diff options
-rw-r--r--.goreleaser.yaml (renamed from .goreleaser.yml)12
73 files changed, 998 insertions, 510 deletions
diff --git a/.bouncer.yaml b/.bouncer.yaml
new file mode 100644
index 0000000..9ee3121
--- /dev/null
+++ b/.bouncer.yaml
@@ -0,0 +1,12 @@
+ - BSD.*
+ - MIT.*
+ - Apache.*
+ - MPL.*
+ - ISC
+ # crypto/internal/boring is released under the openSSL license as a part of the Golang Standard Library
+ - crypto/internal/boring
diff --git a/.circleci/config.yml b/.circleci/config.yml
deleted file mode 100644
index 35375e8..0000000
--- a/.circleci/config.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-version: 2.1
- run-static-analyses:
- parameters:
- version:
- type: string
- working_directory: /home/circleci/app
- docker:
- - image: cimg/go:<< parameters.version >>
- environment:
- GO111MODULE: "on"
- steps:
- - checkout
- - restore_cache:
- keys:
- - golang-<< parameters.version >>-{{ checksum "go.sum" }}
- - run: make ci-install-go-tools
- - save_cache:
- key: golang-<< parameters.version >>-{{ checksum "go.sum" }}
- paths:
- - "/go/pkg/mod"
- - run:
- name: run static analysis
- command: make ci-static-analysis
- run-tests:
- parameters:
- version:
- type: string
- working_directory: /home/circleci/app
- docker:
- - image: cimg/go:<< parameters.version >>
- environment:
- GO111MODULE: "on"
- steps:
- - checkout
- - restore_cache:
- keys:
- - golang-<< parameters.version >>-{{ checksum "go.sum" }}
- - run: make ci-install-go-tools
- - save_cache:
- key: golang-<< parameters.version >>-{{ checksum "go.sum" }}
- paths:
- - "/go/pkg/mod"
- - run:
- name: run unit tests
- command: make ci-unit-test
- commit:
- jobs:
- - run-static-analyses:
- version: "1.19"
- - run-tests:
- version: "1.19"
- - run-tests:
- version: "1.19"
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 0cfb4a1..51d9b59 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,2 +1 @@
github: ['wagoodman']
-custom: ['']
diff --git a/.github/ISSUE_TEMPLATE/ b/.github/ISSUE_TEMPLATE/
new file mode 100644
index 0000000..6879ffd
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/
@@ -0,0 +1,20 @@
+name: Bug report
+about: Something isn't working as expected
+title: ''
+labels: bug
+assignees: ''
+**What happened**:
+**What you expected to happen**:
+**How to reproduce it (as minimally and precisely as possible)**:
+**Anything else we need to know?**:
+- OS version
+- Docker version (if applicable)
diff --git a/.github/ISSUE_TEMPLATE/ b/.github/ISSUE_TEMPLATE/
new file mode 100644
index 0000000..437f1aa
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/
@@ -0,0 +1,15 @@
+name: Feature request
+about: Got an idea for a new feature? Let us know!
+title: ''
+labels: enhancement
+assignees: ''
+**What would you like to be added**:
+**Why is this needed**:
+**Additional context**:
+<!-- Add any other context or screenshots about the feature request here. -->
diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
new file mode 100644
index 0000000..df71a17
--- /dev/null
+++ b/.github/actions/bootstrap/action.yaml
@@ -0,0 +1,76 @@
+name: "Bootstrap"
+description: "Bootstrap all tools and dependencies"
+ go-version:
+ description: "Go version to install"
+ required: true
+ default: "1.20.x"
+ use-go-cache:
+ description: "Restore go cache"
+ required: true
+ default: "true"
+ cache-key-prefix:
+ description: "Prefix all cache keys with this value"
+ required: true
+ default: "efa04b89c1b1"
+ build-cache-key-prefix:
+ description: "Prefix build cache key with this value"
+ required: true
+ default: "f8b6d31dea"
+ bootstrap-apt-packages:
+ description: "Space delimited list of tools to install via apt"
+ default: ""
+ using: "composite"
+ steps:
+ - uses: actions/setup-go@v3
+ with:
+ go-version: ${{ inputs.go-version }}
+ - name: Restore tool cache
+ id: tool-cache
+ uses: actions/cache@v3
+ with:
+ path: ${{ github.workspace }}/.tmp
+ key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-tool-${{ hashFiles('Makefile') }}
+ # note: we need to keep restoring the go mod cache before bootstrapping tools since `go install` is used in
+ # some installations of project tools.
+ - name: Restore go module cache
+ id: go-mod-cache
+ if: inputs.use-go-cache == 'true'
+ uses: actions/cache@v3
+ with:
+ path: |
+ ~/go/pkg/mod
+ key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-go-${{ inputs.go-version }}-${{ hashFiles('**/go.sum') }}
+ restore-keys: |
+ ${{ inputs.cache-key-prefix }}-${{ runner.os }}-go-${{ inputs.go-version }}-
+ - name: (cache-miss) Bootstrap project tools
+ shell: bash
+ if: steps.tool-cache.outputs.cache-hit != 'true'
+ run: make bootstrap-tools
+ - name: Restore go build cache
+ id: go-cache
+ if: inputs.use-go-cache == 'true'
+ uses: actions/cache@v3
+ with:
+ path: |
+ ~/.cache/go-build
+ key: ${{ inputs.cache-key-prefix }}-${{ }}-${{ runner.os }}-go-${{ inputs.go-version }}-${{ hashFiles('**/go.sum') }}
+ restore-keys: |
+ ${{ inputs.cache-key-prefix }}-${{ }}-${{ runner.os }}-go-${{ inputs.go-version }}-
+ - name: (cache-miss) Bootstrap go dependencies
+ shell: bash
+ if: steps.go-mod-cache.outputs.cache-hit != 'true' && inputs.use-go-cache == 'true'
+ run: make bootstrap-go
+ - name: Install apt packages
+ if: inputs.bootstrap-apt-packages != ''
+ shell: bash
+ run: |
+ DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y ${{ inputs.bootstrap-apt-packages }}
diff --git a/.github/scripts/ b/.github/scripts/
new file mode 100755
index 0000000..0ab83a3
--- /dev/null
+++ b/.github/scripts/
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+red=$(tput setaf 1)
+bold=$(tput bold)
+normal=$(tput sgr0)
+# assert we are running in CI (or die!)
+if [[ -z "$CI" ]]; then
+ echo "${bold}${red}This step should ONLY be run in CI. Exiting...${normal}"
+ exit 1
diff --git a/.github/scripts/ b/.github/scripts/
new file mode 100755
index 0000000..db14135
--- /dev/null
+++ b/.github/scripts/
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+import subprocess
+import sys
+import shlex
+class bcolors:
+ HEADER = '\033[95m'
+ OKBLUE = '\033[94m'
+ OKCYAN = '\033[96m'
+ OKGREEN = '\033[92m'
+ WARNING = '\033[93m'
+ FAIL = '\033[91m'
+ ENDC = '\033[0m'
+ BOLD = '\033[1m'
+ UNDERLINE = '\033[4m'
+if len(sys.argv) < 3:
+ print("Usage: [threshold] [go-coverage-report]")
+ sys.exit(1)
+threshold = float(sys.argv[1])
+report = sys.argv[2]
+args = shlex.split(f"go tool cover -func {report}")
+p =, capture_output=True, text=True)
+percent_coverage = float(p.stdout.splitlines()[-1].split()[-1].replace("%", ""))
+print(f"{bcolors.BOLD}Coverage: {percent_coverage}%{bcolors.ENDC}")
+if percent_coverage < threshold:
+ print(f"{bcolors.BOLD}{bcolors.FAIL}Coverage below threshold of {threshold}%{bcolors.ENDC}")
+ sys.exit(1)
diff --git a/.github/scripts/ b/.github/scripts/
new file mode 100755
index 0000000..41bc639
--- /dev/null
+++ b/.github/scripts/
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -eu
+ORIGINAL_STATE_DIR=$(mktemp -d "TEMP-original-state-XXXXXXXXX")
+TIDY_STATE_DIR=$(mktemp -d "TEMP-tidy-state-XXXXXXXXX")
+echo "Capturing original state of files..."
+cp -v go.mod go.sum "${ORIGINAL_STATE_DIR}"
+echo "Capturing state of go.mod and go.sum after running go mod tidy..."
+go mod tidy
+cp -v go.mod go.sum "${TIDY_STATE_DIR}"
+echo ""
+set +e
+# Detect difference between the git HEAD state and the go mod tidy state
+DIFF_MOD=$(diff -u "${ORIGINAL_STATE_DIR}/go.mod" "${TIDY_STATE_DIR}/go.mod")
+DIFF_SUM=$(diff -u "${ORIGINAL_STATE_DIR}/go.sum" "${TIDY_STATE_DIR}/go.sum")
+if [[ -n "${DIFF_MOD}" || -n "${DIFF_SUM}" ]]; then
+ echo "go.mod diff:"
+ echo "${DIFF_MOD}"
+ echo "go.sum diff:"
+ echo "${DIFF_SUM}"
+ echo ""
+ printf "FAILED! go.mod and/or go.sum are NOT tidy; please run 'go mod tidy'.\n\n"
+ exit 1
diff --git a/.github/scripts/ b/.github/scripts/
new file mode 100755
index 0000000..c1a5432
--- /dev/null
+++ b/.github/scripts/
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+set -eu
+bold=$(tput bold)
+normal=$(tput sgr0)
+if ! [ -x "$(command -v gh)" ]; then
+ echo "The GitHub CLI could not be found. To continue follow the instructions at"
+ exit 1
+gh auth status
+# we need all of the git state to determine the next version. Since tagging is done by
+# the release pipeline it is possible to not have all of the tags from previous releases.
+git fetch --tags
+# populates the and VERSION files
+echo "${bold}Generating changelog...${normal}"
+make changelog 2> /dev/null
+if [[ "$NEXT_VERSION" == "" || "${NEXT_VERSION}" == "(Unreleased)" ]]; then
+ echo "Could not determine the next version to release. Exiting..."
+ exit 1
+while true; do
+ read -p "${bold}Do you want to trigger a release for version '${NEXT_VERSION}'?${normal} [y/n] " yn
+ case $yn in
+ [Yy]* ) echo; break;;
+ [Nn]* ) echo; echo "Cancelling release..."; exit;;
+ * ) echo "Please answer yes or no.";;
+ esac
+echo "${bold}Kicking off release for ${NEXT_VERSION}${normal}..."
+gh workflow run release.yaml -f version=${NEXT_VERSION}
+echo "${bold}Waiting for release to start...${normal}"
+sleep 10
+set +e
+echo "${bold}Head to the release workflow to monitor the release:${normal} $(gh run list --workflow=release.yaml --limit=1 --json url --jq '.[].url')"
+id=$(gh run list --workflow=release.yaml --limit=1 --json databaseId --jq '.[].databaseId')
+gh run watch $id --exit-status || (echo ; echo "${bold}Logs of failed step:${normal}" && GH_PAGER="" gh run view $id --log-failed)
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
deleted file mode 100644
index 7778ef9..0000000
--- a/.github/workflows/pipeline.yml
+++ /dev/null
@@ -1,180 +0,0 @@
-name: 'app-pipeline'
- push:
- pull_request:
- types: [ opened, reopened ]
- unit-test:
- strategy:
- matrix:
- go-version: [1.19.x]
- # todo: support windows
- platform: [ubuntu-latest, macos-latest]
- # platform: [ubuntu-latest, macos-latest, windows-latest]
- runs-on: ${{ matrix.platform }}
- steps:
- - uses: actions/setup-go@v1
- with:
- go-version: ${{ matrix.go-version }}
- - uses: actions/checkout@v1
- - name: Cache go dependencies
- id: unit-cache-go-dependencies
- uses: actions/cache@v1
- with:
- path: ~/go/pkg/mod
- key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-go-${{ matrix.go-version }}-
- - name: Install go dependencies
- if: steps.unit-cache-go-dependencies.outputs.cache-hit != 'true'
- run: go get ./...
- - name: Test
- run: make ci-unit-test
- build-artifacts:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/setup-go@v1
- with:
- go-version: '1.19.x'
- - uses: actions/checkout@v1
- - name: Install tooling
- run: |
- make ci-install-go-tools
- make ci-install-ci-tools
- - name: Cache go dependencies
- id: package-cache-go-dependencies
- uses: actions/cache@v1
- with:
- path: ~/go/pkg/mod
- key: ${{ runner.os }}-go-prod-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-go-prod-
- - name: Install dependencies
- if: steps.package-cache-go-dependencies.outputs.cache-hit != 'true'
- run: go get ./...
- - name: Linting, formatting, and other static code analyses
- run: make ci-static-analysis
- - name: Build snapshot artifacts
- run: make ci-build-snapshot-packages
- - run: docker images wagoodman/dive
- # todo: compare against known json output in shared volume
- - name: Test production image
- run: make ci-test-production-image
- - uses: actions/upload-artifact@master
- with:
- name: artifacts
- path: dist
- test-linux-artifacts: