From afd00bbb3af437aacaa9eba53b7f1b9f75c7be65 Mon Sep 17 00:00:00 2001 From: Paul Flynn Date: Sat, 27 Apr 2024 21:39:36 -0400 Subject: [PATCH 1/3] ci(service): build binary --- .github/workflows/build.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 000000000..0b071d8fe --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,31 @@ +# This is a GitHub action that will have two jobs: build and publish +# The build job will create a Golang Docker image with a production target for multiple architectures +# The publishing job will push the image to GitHub packages with the commit sha and build number as labels +# The image will also have some metadata labels about the build +# act --secret-file act.env --container-architecture linux/amd64 --workflows .github/workflows/build.yaml +name: build +on: + push: +jobs: + # This job will build the image using ubuntu + binary: + runs-on: ubuntu-latest + steps: + # Checkout the code from the repository + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: 1.22 + # Build a linux application + - name: Build Service + # Build optimized + run: | + go work init protocol/go lib/ocrypto sdk service + CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -o tdfsvc -a -installsuffix=cgo -ldflags="-s -w -extldflags -static" service/main.go + - name: Upload Go binary + uses: actions/upload-artifact@v3 + with: + name: tdfsvc-${{ github.sha }} + path: ./tdfsvc From 256fe2283e9223bc608e7b5b05a4739f4ea8a8a3 Mon Sep 17 00:00:00 2001 From: Paul Flynn Date: Sat, 27 Apr 2024 21:43:55 -0400 Subject: [PATCH 2/3] ci(service): build binary --- .github/dependabot.yml | 15 -- .github/workflows/build.yaml | 2 +- .github/workflows/checks.yaml | 219 --------------------- .github/workflows/lint-all.yaml | 46 ----- .github/workflows/vulnerability-check.yaml | 23 --- 5 files changed, 1 insertion(+), 304 deletions(-) delete mode 100644 .github/dependabot.yml delete mode 100644 .github/workflows/checks.yaml delete mode 100644 .github/workflows/lint-all.yaml delete mode 100644 .github/workflows/vulnerability-check.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 73893e2d4..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,15 +0,0 @@ -# dependabot.yml -# -# Documentation: -# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: monthly - - package-ecosystem: gomod - directory: / - schedule: - interval: weekly diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0b071d8fe..4fb13ed43 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -25,7 +25,7 @@ jobs: go work init protocol/go lib/ocrypto sdk service CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -o tdfsvc -a -installsuffix=cgo -ldflags="-s -w -extldflags -static" service/main.go - name: Upload Go binary - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: tdfsvc-${{ github.sha }} path: ./tdfsvc diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml deleted file mode 100644 index a31f53f84..000000000 --- a/.github/workflows/checks.yaml +++ /dev/null @@ -1,219 +0,0 @@ -name: "Checks" - -on: - pull_request: - branches: - - main - push: - branches: - - main - merge_group: - branches: - - main - types: - - checks_requested - -jobs: - pr: - name: Validate PR title - if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name) - runs-on: ubuntu-22.04 - permissions: - pull-requests: read - steps: - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - go: - runs-on: ubuntu-22.04 - permissions: - checks: write - contents: read - pull-requests: read - strategy: - matrix: - directory: - - examples - - sdk - - service - - lib/ocrypto - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "1.21.8" - cache-dependency-path: | - examples/go.sum - protocol/go/go.sum - sdk/go.sum - service/go.sum - - run: make go.work - - run: go mod download - - run: go mod verify - - name: golangci-lint - #uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 - uses: strantalis/golangci-lint-action@f4e979f5b36068d69d340547f66c991dca8b70ef - with: - version: v1.56 - working-directory: ${{ matrix.directory }} - skip-cache: true - only-new-issues: ${{ (github.event_name == 'pull_request' || github.event_name == 'merge_group') }} - args: --out-format=colored-line-number - - name: Install softHSM - if: matrix.directory == 'service' - run: |- - sudo apt-get install -y softhsm opensc openssl - sudo chmod +x /etc/softhsm - sudo chmod +r /etc/softhsm/softhsm2.conf - mkdir -p $(pwd)/.tmp/tokens - echo "directories.tokendir = $(pwd)/.tmp/tokens" > softhsm2.conf - echo "log.level = DEBUG" >> softhsm2.conf - echo "SOFTHSM2_CONF=$(pwd)/softhsm2.conf" >> "$GITHUB_ENV" - - if: matrix.directory == 'service' - run: .github/scripts/hsm-init-temporary-keys.sh - - run: go test ./... -short - working-directory: ${{ matrix.directory }} - - integration: - name: integration tests - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "1.21.8" - cache-dependency-path: | - service/go.sum - examples/go.sum - protocol/go/go.sum - sdk/go.sum - - run: make go.work - - run: go mod download - - run: go mod verify - - run: go test ./service/integration -race -failfast - - name: Install softHSM - run: |- - sudo apt-get install -y softhsm opensc openssl - sudo chmod +x /etc/softhsm - sudo chmod +r /etc/softhsm/softhsm2.conf - mkdir -p $(pwd)/.tmp/tokens - echo "directories.tokendir = $(pwd)/.tmp/tokens" > softhsm2.conf - echo "log.level = DEBUG" >> softhsm2.conf - echo "SOFTHSM2_CONF=$(pwd)/softhsm2.conf" >> "$GITHUB_ENV" - - run: .github/scripts/hsm-init-temporary-keys.sh - - run: docker compose up -d --wait --wait-timeout 240 - - run: cp opentdf-example.yaml opentdf.yaml - - run: go run ./service provision keycloak - - uses: JarvusInnovations/background-action@313d37130873d82c33fc907b9b78e932aec8e990 - name: start server in background - with: - run: | - go run ./service start - wait-on: | - tcp:localhost:8080 - log-output-if: true - wait-for: 90s - - run: go install github.com/fullstorydev/grpcurl/cmd/grpcurl@v1.8.9 - - run: grpcurl -plaintext localhost:8080 list - - run: grpcurl -plaintext localhost:8080 grpc.health.v1.Health.Check - - run: grpcurl -plaintext localhost:8080 kas.AccessService/PublicKey - - run: curl --show-error --fail --insecure localhost:8080/kas/v2/kas_public_key - - run: go run ./examples encrypt "Hello Virtru" - - run: go run ./examples decrypt sensitive.txt.tdf - - run: go run ./examples decrypt sensitive.txt.tdf | grep "Hello Virtru" - - image: - name: image build - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v5.1.0 - with: - context: . - file: ./Dockerfile - push: false - - buflint: - name: Protocol Buffer Lint and Gencode Up-to-date check - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa - - uses: bufbuild/buf-lint-action@044d13acb1f155179c606aaa2e53aea304d22058 - with: - input: service - - uses: bufbuild/buf-breaking-action@a074e988ee34efcd4927079e79c611f428354c01 - # TODO(#212) Block on breaking changes after protos are frozen - continue-on-error: true - with: - input: service - against: "https://github.com/arkavo-org/opentdf-platform.git#branch=main,subdir=service" - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "1.21.8" - cache-dependency-path: | - service/go.sum - protocol/go/go.sum - sdk/go.sum - examples/go.sum - - run: cd service && go get github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc - - run: cd service && go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc - - run: make proto-generate - - name: Restore go.mod after installing protoc-gen-doc - run: git restore {service,protocol/go}/go.{mod,sum} - - run: git diff - - run: git diff-files --ignore-submodules - - name: Check that files have been formatted before PR submission - run: git diff-files --quiet --ignore-submodules - ci: - needs: - - buflint - - go - - image - - integration - - pr - runs-on: ubuntu-latest - if: always() - steps: - - if: contains(needs.*.result, 'failure') - run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1 - - license: - name: license check - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "1.21.8" - cache: false - - run: make go.work - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 - id: deps-changed - with: - filters: | - examples: - - 'examplesk/go.*' - service: - - 'service/go.*' - sdk: - - 'sdk/go.*' - - name: install go-licenses - run: go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e - - name: check service licenses - if: steps.deps-changed.outputs.service == 'true' - run: > - go-licenses check --disallowed_types=forbidden --include_tests - ./service - - name: check sdk licenses - if: steps.deps-changed.outputs.sdk == 'true' - run: > - go-licenses check --disallowed_types=forbidden --include_tests - ./sdk - - name: check examples licenses - if: steps.deps-changed.outputs.examples == 'true' - run: > - go-licenses check --disallowed_types=forbidden --include_tests - ./examples diff --git a/.github/workflows/lint-all.yaml b/.github/workflows/lint-all.yaml deleted file mode 100644 index cf239c4d5..000000000 --- a/.github/workflows/lint-all.yaml +++ /dev/null @@ -1,46 +0,0 @@ -name: Lint - -on: - push: - branches: - - main - -jobs: - go: - runs-on: ubuntu-22.04 - permissions: - checks: write - contents: read - strategy: - matrix: - directory: - - sdk - - lib/ocrypto - - service - - examples - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "1.21" - cache-dependency-path: | - sdk/go.sum - examples/go.sum - service/go.sum - - run: make go.work - - name: golangci-lint - # uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc - uses: strantalis/golangci-lint-action@f4e979f5b36068d69d340547f66c991dca8b70ef - with: - version: v1.56 - working-directory: ${{ matrix.directory }} - args: --out-format=colored-line-number - - buf: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa - - uses: bufbuild/buf-lint-action@044d13acb1f155179c606aaa2e53aea304d22058 - with: - input: service diff --git a/.github/workflows/vulnerability-check.yaml b/.github/workflows/vulnerability-check.yaml deleted file mode 100644 index 47d468c82..000000000 --- a/.github/workflows/vulnerability-check.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: "Nightly Checks" - -on: - schedule: - - cron: "0 0 * * *" - -jobs: - vulncheck: - name: vulncheck - runs-on: ubuntu-22.04 - strategy: - matrix: - directory: - - examples - - sdk - - service - - lib/crypto - steps: - - name: govluncheck - uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 - with: - go-version-file: ${{ matrix.directory }}/go.mod - work-dir: ${{ matrix.directory }} From 2ad00e0aa9471fe73f54a3067e93c210d9ff9261 Mon Sep 17 00:00:00 2001 From: Paul Flynn Date: Sat, 27 Apr 2024 21:49:19 -0400 Subject: [PATCH 3/3] ci(service): build binary --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 4fb13ed43..8bae21566 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,7 +15,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.22 # Build a linux application