ci: CI build and publish packages

.circleci/config.yml

@@ -0,0 +1,137 @@
+#Splunk Connect for Syslog (SC4S) by Splunk, Inc.
+#
+#To the extent possible under law, the person who associated CC0 with
+#Splunk Connect for Syslog (SC4S) has waived all copyright and related or neighboring rights
+#to Splunk Connect for Syslog (SC4S).
+#
+#You should have received a copy of the CC0 legalcode along with this
+#work.  If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+version: 2.1
+orbs:
+  go: circleci/[email protected]
+
+jobs:
+  build:
+    machine:
+      image: ubuntu-1604:202007-01
+      docker_layer_caching: true
+    steps:
+      - checkout
+      - run:
+          name: Github packages docker Login
+          command: |
+            docker login ghcr.io -u $GH_USER -p $GH_TOKEN
+      - run:
+          name: "Build Image"
+          command: |
+            export VERSION=${CIRCLE_TAG:=CIRCLE_SHA1}       
+            docker build -f Dockerfile . -t sc4snmp-mib-server
+      - run:
+          name: Github packages push
+          command: |
+            docker tag sc4snmp-mib-server ghcr.io/splunk/splunk-connect-for-snmp-traps:<< pipeline.git.revision >>
+            docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:<< pipeline.git.revision >>
+            mkdir -p build-container || true
+            docker save sc4snmp-mib-server | gzip -c > build-container/oci_container.tar.gz
+      - store_artifacts:
+          path: build-container
+          destination: build-container
+
+  release:
+    docker:
+      - image: circleci/node:11
+    steps:
+      - checkout
+      - run: npx semantic-release
+
+  publish:
+    docker:
+      - image: circleci/python:3.7
+    steps:
+      - setup_remote_docker:
+          docker_layer_caching: true
+      - attach_workspace:
+          at: /tmp/workspace
+      - checkout
+      - go/install
+      - run:
+          name: Docker Login
+          command: |
+            docker login ghcr.io -u $GH_USER -p $GH_TOKEN
+      - run:
+          name: Github packages docker Login
+          command: |
+            docker pull ghcr.io/splunk/splunk-connect-for-snmp-traps:<< pipeline.git.revision >>
+      - run:
+          name: Release Docker Hub
+          command: |
+            export VERSION=${CIRCLE_TAG:=CIRCLE_SHA1}      
+            VERSION_DOCKER_MMP=$(echo  $VERSION | sed -n 's/v\([0-9]*\.[0-9]*\.[0-9]*\).*/\1/p')
+            VERSION_DOCKER_MM=$(echo  $VERSION | sed -n 's/v\([0-9]*\.[0-9]*\).*/\1/p')
+            VERSION_DOCKER_M=$(echo  $VERSION | sed -n 's/v\([0-9]*\).*/\1/p')
+
+            docker build -f Dockerfile . -t release
+
+            docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION
+            docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION
+            docker save ghcr.io/splunk/splunk-connect-for-snmp-traps:${VERSION} | gzip -c > /tmp/workspace/oci_container.tar.gz
+
+            docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:<< pipeline.git.revision >>
+            docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:<< pipeline.git.revision >>
+
+            docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:${CIRCLE_SHA1:0:7}
+            docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:${CIRCLE_SHA1:0:7}
+
+            if [[ $VERSION =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+              #latest
+              docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:latest
+              docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:latest
+              #MMP
+              docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION_DOCKER_MMP
+              docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION_DOCKER_MMP
+              #MM
+              docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION_DOCKER_MM
+              docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION_DOCKER_MM
+              #M
+              docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION_DOCKER_M
+              docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:$VERSION_DOCKER_M
+            else
+              #edge
+              docker tag release ghcr.io/splunk/splunk-connect-for-snmp-traps:edge
+              docker push ghcr.io/splunk/splunk-connect-for-snmp-traps:edge
+            fi
+      - run:
+          name: "Publish on GitHub"
+          command: |
+            go get -v -u github.com/tcnksm/ghr
+            PATH=$PATH:/usr/local/go/bin
+            export VERSION=${CIRCLE_TAG:=CIRCLE_SHA1}      
+            [[ $VERSION =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] && ISPRE="-prerelease"
+            $HOME/go/bin/ghr -t ${GH_TOKEN} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -c ${CIRCLE_SHA1} ${ISPRE} ${VERSION} /tmp/workspace/
+      - store_artifacts:
+          path: /tmp/workspace/
+
+workflows:
+  version: 2
+  build_test:
+    jobs:
+      - build:
+          context:
+            - gdi-github
+
+      - release:
+          requires:
+            - build
+          context:
+            - gdi-github
+
+  release:
+    jobs:
+      - publish:
+          context:
+            - gdi-github
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /^v\d*\.\d*\.\d*.*$/

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+* @rfaircloth-splunk
+package/etc/ @rfaircloth @mbonsack @nandinivij

.github/dependabot.yml

@@ -0,0 +1,23 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    commit-message:
+      prefix: "ci(actions): "
+    directory: "/.github/workflows"
+    target-branch: "main"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "pip"
+    directory: ""
+    target-branch: "main"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "build(pip): "
+      include: "scope"

.github/workflows/cla.yaml

@@ -0,0 +1,33 @@
+name: "CLA Assistant"
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened, closed, synchronize]
+
+jobs:
+  CLAssistant:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        # Alpha Release
+        uses: cla-assistant/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # the below token should have repo scope and must be manually added by you in the repository's secret
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }}
+        with:
+          path-to-signatures: ".github/signatures/version1/cla.json"
+          path-to-document: "https://github.com/splunk/splunk-connect-for-snmp-traps/blob/main/CLA.md" # e.g. a CLA or a DCO document
+          # branch should not be protected
+          branch: "main"
+          allowlist: dependabot
+          #below are the optional inputs - If the optional inputs are not given, then default values will be taken
+          #remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)
+          #remote-repository-name:  enter the  remote repository name where the signatures should be stored (Default is storing the signatures in the same repository)
+          #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
+          #signed-commit-messag e: 'For example: $contributorName has signed the CLA in #$pullRequestNo'
+          #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
+          #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
+          #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'

.github/workflows/release-notes.yaml

@@ -0,0 +1,21 @@
+name: Release-Notes-Preview
+
+on:
+  pull_request:
+  #    branches: [main, develop]
+  issue_comment:
+    types: [edited]
+
+jobs:
+  preview:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+          git fetch --prune --unshallow --tags
+      - uses: snyk/[email protected]
+        with:
+          releaseBranch: main
+        env:
+          GITHUB_PR_USERNAME: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/review-secrets.yml

@@ -0,0 +1,12 @@
+name: Review Secrets
+on:  [push]
+
+jobs:
+  review_secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Trufflehog Actions Scan
+        uses: edplato/[email protected]
+

.gitignore copy

@@ -0,0 +1,158 @@
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+mibs/.DS_Store
+.DS_Store