Skip to content

Commit 117cd0f

Browse files
aserto-botaserto-bot
authored
Merge pull request #29 from aserto-dev/upd-buf
upd buf
2 parents a3498c1 + 5f6c6c6 commit 117cd0f

File tree

5 files changed

+43
-73
lines changed

5 files changed

+43
-73
lines changed

.envrc

Lines changed: 0 additions & 1 deletion
This file was deleted.

.github/workflows/build.yaml

Lines changed: 6 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,7 @@ permissions:
1919
pull-requests: write
2020

2121
env:
22-
VAULT_ADDR: https://vault.eng.aserto.com/
23-
BUF_VERSION: "1.52.1"
22+
BUF_VERSION: "1.61.0"
2423

2524
jobs:
2625
build:
@@ -31,24 +30,13 @@ jobs:
3130
uses: actions/checkout@v4
3231
with:
3332
fetch-depth: 0
34-
-
35-
name: Read Configuration
36-
uses: hashicorp/vault-action@v3
37-
id: vault
38-
with:
39-
url: ${{ env.VAULT_ADDR }}
40-
token: ${{ secrets.VAULT_TOKEN }}
41-
secrets: |
42-
kv/data/github "USERNAME" | GH_USERNAME;
43-
kv/data/github "READ_WRITE_TOKEN" | GH_TOKEN;
44-
kv/data/buf.build "ASERTO_BUF_TOKEN" | ASERTO_BUF_TOKEN;
4533
-
4634
name: Buf Build
4735
uses: bufbuild/buf-action@v1
4836
with:
4937
version: ${{ env.BUF_VERSION }}
50-
token: ${{ steps.vault.outputs.ASERTO_BUF_TOKEN}}
51-
github_token: ${{ steps.vault.outputs.GH_TOKEN}}
38+
token: ${{ secrets.ASERTO_BUF_TOKEN}}
39+
github_token: ${{ secrets.GITHUB_TOKEN}}
5240
push_disable_create: true
5341

5442
trigger-dispatches:
@@ -68,19 +56,12 @@ jobs:
6856

6957
name: Generate on ${{ matrix.cfg.project }}
7058
steps:
71-
-
72-
name: Read Configuration
73-
uses: hashicorp/vault-action@v3
74-
id: vault
75-
with:
76-
url: ${{ env.VAULT_ADDR }}
77-
token: ${{ secrets.VAULT_TOKEN }}
78-
secrets: |
79-
kv/data/github "USERNAME" | GH_USERNAME;
80-
kv/data/github "READ_WRITE_TOKEN" | GH_TOKEN;
8159
-
8260
name: Trigger dispatch
8361
run: |
8462
curl -XPOST -u "${GH_USERNAME}:${GH_TOKEN}" \
8563
-H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" \
8664
https://api.github.com/repos/aserto-dev/${{ matrix.cfg.project }}/actions/workflows/ci.yaml/dispatches --data '{"ref": "main", "inputs": {"proto_ref": "${{ github.ref }}", "proto_sha": "${{ github.sha }}" }}'
65+
env:
66+
GH_USERNAME: ${{ secrets.USERNAME }}
67+
GH_TOKEN: $${{ secrets.READ_WRITE_TOKEN }}

.github/workflows/gitleaks-check.yml

Lines changed: 0 additions & 13 deletions
This file was deleted.

.github/workflows/gitleaks.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: gitleaks
2+
on:
3+
pull_request:
4+
push:
5+
workflow_dispatch:
6+
schedule:
7+
- cron: "0 4 * * *" # run once a day at 4 AM
8+
jobs:
9+
scan:
10+
name: gitleaks
11+
runs-on: ubuntu-latest
12+
steps:
13+
- uses: actions/checkout@v6
14+
with:
15+
fetch-depth: 0
16+
- uses: gitleaks/gitleaks-action@v2
17+
env:
18+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
19+
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

makefile

Lines changed: 18 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -10,46 +10,49 @@ GOOS := $(shell go env GOOS)
1010
GOARCH := $(shell go env GOARCH)
1111
GOPRIVATE := "github.com/aserto-dev"
1212

13-
BIN_DIR := ./bin
13+
BIN_DIR := ${PWD}/bin
1414
EXT_DIR := ${PWD}/.ext
1515
EXT_BIN_DIR := ${EXT_DIR}/bin
1616
EXT_TMP_DIR := ${EXT_DIR}/tmp
1717

18-
VAULT_VER := 1.8.12
19-
SVU_VER := 3.2.3
20-
BUF_VER := 1.52.1
18+
SVU_VER := 3.3.0
19+
BUF_VER := 1.61.0
2120

2221
PROJECT := authorizer
23-
BUF_TOKEN := $(shell ${EXT_BIN_DIR}/vault kv get -field ASERTO_BUF_TOKEN kv/buf.build)
2422
BUF_REPO := "buf.build/aserto-dev/${PROJECT}"
2523
BUF_LATEST := $(shell ${EXT_BIN_DIR}/buf registry module label list ${BUF_REPO} --format json | jq -r '.labels[0].name')
26-
BUF_DEV_IMAGE := ${BIN_DIR}/${PROJECT}.bin
27-
GIT_ORG := "https://github.com/aserto-dev"
24+
BUF_DEV_IMAGE := "${PROJECT}.bin"
2825
PROTO_REPO := "pb-${PROJECT}"
26+
GIT_ORG := "https://github.com/aserto-dev"
2927

3028
RELEASE_TAG := $$(${EXT_BIN_DIR}/svu current)
3129

3230
.DEFAULT_GOAL := buf-build
3331

3432
.PHONY: deps
35-
deps: info install-vault install-buf install-svu
36-
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
37-
38-
.PHONY: vault-login
39-
vault-login:
33+
deps: info install-buf install-svu
4034
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
41-
@vault login -method=github token=$$(gh auth token)
4235

4336
.PHONY: buf-login
4437
buf-login:
4538
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
4639
@echo ${BUF_TOKEN} | ${EXT_BIN_DIR}/buf registry login --token-stdin
4740

41+
.PHONY: buf-dep-update
42+
buf-dep-update:
43+
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
44+
@${EXT_BIN_DIR}/buf dep update
45+
4846
.PHONY: buf-format
4947
buf-format:
5048
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
5149
@${EXT_BIN_DIR}/buf format -w proto
5250

51+
.PHONY: buf-build
52+
buf-build: ${BIN_DIR}
53+
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
54+
@${EXT_BIN_DIR}/buf build --output ${BIN_DIR}/${BUF_DEV_IMAGE}
55+
5356
.PHONY: buf-lint
5457
buf-lint:
5558
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
@@ -60,21 +63,11 @@ buf-breaking:
6063
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
6164
@${EXT_BIN_DIR}/buf breaking --against "${GIT_ORG}/${PROTO_REPO}.git#branch=main"
6265

63-
.PHONY: buf-build
64-
buf-build: ${BIN_DIR}
65-
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
66-
@${EXT_BIN_DIR}/buf build --output ${BUF_DEV_IMAGE}
67-
6866
.PHONY: buf-push
6967
buf-push:
7068
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
7169
@${EXT_BIN_DIR}/buf push --label ${RELEASE_TAG}
7270

73-
.PHONY: buf-dep-update
74-
buf-dep-update:
75-
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
76-
@${EXT_BIN_DIR}/buf dep update
77-
7871
.PHONY: info
7972
info:
8073
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
@@ -91,23 +84,14 @@ info:
9184
@echo "BUF_DEV_IMAGE: ${BUF_DEV_IMAGE}"
9285
@echo "PROTO_REPO: ${PROTO_REPO}"
9386

94-
.PHONY: install-vault
95-
install-vault: ${EXT_BIN_DIR} ${EXT_TMP_DIR}
96-
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
97-
@curl -s -o ${EXT_TMP_DIR}/vault.zip https://releases.hashicorp.com/vault/${VAULT_VER}/vault_${VAULT_VER}_${GOOS}_${GOARCH}.zip
98-
@unzip -o ${EXT_TMP_DIR}/vault.zip vault -d ${EXT_BIN_DIR}/ &> /dev/null
99-
@chmod +x ${EXT_BIN_DIR}/vault
100-
@${EXT_BIN_DIR}/vault --version
101-
10287
.PHONY: install-buf
10388
install-buf: ${EXT_BIN_DIR}
10489
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
105-
@gh release download v${BUF_VER} --repo https://github.com/bufbuild/buf --pattern "buf-$$(uname -s)-$$(uname -m)" --output "${EXT_BIN_DIR}/buf" --clobber
106-
@chmod +x ${EXT_BIN_DIR}/buf
90+
@GOBIN=${EXT_BIN_DIR} go install github.com/bufbuild/buf/cmd/buf@v${BUF_VER}
10791
@${EXT_BIN_DIR}/buf --version
10892

10993
.PHONY: install-svu
110-
install-svu: ${EXT_BIN_DIR} ${EXT_TMP_DIR}
94+
install-svu: ${EXT_BIN_DIR}
11195
@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
11296
@GOBIN=${EXT_BIN_DIR} go install github.com/caarlos0/svu/v3@v${SVU_VER}
11397
@${EXT_BIN_DIR}/svu --version

0 commit comments

Comments
 (0)