From f05ca6959875f450032af391c53e41848758ba16 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Wed, 13 Jan 2021 18:30:43 +0100 Subject: [PATCH 1/8] Add basic workflow that compiles the binary Signed-off-by: Marco Franssen --- .github/workflows/golang.yml | 43 ++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/golang.yml diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml new file mode 100644 index 000000000..160d321d5 --- /dev/null +++ b/.github/workflows/golang.yml @@ -0,0 +1,43 @@ +name: Go CI + +on: + push: + pull_request: + +jobs: + build: + runs-on: ubuntu-20.04 + + name: Continuous Integration + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + + strategy: + matrix: + go-version: [1.14, 1.15] + + fail-fast: true + + steps: + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v2.1.3 + with: + go-version: ${{ matrix.go-version }} + + - name: Check out code + uses: actions/checkout@v2 + + - name: Cache Go modules + uses: actions/cache@v2 + id: go-mod-cache + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Get dependencies + run: go mod download + + - name: Build + run: | + go build ./cmd/nv2 From 38b6f599460f1c72a2a97bd55233d6879deaa4e9 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Wed, 13 Jan 2021 18:32:09 +0100 Subject: [PATCH 2/8] Add dependabot for Go dependencies Signed-off-by: Marco Franssen --- .github/dependabot.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..6bca6ecf2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "gomod" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" From a138d27fc454a9399accd327bf1bd309f80c74b3 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Wed, 13 Jan 2021 18:31:42 +0100 Subject: [PATCH 3/8] Add dependabot for github-actions Signed-off-by: Marco Franssen --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6bca6ecf2..715f5b432 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,10 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + + - package-ecosystem: "github-actions" + # Workflow files stored in the + # default location of `.github/workflows` + directory: "/" + schedule: + interval: "weekly" From 09c6bd2b37ce27a8b645a578056fdfe9856a2d91 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Tue, 6 Apr 2021 14:14:43 +0200 Subject: [PATCH 4/8] Update workflow to use Makefile Signed-off-by: Marco Franssen --- .github/workflows/golang.yml | 8 ++++---- Makefile | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index 160d321d5..2f8f869d3 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -24,10 +24,10 @@ jobs: go-version: ${{ matrix.go-version }} - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v2.3.4 - name: Cache Go modules - uses: actions/cache@v2 + uses: actions/cache@v2.1.4 id: go-mod-cache with: path: ~/go/pkg/mod @@ -36,8 +36,8 @@ jobs: ${{ runner.os }}-go- - name: Get dependencies - run: go mod download + run: make download - name: Build run: | - go build ./cmd/nv2 + make build diff --git a/Makefile b/Makefile index b22e5aed7..03ee16570 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,10 @@ FORCE: bin/%: cmd/% FORCE $(BUILD_BINARY) +.PHONY: download +download: + go mod download + .PHONY: build build: $(addprefix bin/,$(COMMANDS)) From 422f565a3d0ba1809d4c319ba6bd163acbf02b9e Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Tue, 6 Apr 2021 14:17:55 +0200 Subject: [PATCH 5/8] Include .editorconfig compatible with go fmt Signed-off-by: Marco Franssen --- .editorconfig | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000..02a97839c --- /dev/null +++ b/.editorconfig @@ -0,0 +1,22 @@ +root = true + +[*] +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true +end_of_line = lf +indent_style = space +indent_size = 2 +tab_width = 2 + +[*.go] +indent_size = 4 +tab_width = 4 +indent_style = tab +# required for multiline strings in test cases +trim_trailing_whitespace = false + +[Makefile] +indent_size = 4 +tab_width = 4 +indent_style = tab From eaddf26068038717a7c499499235ae24e42a1b64 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Tue, 6 Apr 2021 14:25:09 +0200 Subject: [PATCH 6/8] Run CI on go 1.16 Since go 1.16 some ioutil functions are deprecated and moved into the io package. Therefore can't build with previous versions of Go anymore Signed-off-by: Marco Franssen --- .github/workflows/golang.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index 2f8f869d3..c7ccef2b7 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -13,7 +13,7 @@ jobs: strategy: matrix: - go-version: [1.14, 1.15] + go-version: [1.16] fail-fast: true From 559ad841a2ec372f76e16da3de0ec2bacbc624d7 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Tue, 6 Apr 2021 15:55:25 +0200 Subject: [PATCH 7/8] Add help task to Makefile Signed-off-by: Marco Franssen --- Makefile | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index 03ee16570..cb386d446 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -GO_BUILD_FLAGS = +GO_BUILD_FLAGS = DOCKER_PLUGINS = docker-generate docker-nv2 COMMANDS = nv2 $(DOCKER_PLUGINS) @@ -6,6 +6,11 @@ define BUILD_BINARY = go build $(GO_BUILD_FLAGS) -o $@ ./$< endef +.PHONY: help + +help: + @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-25s\033[0m %s\n", $$1, $$2}' + .PHONY: all all: build @@ -16,26 +21,26 @@ bin/%: cmd/% FORCE $(BUILD_BINARY) .PHONY: download -download: +download: ## download dependencies via go mod go mod download .PHONY: build -build: $(addprefix bin/,$(COMMANDS)) +build: $(addprefix bin/,$(COMMANDS)) ## builds binaries .PHONY: clean clean: git status --ignored --short | grep '^!! ' | sed 's/!! //' | xargs rm -rf -.PHONY: check-encoding -check-encoding: +.PHONY: check-line-endings +check-line-endings: ## check line endings ! find cmd pkg internal -name "*.go" -type f -exec file "{}" ";" | grep CRLF -.PHONY: fix-encoding -fix-encoding: +.PHONY: fix-line-endings +fix-line-endings: ## fix line endings find cmd pkg internal -type f -name "*.go" -exec sed -i -e "s/\r//g" {} + .PHONY: vendor -vendor: +vendor: ## vendores the go modules GO111MODULE=on go mod vendor .PHONY: install @@ -50,4 +55,5 @@ install-docker-%: bin/docker-% cp $< ~/.docker/cli-plugins/ .PHONY: install-docker-plugins -install-docker-plugins: $(addprefix install-,$(DOCKER_PLUGINS)) +install-docker-plugins: $(addprefix install-,$(DOCKER_PLUGINS)) ## installs the docker plugins + cp $(addprefix bin/,$(DOCKER_PLUGINS)) ~/.docker/cli-plugins/ From 03c7910a8d38c45eb24f4479c80f3d38fb1d1c04 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Wed, 21 Apr 2021 14:50:34 +0200 Subject: [PATCH 8/8] Add CI status badge Signed-off-by: Marco Franssen --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2997124dd..3609b6707 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Notary V2 (nv2) - Prototype +[![Go CI](https://github.com/notaryproject/nv2/actions/workflows/golang.yml/badge.svg)](https://github.com/notaryproject/nv2/actions/workflows/golang.yml) + nv2 is an incubation and prototype for the [Notary v2][notary-v2] efforts, securing artifacts stored in [distribution-spec][distribution-spec] based registries. The `nv2` prototype covers the scenarios outlined in [notaryproject/requirements](https://github.com/notaryproject/requirements/blob/master/scenarios.md#scenarios). It also follows the [prototyping approach described here](https://github.com/stevelasker/nv2#prototyping-approach). @@ -34,7 +36,7 @@ Public registries generally have two cateogires of content: #### End to End Experience -The user works for ACME Rockets. They build `FROM` and use certified content from docker hub. +The user works for ACME Rockets. They build `FROM` and use certified content from docker hub. Their environemt is configured to only trust content from `docker.io` and `acme-rockets.io` #### Public Certified Content @@ -53,8 +55,8 @@ Their environemt is configured to only trust content from `docker.io` and `acme- 1. The image fails to run as the user has `trust-required` enabled, and doesn't have the wabbit-networks key.The docker cli produces an error with a url for acquiring the wabbit-networks key. - The user can disable `trust-requried`, or acquire the required key. 1. The user acquires the wabbit-networks key, saves it in their local store -1. The user again runs: - - `docker run docker.io/wabbit-networks/net-monitor:latest` +1. The user again runs: + - `docker run docker.io/wabbit-networks/net-monitor:latest` and the image is sucessfully run ### Key acquisition