diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..4e13b47 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @roman-khimov @smallhive diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..456f976 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,119 @@ +name: Build + +on: + pull_request: + branches: + - master + types: [opened, synchronize] + push: + # Build for the master branch. + branches: + - master + release: + # Publish released commit as Docker `latest` and `git_revision` images. + types: + - published + workflow_dispatch: + inputs: + ref: + description: 'Ref to build CLI for Ubuntu and Windows Server Core [default: latest master; examples: v0.92.0, 0a4ff9d3e4a9ab432fd5812eb18c98e03b5a7432]' + required: false + default: '' + push_image: + description: 'Push images to DockerHub [default: false; examples: true, false]' + required: false + default: 'false' + use_latest_tag: + description: 'Use `latest` tag while pushing images to DockerHub (applied to Ubuntu image only) [default: false; examples: true, false]' + required: false + default: 'false' + +jobs: + build: + name: Build + runs-on: ${{matrix.os.name}} + strategy: + matrix: + os: [{ name: ubuntu-20.04, bin-name: linux }] # { name: windows-2022, bin-name: windows }, { name: macos-12, bin-name: darwin } + arch: [amd64] # arm64 + + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.inputs.ref }} + # Allows to fetch all history for all branches and tags. Need this for proper versioning. + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.20' + cache: true + + - name: Update Go modules + run: go mod download -json + + - name: Build CLI + run: make + env: + GOARCH: ${{ matrix.arch }} + + - name: Rename CLI binary + run: mv ./bin/neofs-oauthz* ./bin/neofs-oauthz-${{ matrix.os.bin-name }}-${{ matrix.arch }}${{ (matrix.os.bin-name == 'windows' && '.exe') || '' }} + + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: neofs-oauthz-${{ matrix.os.bin-name }}-${{ matrix.arch }} + path: ./bin/neofs-oauthz* + if-no-files-found: error + + - name: Attach binary to the release as an asset + if: ${{ github.event_name == 'release' }} + run: gh release upload ${{ github.event.release.tag_name }} ./bin/neofs-oauthz-${{ matrix.os.bin-name }}-${{ matrix.arch }}${{ (matrix.os.bin-name == 'windows' && '.exe') || '' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + build_image: + needs: build + name: Build and push docker image + runs-on: ubuntu-20.04 + + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.inputs.ref }} + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to DockerHub + if: ${{ github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true') }} + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Set vars + id: setvars + run: make gh-docker-vars >> $GITHUB_OUTPUT + + - name: Set latest tag + id: setlatest + if: ${{ (github.event_name == 'release' && github.event.release.target_commitish == 'master') || (github.event_name == 'workflow_dispatch' && github.event.inputs.use_latest_tag == 'true') }} + run: echo "latest=,${{ steps.setvars.outputs.repo }}:latest" >> $GITHUB_OUTPUT + + - name: Build and push + uses: docker/build-push-action@v3 + with: + context: . + push: ${{ github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true') }} + platforms: linux/amd64 # linux/arm64 + build-args: | + REPO=github.com/${{ github.repository }} + VERSION=${{ steps.setvars.outputs.version }} + tags: ${{ steps.setvars.outputs.repo }}:${{ steps.setvars.outputs.version }}${{ steps.setlatest.outputs.latest }} diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml new file mode 100644 index 0000000..40ed8fc --- /dev/null +++ b/.github/workflows/dco.yml @@ -0,0 +1,21 @@ +name: DCO check + +on: + pull_request: + branches: + - master + +jobs: + commits_check_job: + runs-on: ubuntu-latest + name: Commits Check + steps: + - name: Get PR Commits + id: 'get-pr-commits' + uses: tim-actions/get-pr-commits@master + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: DCO Check + uses: tim-actions/dco@master + with: + commits: ${{ steps.get-pr-commits.outputs.commits }} diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml new file mode 100644 index 0000000..6403c5f --- /dev/null +++ b/.github/workflows/run_tests.yml @@ -0,0 +1,96 @@ +name: Tests + +on: + push: + branches: [ master ] + pull_request: + branches: + - master + types: [opened, synchronize] + paths-ignore: + - 'scripts/**' + - '**/*.md' + workflow_dispatch: + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + + steps: + - uses: actions/setup-go@v4 + with: + go-version: '1.18' + - uses: actions/checkout@v3 + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: latest + + codeql: + name: CodeQL + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + + tests: + name: Run tests + runs-on: ubuntu-20.04 + strategy: + matrix: + go_versions: [ '1.18', '1.19', '1.20' ] + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '${{ matrix.go_versions }}' + cache: true + + - name: Update Go modules + run: go mod download -json + + - name: Run tests + run: go test -v -race ./... diff --git a/Dockerfile b/Dockerfile index 7a34d6f..398aafe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.16-alpine as basebuilder +FROM golang:1.20-alpine as basebuilder RUN apk add --update make bash ca-certificates FROM basebuilder as builder diff --git a/Makefile b/Makefile index 8fdc18c..01f1d67 100644 --- a/Makefile +++ b/Makefile @@ -48,6 +48,11 @@ image: -f Dockerfile \ -t $(HUB_IMAGE):$(HUB_TAG) . +gh-docker-vars: + @echo "file=Dockerfile" + @echo "version=$(HUB_TAG)" + @echo "repo=$(HUB_IMAGE)" + # Run tests test: @go test ./... -cover diff --git a/cmd/neofs-oauthz/config.go b/cmd/neofs-oauthz/config.go index 91e9ecb..b85d809 100644 --- a/cmd/neofs-oauthz/config.go +++ b/cmd/neofs-oauthz/config.go @@ -116,10 +116,9 @@ func newConfig() *viper.Viper { if !v.IsSet(cmdConfig) { fmt.Println("config path is mandatory") os.Exit(1) - } else { - if err := readConfig(v); err != nil { - panic(err) - } + } + if err := readConfig(v); err != nil { + panic(err) } return v