Merge pull request #14 from conjurinc/reset-master

Reset project with golang based preflight CLI

Author: micahlee

.codeclimate.yml

@@ -0,0 +1,205 @@
+---
+# This is our default .CodeClimate.yml, broken out by language. Uncomment the
+# sections at the bottom that apply to your project. ACTION comments indicate
+# places where config might need to be tweaked.
+
+version: "2"
+
+checks:
+  # ----------------
+  # These maintainability checks are language independent and check against all
+  # languages
+
+  method-lines:
+    config:
+      threshold: 70
+  return-statements:
+    config:
+      threshold: 7
+
+plugins:
+  # ---------------
+  # Cross-language plugins. Should always be on.
+
+  duplication: # Looks for similar and identical code blocks
+    enabled: true
+    config:
+      languages:
+        go:
+        java:
+        javascript:
+        php:
+        python:
+          python_version: 3 # ACTION Comment this out if using Python 2
+        ruby:
+        swift:
+        typescript:
+    checks:
+      Similar code:
+        # Kept triggering on package names in Golang so I'm disabling
+        enabled: false
+
+  fixme:  # Flags any FIXME, TODO, BUG, XXX, HACK comments so they can be fixed
+    enabled: true
+    config:
+      strings:
+        - FIXME
+        - TODO
+        - HACK
+        - XXX
+        - BUG
+    exclude_patterns:
+      # Exclude `context.T O D O()` false positives
+      - "internal/configurationmanagers/kubernetes/"
+      - "internal/providers/kubernetessecrets/"
+      - "test/providers/kubernetessecrets/"
+
+  # ---------------
+  # Commonly-used languages - run time is minimal and all of these will work
+  # whether files of that language are found or not. In general, leave
+  # uncommented
+
+  # Markdown
+  markdownlint:
+    enabled: true
+    # ... CONFIG CONTENT ...
+    checks:
+      MD034:
+        enabled: false
+
+  # Go
+  gofmt:
+    enabled: true
+  golint:
+    enabled: true
+    exclude_patterns:
+      - "**/" # exclude all
+      - "!./cmd/" # unexclude just the ones we want to lint
+      - "!./internal/"
+      - "!./pkg/"
+      - "!./test/"
+  govet:
+    enabled: true
+
+  # Ruby
+  flog:
+    enabled: true
+  reek:
+    enabled: true
+  rubocop:
+    enabled: true
+    channel:
+      rubocop-0-79 # As of March 10, 2020, rubocop 0.80.1 is the latest
+      # However, it does not work with CodeClimate - throws
+      # an Invalid JSON error.
+  # ACTION uncomment bundler-audit below if using Gemfile/Gemfile.lock
+  # ACTION uncomment brakeman below if using Rails
+
+  # Shell scripts
+  shellcheck:
+    enabled: true
+    checks:
+      # Disable 'Not following' check - it doesn't handle ". ./script.sh"
+      # properly
+      SC1091:
+        enabled: false
+      SC2148:
+        enabled: false
+
+  # ---------------
+  # Other languages - will work with or without language files present. Again,
+  # runtime is minimal, so OK to leave uncommented.
+
+  # CoffeeScript
+  coffeelint:
+    enabled: true
+
+  # CSS
+  csslint:
+    enabled: true
+
+  # Groovy
+  codenarc:
+    enabled: true
+
+  # Java
+  pmd:
+    enabled: true
+  sonar-java:
+    enabled: true
+    config:
+      sonar.java.source: "7" # ACTION set this to the major version of Java used
+  # ACTION uncomment checkstyle below if Java code exists in repo
+
+  # Node.js
+  nodesecurity:
+    enabled: true
+  # ACTION uncomment eslint below if JavaScript already exists and .eslintrc
+  # file exists in repo
+
+  # PHP
+  phan:
+    enabled: true
+    config:
+      file_extensions: "php"
+  phpcodesniffer:
+    enabled: true
+    config:
+      file_extensions: "php,inc,lib"
+      # Using Wordpress standards as our one PHP repo is a Wordpress theme
+      standards: "PSR1,PSR2,WordPress,WordPress-Core,WordPress-Extra"
+  phpmd:
+    enabled: true
+    config:
+      file_extensions: "php,inc,lib"
+      rulesets: "cleancode,codesize,controversial,naming,unusedcode"
+  sonar-php:
+    enabled: true
+
+  # Python
+  bandit:
+    enabled: true
+  pep8:
+    enabled: true
+  radon:
+    enabled: true
+    # config:
+    #   python_version: 2 # ACTION Uncomment these 2 lines if using Python 2
+  sonar-python:
+    enabled: true
+
+# ---------------
+# Configuration Required Language specific - these will error and abort the
+# codeclimate run if they are turned on and certain files or configuration are
+# missing. Should be commented out unless the project already includes the
+# necessary files that the linter looks at
+
+# Ruby - requires presence of Gemfile and Gemfile.lock
+# bundler-audit:
+#   enabled: true
+
+# Rails - requires detecting a Rails application
+# brakeman:
+#   enabled: true
+
+# Chef - requires detecting a cookbook
+# foodcritic:
+#   enabled: true
+
+# Java - might require Java code? Errored when run without
+# checkstyle:
+#   enabled: true
+
+# JavaScript - requires an eslintrc to be created and added to project
+# eslint:
+#   enabled: true
+#   channel: "eslint-6"
+
+# ---------------
+# List any files/folders to exclude from checking. Wildcards accepted. Leave
+# commented if no files to exclude as an empty array will error
+exclude_patterns:
+  - ".gitignore"
+  - "dev/conjur-hacks/*.rb"
+  # Exclude autogenerated code
+  - "pkg/k8sclient/"

.dockerignore

@@ -0,0 +1,9 @@
+c.out
+internal/cmd/mocks/
+Jenkinsfile
+
+dev/
+dist/
+output/
+
+**/*.sw[po]

.github/CODEOWNERS

@@ -0,0 +1,10 @@
+* @cyberark/core-team @conjurinc/core-team @conjurdemos/core-team
+
+# Changes to .trivyignore require Security Architect approval
+.trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
+
+# Changes to .codeclimate.yml require Quality Architect approval
+.codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects
+
+# Changes to SECURITY.md require Security Architect approval
+SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+---
+
+name: goreleaser
+
+on:
+  # Run this on pushes to any branch
+  push:
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.19'
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          install-only: true
+      - name: Run GoReleaser
+        run: GORELEASER_CURRENT_TAG=v0.0.0 goreleaser release --snapshot --rm-dist
+      - name: Upload assets
+        uses: actions/upload-artifact@v3
+        with:
+          name: binaries
+          path: dist/binaries/*

.gitignore

@@ -0,0 +1,16 @@
+action/mocks/*.go
+c.out
+junit.xml
+junit.output
+key.txt
+coverage.xml
+
+output/
+dist/
+dev/tmp
+build_ca_certificate
+
+# CLI binaries
+conjur-preflight
+# Exclude binary entrypoint
+!cmd/conjur-preflight

.goreleaser.yml

@@ -0,0 +1,72 @@
+---
+project_name: conjur-preflight
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+  - main: ./cmd/conjur-preflight
+    binary: conjur-preflight
+    env:
+      - CGO_ENABLED=0
+    # Tag 'netgo' is a Go build tag that ensures a pure Go networking stack
+    # in the resulting binary instead of using the default host's stack to
+    # ensure a fully static artifact that has no dependencies.
+    flags:
+      - -tags=netgo
+      - -a
+    goos:
+      - linux
+    goamd64:
+      - v1
+    # The `Tag` override is there to provide the git commit information in the
+    # final binary. See `Static long version tags` in the `Building` section
+    # of `CONTRIBUTING.md` for more information.
+    ldflags:
+      - -w
+      - -X "github.com/cyberark/conjur-preflight/pkg/version.Tag={{ .ShortCommit }}"
+    hooks:
+      post:
+        # Copy the binary out into the <dist> path, and give the copy the name we
+        # want in the release <extra_files>.
+        - mkdir -p "{{ dir .Path }}/../binaries"
+        - cp "{{ .Path }}" "{{ dir .Path }}/../binaries/conjur-preflight{{ .Target }}{{ .Ext }}"
+
+archives:
+  - id: conjur-preflight-archive
+    files:
+      - CHANGELOG.md
+      - LICENSE
+      - README.md
+    name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}_{{.Arch}}"
+    wrap_in_directory: true
+
+checksum:
+  name_template: "SHA256SUMS.txt"
+
+nfpms:
+  - bindir: /usr/bin
+    description: CyberArk Conjur Enteprise Preflight Qualification Tool
+    file_name_template: "{{.ProjectName}}_{{.Version}}_{{.Arch}}"
+    formats:
+      - deb
+      - rpm
+    homepage: https://conjur.org
+    license: "Apache 2.0"
+    maintainer: CyberArk Maintainers <conj_maintainers@cyberark.com>
+    vendor: CyberArk
+
+snapshot:
+  name_template: "{{ .Tag }}-next"
+
+release:
+  disable: true
+  draft: true
+  extra_files:
+    - glob: CHANGELOG.md
+    - glob: LICENSE
+    - glob: README.md
+    - glob: dist/binaries

CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+### Changed
+- Nothing should go in this section, please add to the latest unreleased version
+  (and update the corresponding date), or add a new version.
+
+## [0.1.0] - 2022-12-09
+
+[Unreleased]: https://github.com/cyberark/conjur/compare/v0.0.0...HEAD

CONTRIBUTING.md

@@ -0,0 +1,19 @@
+# Contributing
+
+For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
+
+1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
+1. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
+1. Make local changes to your fork by editing files
+1. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
+1. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
+1. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+
+From here your pull request will be reviewed and once you've responded to all
+feedback it will be merged into the project. Congratulations, you're a
+contributor!
+
+## Releasing
+
+To create a new release, follow the instructions in our general release
+guidelines [here](https://github.com/cyberark/community/blob/master/Conjur/CONTRIBUTING.md#release-process).