Check in trident

.github/workflows/build_containers.yml

@@ -0,0 +1,83 @@
+# Copyright 2020 Praetorian Security, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on:
+  push:
+    # Sequence of patterns matched against refs/tags
+    tags:
+    - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+
+name: Docker
+
+env:
+  PROJECT_ID: ${{ secrets.GCR_PROJECT }}
+
+jobs:
+  setup-build-publish-deploy:
+    name: Setup, Build, Publish, and Deploy
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - name: Get version from tags
+      id: get_version
+      run: echo ::set-env name=VERSION::${GITHUB_REF#refs/*/v}
+
+    - name: Set up gcloud command
+      uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
+      with:
+        service_account_key: ${{ secrets.GCR_SA_KEY }}
+        project_id: ${{ secrets.GCR_PROJECT }}
+        export_default_credentials: true
+
+    - run: |-
+        gcloud --quiet auth configure-docker
+
+    - name: Build to container images
+      run: |-
+        docker build \
+          --tag "gcr.io/$PROJECT_ID/webhook-worker:$VERSION"  \
+          --file deployments/docker/webhook-worker/Dockerfile \
+          .
+
+        docker build \
+          --tag "gcr.io/$PROJECT_ID/dispatcher:$VERSION"  \
+          --file deployments/docker/dispatcher/Dockerfile \
+          .
+
+        docker build \
+          --tag "gcr.io/$PROJECT_ID/orchestrator:$VERSION"  \
+          --file deployments/docker/orchestrator/Dockerfile \
+          .
+
+    - name: Tag version as latest
+      run: |-
+        docker tag "gcr.io/$PROJECT_ID/webhook-worker:$VERSION" "gcr.io/$PROJECT_ID/webhook-worker:latest"
+        docker tag "gcr.io/$PROJECT_ID/dispatcher:$VERSION"     "gcr.io/$PROJECT_ID/dispatcher:latest"
+        docker tag "gcr.io/$PROJECT_ID/orchestrator:$VERSION"   "gcr.io/$PROJECT_ID/orchestrator:latest"
+
+    - name: Publish container images to registry
+      run: |-
+        docker push "gcr.io/$PROJECT_ID/webhook-worker:$VERSION"
+        docker push "gcr.io/$PROJECT_ID/webhook-worker:latest"
+
+        docker push "gcr.io/$PROJECT_ID/dispatcher:$VERSION"
+        docker push "gcr.io/$PROJECT_ID/dispatcher:latest"
+
+        docker push "gcr.io/$PROJECT_ID/orchestrator:$VERSION"
+        docker push "gcr.io/$PROJECT_ID/orchestrator:latest"

.github/workflows/ci.yml

@@ -0,0 +1,107 @@
+# Copyright 2020 Praetorian Security, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Used as inspiration: https://github.com/caddyserver/caddy/blob/master/.github/workflows/ci.yml
+
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+      - development
+  pull_request:
+    branches:
+      - master
+      - development
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ matrix.go }}
+
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Print Go version and environment
+      id: vars
+      run: |
+        printf "Using go at: $(which go)\n"
+        printf "Go version: $(go version)\n"
+        printf "\n\nGo environment:\n\n"
+        go env
+        printf "\n\nSystem environment:\n\n"
+        env
+        # Calculate the short SHA1 hash of the git commit
+        echo "::set-output name=short_sha::$(git rev-parse --short HEAD)"
+        echo "::set-output name=go_cache::$(go env GOCACHE)"
+
+    # - name: Cache the build cache
+    #   uses: actions/cache@v2
+    #   with:
+    #     path: ${{ steps.vars.outputs.go_cache }}
+    #     key: ${{ runner.os }}-go-ci-${{ hashFiles('**/go.sum') }}
+    #     restore-keys: |
+    #       ${{ runner.os }}-go-ci
+
+    - name: Get dependencies
+      run: |
+        go get -v -t -d ./...
+
+    - name: Build all binaries
+      env:
+        CGO_ENABLED: 0
+      run: |
+        go build ./cmd/...
+
+    # Commented bits below were useful to allow the job to continue
+    # even if the tests fail, so we can publish the report separately
+    # For info about set-output, see https://stackoverflow.com/questions/57850553/github-actions-check-steps-status
+    - name: Run tests
+      # id: step_test
+      # continue-on-error: true
+      run: |
+        go test -v -coverprofile="cover-profile.out" -short -race ./...
+
+  # From https://github.com/reviewdog/action-golangci-lint
+  golangci-lint:
+    name: golangci-lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Run golangci-lint
+        uses: reviewdog/action-golangci-lint@v1
+        # uses: docker://reviewdog/action-golangci-lint:v1 # pre-build docker image
+        with:
+          github_token: ${{ secrets.github_token }}
+
+  goreleaser-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: check
+        env:
+          TAG: ${{ steps.vars.outputs.version_tag }}
+

.github/workflows/release.yml

@@ -0,0 +1,44 @@
+# Copyright 2020 Praetorian Security, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on:
+  push:
+    # Sequence of patterns matched against refs/tags
+    tags:
+    - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+
+name: Release
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.15
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}