R committed Nov 12, 2022
2 parents 722a936 cf4e894 commit 6c61689
Show file tree
Hide file tree
Showing 90 changed files with 4,132 additions and 1,000 deletions.
15 changes: 11 additions & 4 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -1,6 1,13 @@
bin/
dist/
bin
dist
site
docs
node_modules
.git
.idea
.github
testdata/
node_modules/
.vscode
.gitignore
*.md
LICENSE
vendor
5 changes: 5 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 7,8 @@ updates:
open-pull-requests-limit: 10
assignees:
- 0xERR0R

- package-ecosystem: github-actions
directory: "/"
schedule:
interval: daily
46 changes: 18 additions & 28 deletions .github/workflows/ci-build.yml
Original file line number Diff line number Diff line change
@@ -1,45 1,35 @@
name: CI Build
on: [push, pull_request]
jobs:

build:
name: Build
make:
name: Test
runs-on: ubuntu-latest
strategy:
matrix:
make: [build, test, race, docker-build, goreleaser]
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3

- name: Set up Go 1.18
uses: actions/setup-go@v1
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.18
go-version-file: go.mod
id: go

- name: Check out code into the Go module directory
uses: actions/checkout@v1

- name: Get dependencies
run: |
go get -v -t -d ./...
if [ -f Gopkg.toml ]; then
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
dep ensure
fi
run: go mod download

- name: Build
run: make build

- name: Test
run: make test

- name: Race detection
run: make race
- name: make ${{ matrix.make }}
run: make ${{ matrix.make }}
if: matrix.make != 'goreleaser'

- name: Upload results to codecov
run: bash <(curl -s https://codecov.io/bash) -t 48d6a1a8-a66e-4f27-9cc1-a7b91c4209b2

- name: Docker images
run: make docker-build
uses: codecov/codecov-action@v3
if: matrix.make == 'test'

- name: Check GoReleaser configuration
uses: goreleaser/goreleaser-action@v2
uses: goreleaser/goreleaser-action@v3
if: matrix.make == 'goreleaser'
with:
args: check
25 changes: 25 additions & 0 deletions .github/workflows/close_stale.yml
Original file line number Diff line number Diff line change
@@ -0,0 1,25 @@
name: 'Close stale issues and PRs'
on:
schedule:
- cron: '0 4 * * *'

jobs:
stale:
runs-on: ubuntu-latest
if: github.repository_owner == '0xERR0R'
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v6
with:
stale-issue-message: 'This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.'
days-before-issue-stale: 90
days-before-pr-stale: 45
days-before-issue-close: 5
days-before-pr-close: 10
exempt-all-milestones: true
operations-per-run: 60
8 changes: 4 additions & 4 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 35,11 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -50,7 50,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C , C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -64,4 64,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
202 changes: 177 additions & 25 deletions .github/workflows/development-docker.yml
Original file line number Diff line number Diff line change
@@ -1,55 1,207 @@
name: Development docker build

on:
push:
branches:
- development
- fb-*

permissions:
security-events: write
actions: read
contents: read
packages: write

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
check:
name: Check if workflow should run
runs-on: ubuntu-latest
outputs:
enabled: ${{ steps.check.outputs.enabled }}
steps:
- name: Enabled Check
id: check
shell: bash
run: |
ENABLED=${{ secrets.DEVELOPMENT_DOCKER }}
if [[ "${{ github.repository_owner }}" == "0xERR0R" ]]; then
ENABLED="true"
fi
if [[ "${ENABLED,,}" != "true" ]]; then
echo "enabled=0" >> $GITHUB_OUTPUT
echo "Workflow is disabled"
echo "### Workflow is disabled" >> $GITHUB_STEP_SUMMARY
echo "To enable this workflow by creating a secret 'DEVELOPMENT_DOCKER' with the value 'true'" >> $GITHUB_STEP_SUMMARY
else
echo "enabled=1" >> $GITHUB_OUTPUT
echo "Workflow is enabled"
fi
docker:
if: github.repository_owner == '0xERR0R'
name: Build Docker image
runs-on: ubuntu-latest
needs: check
if: ${{ needs.check.outputs.enabled == 1 }}
outputs:
repository: ${{ steps.get_vars.outputs.repository }}
branch: ${{ steps.get_vars.outputs.branch }}
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up QEMU
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2
with:
platforms: arm,arm64

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2

- name: Get registry token
id: get_token
shell: bash
run: |
if [ "${{ secrets.CR_PAT }}" ]; then
echo "token=${{ secrets.CR_PAT }}" >> $GITHUB_OUTPUT
else
echo "token=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT
fi
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
password: ${{ steps.get_token.outputs.token }}

- name: Login to DockerHub
uses: docker/login-action@v1
if: github.repository_owner == '0xERR0R'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract branch name

- name: Populate build variables
id: get_vars
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
run: |
REPOSITORY=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
echo "repository=${REPOSITORY}" >> $GITHUB_OUTPUT
echo "REPOSITORY: ${REPOSITORY}"
BRANCH=${GITHUB_REF#refs/heads/}
echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
echo "Branch: ${BRANCH}"
VERSION=$(git describe --always --tags)
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "VERSION: ${VERSION}"
BUILD_TIME=$(date ' %Y%m%d-%H%M%S')
echo "build_time=${BUILD_TIME}" >> $GITHUB_OUTPUT
echo "BUILD_TIME: ${BUILD_TIME}"
TAGS="ghcr.io/${REPOSITORY}:${BRANCH}"
if [[ "${{ github.repository_owner }}" == "0xERR0R" ]]; then
TAGS="${TAGS} , spx01/blocky:${BRANCH}"
fi
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "TAGS: ${TAGS}"
- name: Build and push
uses: docker/build-push-action@v2
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
push: true
tags: |
ghcr.io/0xerr0r/blocky:${{ steps.extract_branch.outputs.branch }}
spx01/blocky:${{ steps.extract_branch.outputs.branch }}
- name: Scan image
uses: anchore/scan-action@v3
id: scan
with:
image: "spx01/blocky:${{ steps.extract_branch.outputs.branch }}"
fail-build: false
acs-report-enable: true
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
tags: ${{ steps.get_vars.outputs.tags }}
build-args: |
VERSION=${{ steps.get_vars.outputs.version }}
BUILD_TIME=${{ steps.get_vars.outputs.build_time }}
cache-from: type=gha
cache-to: type=gha,mode=max

repo-scan:
name: Repo vulnerability scan
runs-on: ubuntu-latest
needs: check
if: needs.check.outputs.enabled == 1
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-repo-results.sarif'
severity: 'CRITICAL'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-repo-results.sarif'

image-scan:
name: Image vulnerability scan
runs-on: ubuntu-latest
needs: docker
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Run Trivy vulnerability scanner on Docker image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }}'
format: 'sarif'
output: 'trivy-image-results.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-image-results.sarif'

image-test:
name: Test docker images
runs-on: ubuntu-latest
needs: docker
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm,arm64

- name: Test images
shell: bash
run: |
echo '::group::Version for linux/amd64'
docker run --rm ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }} version
echo '::endgroup::'
echo '::group::Version for linux/arm/v6'
docker run --platform linux/arm/v6 --rm ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }} version
echo '::endgroup::'
echo '::group::Version for linux/arm/v7'
docker run --platform linux/arm/v7 --rm ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }} version
echo '::endgroup::'
echo '::group::Version for linux/arm64'
docker run --platform linux/arm64 --rm ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }} version
echo '::endgroup::'
4 changes: 2 additions & 2 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 8,8 @@ jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.x
- run: pip install mkdocs-material
Expand Down
Loading

0 comments on commit 6c61689

Please sign in to comment.