Merge pull request #3 from sumup-oss/add-github-action

Add GitHub action

.github/workflows/go.yml

@@ -0,0 +1,129 @@
+name: Go
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+jobs:
+  test:
+    name: Test
+    strategy:
+      matrix:
+        golang: ["1.14"]
+        os: ["ubuntu-latest", "macos-latest", "windows-latest"]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Remove previous jobs
+        uses: rokroskar/workflow-run-cleanup-action@master
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        # NOTE: Don't stop master or tags jobs since they might be uploading assets and result into a partial release
+        if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/master' && matrix.os == 'ubuntu-latest'"
+
+      - name: Set up Go ${{ matrix.golang }}
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ matrix.golang }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Download golangci-lint
+        run: curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.23.8
+        if: "matrix.os == 'ubuntu-latest'"
+
+      - name: Lint
+        run: $(go env GOPATH)/bin/golangci-lint run --timeout=10m
+        if: "matrix.os == 'ubuntu-latest'"
+
+      - uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+          
+      - name: Test (continue on error)
+        run: go test -v ./...
+        if: "matrix.os == 'windows-latest'"
+        continue-on-error: true
+
+      - name: Test (stop on error)
+        run: go test -v ./...
+        if: "matrix.os != 'windows-latest'"
+        continue-on-error: false
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs: [test]
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - name: Download gox
+        run: go get github.com/mitchellh/gox
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Get Git tag
+        id: tag
+        run: echo ::set-output name=TAG::${GITHUB_REF#refs/tags/}
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build release assets
+        run: |
+          $(go env GOPATH)/bin/gox \
+           -output='build/vaulted-${{ steps.tag.outputs.TAG }}-{{ .OS }}-{{ .Arch }}' \
+           -arch='amd64' \
+           -os='linux darwin windows' \
+           -verbose \
+           -ldflags "-s -w"
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: ${{ github.ref }}
+          draft: false
+          prerelease: false
+          body: Changelog at https://github.com/sumup-oss/vaulted/blob/master/CHANGELOG.md
+
+      # TODO: Replace with glob pattern once `actions/upload-release-asset` supports it
+      - uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./build/vaulted-${{ steps.tag.outputs.TAG }}-darwin-amd64
+          asset_name: vaulted-${{ steps.tag.outputs.TAG }}-darwin-amd64
+          asset_content_type: application/octet-stream
+
+      # TODO: Replace with glob pattern once `actions/upload-release-asset` supports it
+      - uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./build/vaulted-${{ steps.tag.outputs.TAG }}-linux-amd64
+          asset_name: vaulted-${{ steps.tag.outputs.TAG }}-linux-amd64
+          asset_content_type: application/octet-stream
+
+      # TODO: Replace with glob pattern once `actions/upload-release-asset` supports it
+      - uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./build/vaulted-${{ steps.tag.outputs.TAG }}-windows-amd64
+          asset_name: vaulted-${{ steps.tag.outputs.TAG }}-windows-amd64
+          asset_content_type: application/octet-stream

.go-version

@@ -0,0 +1 @@
+1.14.0

.golangci.yml

@@ -31,6 +31,8 @@ linters-settings:
   goconst:
     min-len: 2
     min-occurrences: 2
+  gocognit:
+    min-complexity: 55
   depguard:
     list-type: blacklist
     packages:
@@ -63,6 +65,12 @@ linters:
     - gochecknoglobals
     # NOTE: Full of false positives.
     - interfacer
+    # NOTE: Function length is not an offense.
+    - funlen
+    # TODO: Fix false positives
+    - gomnd
+    # NOTE: "Packages names should not use underscores" is not a good practice while mixed caps is also disallowed.
+    - stylecheck
 issues:
   exclude-rules:
     - text: "weak cryptographic primitive"

CHANGELOG.md

@@ -53,6 +53,12 @@ Change line format:
 
 ## Unreleased (master)
 
+## v0.2.1
+
+### Changed
+
+* Commands that have sub-commands print help information by default ; Ref: https://github.com/sumup-oss/vaulted/pull/3
+
 ## v0.2.0
 
 ### Added

README.md

@@ -1,7 +1,6 @@
 # vaulted
 
-[![Build Status](https://travis-ci.org/sumup-oss/vaulted.svg?branch=master)](https://travis-ci.org/sumup-oss/vaulted)
-
+[![Build status](https://github.com/sumup-oss/vaulted/workflows/Go/badge.svg?branch=master&event=push)](https://github.com/sumup-oss/vaulted/actions?query=workflow%3AGo)
 [![Go Report Card](https://goreportcard.com/badge/github.com/sumup-oss/vaulted)](https://goreportcard.com/report/github.com/sumup-oss/vaulted)
 
 Multi purpose cryptography tool for encryption/decryption using AES256 GCM.

RELEASE_PROCESS.md

@@ -1,24 +1,19 @@
 # Release process
 
-Travis CI is used as a backbone to get releases going.
+GitHub Actions are used as a backbone to get releases going.
 
-It's currently using a secure Github API OAuth token with `public_repo` 
- permissions bound to https://github.com/syndbg .
-
 ## Rules
 
 1. Releases are only created from `master`.
-1. `master` is meant to be stable, so before tagging and create a new release, make sure that the CI checks pass.
+1. `master` is meant to be stable, so before tagging and pushing a tag, make sure that the CI checks pass.
 1. Releases are GitHub releases.
 1. Releases are following *semantic versioning*.
 1. Releases are to be named in pattern of `vX.Y.Z`. The produced binary artifacts contain the `vX.Y.Z` in their names.
 1. Changelog must up-to-date with what's going to be released. Check [CHANGELOG](./CHANGELOG.md).
 
 ## Flow
 
-1. Create a new GitHub release using https://github.com/sumup-oss/vaulted/releases/new
-1. `Tag Version` and `Release Title` are going to be in pattern of `vX.Y.Z`.
-1. `Describe this release` (content) is going to link the appropriate [CHANGELOG](./CHANGELOG.md) entry.
-1. Wait for Travis CI to pass checks
-1. Wait for the produced artifacts to be uploaded at `https://github.com/sumup-oss/vaulted/releases/tag/<vX.Y.Z>`
+1. Create a new GitHub a new tag from `master`
+1. Push it to the remote git repository.
+1. Wait for GitHub action workflow to finish
 

cli/cli.go

@@ -47,6 +47,7 @@ func readPassword(reader io.Reader) ([]byte, error) {
 	// NOTE: Since we're acting based on single characters,
 	// read only 1 byte at a time.
 	var readBuff [1]byte
+
 	for {
 		n, err := reader.Read(readBuff[:])
 
@@ -55,14 +56,17 @@ func readPassword(reader io.Reader) ([]byte, error) {
 			if readBuff[0] == '\n' {
 				return readContent, nil
 			}
+
 			readContent = append(readContent, readBuff[0])
 		}
+
 		if err != nil {
 			// NOTE: Accept EOF-terminated content if not empty,
 			// as other stdin-reading CLIs do.
 			if err == io.EOF && len(readContent) > 0 {
 				err = nil
 			}
+
 			return readContent, err
 		}
 	}

cmd/legacy.go

@@ -15,8 +15,6 @@
 package cmd
 
 import (
-	"fmt"
-
 	"github.com/spf13/cobra"
 	"github.com/sumup-oss/go-pkgs/os"
 
@@ -41,8 +39,7 @@ func NewLegacyCmd(
 		Short: "Legacy Proof-of-concept-phase commands",
 		Long:  "Legacy Proof-of-concept-phase commands that are now deprecated",
 		RunE: func(cmd *cobra.Command, args []string) error {
-			fmt.Fprintf(osExecutor.Stdout(), "Use `--help` to see available commands")
-			return nil
+			return cmd.Help()
 		},
 	}
 
@@ -70,5 +67,6 @@ func NewLegacyCmd(
 			terraformEncryptionMigrationSvc,
 		),
 	)
+
 	return cmdInstance
 }

cmd/legacy_test.go

@@ -69,7 +69,6 @@ func TestLegacyCmd_Execute(t *testing.T) {
 	outputBuff := &bytes.Buffer{}
 
 	osExecutor := ostest.NewFakeOsExecutor(t)
-	osExecutor.On("Stdout").Return(outputBuff)
 
 	b64Svc := base64.NewBase64Service()
 	rsaSvc := rsa.NewRsaService(osExecutor)
@@ -98,7 +97,27 @@ func TestLegacyCmd_Execute(t *testing.T) {
 		outputBuff,
 	)
 
-	assert.Equal(t, "Use `--help` to see available commands", outputBuff.String())
+	assert.Equal(
+		t,
+		`Legacy Proof-of-concept-phase commands that are now deprecated
+
+Usage:
+  legacy [flags]
+  legacy [command]
+
+Available Commands:
+  decrypt     Decrypt a file/value
+  encrypt     Encrypt a file/value
+  help        Help about any command
+  ini         Convert an INI file to Terraform file
+
+Flags:
+  -h, --help   help for legacy
+
+Use "legacy [command] --help" for more information about a command.
+`,
+		outputBuff.String(),
+	)
 	assert.Nil(t, err)
 
 	osExecutor.AssertExpectations(t)

cmd/root.go

@@ -15,8 +15,6 @@
 package cmd
 
 import (
-	"fmt"
-
 	"github.com/spf13/cobra"
 	"github.com/sumup-oss/go-pkgs/os"
 
@@ -50,8 +48,7 @@ func NewRootCmd(
 		SilenceErrors: true,
 		SilenceUsage:  true,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			fmt.Fprintf(osExecutor.Stdout(), "Use `--help` to see available commands")
-			return nil
+			return cmd.Help()
 		},
 	}
 

cmd/root_test.go

@@ -51,7 +51,6 @@ func TestRootCmd_Execute(t *testing.T) {
 	outputBuff := &bytes.Buffer{}
 
 	osExecutor := ostest.NewFakeOsExecutor(t)
-	osExecutor.On("Stdout").Return(outputBuff)
 
 	rsaSvc := rsa.NewRsaService(osExecutor)
 	aesSvc := aes.NewAesService(pkcs7.NewPkcs7Service())
@@ -65,7 +64,31 @@ func TestRootCmd_Execute(t *testing.T) {
 		outputBuff,
 	)
 
-	assert.Equal(t, "Use `--help` to see available commands", outputBuff.String())
+	assert.Equal(
+		t,
+		`Vault encrypt/decrypt using asymmetric RSA keys and AES
+
+Usage:
+  vaulted [flags]
+  vaulted [command]
+
+Available Commands:
+  decrypt     Decrypt a file/value
+  encrypt     Encrypt a file/value
+  help        Help about any command
+  legacy      Legacy Proof-of-concept-phase commands
+  rekey       Rekey (decrypt and encrypt using different keypair) a file/value
+  rotate      Rotate (decrypt and encrypt) a file/value
+  terraform   Terraform resources related commands
+  version     Print the version of vaulted
+
+Flags:
+  -h, --help   help for vaulted
+
+Use "vaulted [command] --help" for more information about a command.
+`,
+		outputBuff.String(),
+	)
 	assert.Nil(t, err)
 
 	osExecutor.AssertExpectations(t)