Port Zarf bundle code (#5)

Co-authored-by: razzle <[email protected]>
Co-authored-by: Wayne Starr <[email protected]>

.github/actions/golang/action.yaml

@@ -0,0 +1,9 @@
+name: setup-go
+description: "Setup Go binary and caching"
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      with:
+        go-version: 1.19.x

.github/actions/install-tools/action.yaml

@@ -0,0 +1,14 @@
+name: install-tools
+description: "Install pipeline tools"
+
+runs:
+  using: composite
+  steps:
+    - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
+
+    - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+
+    - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
+      shell: bash
+
+    - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0

.github/actions/k3d/action.yaml

@@ -0,0 +1,11 @@
+name: setup-k3d
+description: "Install k3d and create a cluster"
+
+runs:
+  using: composite
+  steps:
+    - run: "curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash"
+      shell: bash
+
+    - run: k3d cluster delete && k3d cluster create
+      shell: bash

.github/actions/save-logs/action.yaml

@@ -0,0 +1,15 @@
+name: save-logs
+description: "Save debug logs"
+
+runs:
+  using: composite
+  steps:
+    - name: Fix log permissions
+      run: |
+        sudo chown $USER /tmp/uds-*.log || echo ""
+      shell: bash
+
+    - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      with:
+        name: debug-log
+        path: /tmp/uds-*.log

.github/actions/zarf/action.yaml

@@ -0,0 +1,10 @@
+name: install-zarf
+description: "installs Zarf binary"
+
+runs:
+  using: composite
+  steps:
+    - uses: defenseunicorns/setup-zarf@main
+      with:
+        # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
+        version: v0.28.3

.github/codeql.yaml

@@ -0,0 +1,10 @@
+paths-ignore:
+  - src/pkg/packager/network.go
+  - src/pkg/utils/network.go
+  - src/pkg/utils/credentials.go
+  - docs-website/**
+  - build/**
+
+query-filters:
+  - exclude:
+      id: go/path-injection

.github/workflows/scan-codeql.yml

@@ -0,0 +1,60 @@
+name: Analyze CodeQL
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "package.json"
+      - "package-lock.json"
+      - "CODEOWNERS"
+  schedule:
+    - cron: "32 2 * * 5"
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["go"]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - name: Setup golang
+        uses: ./.github/actions/golang
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
+        env:
+          CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql.yaml
+
+      - name: Build UDS CLI
+        run: make build-cli-linux-amd
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/scan-lint.yml

@@ -0,0 +1,21 @@
+name: Validate Lint
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - name: Run Revive Action by pulling pre-built image
+        uses: docker://morphy/revive-action:v2
+        with:
+          config: revive.toml
+          # Exclude patterns, separated by semicolons (optional)
+          exclude: "src/cmd/viper.go"
+          # Path pattern (default: ./...)
+          path: "./src/..."

.github/workflows/test-k3d.yaml

@@ -0,0 +1,46 @@
+name: Test K3d Cluster
+on:
+  pull_request:
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - "CODEOWNERS"
+
+permissions:
+  contents: read
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: e2e-k3d-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - name: Setup golang
+        uses: ./.github/actions/golang
+
+      - name: Install Zarf
+        uses: ./.github/actions/zarf
+
+      - name: Build UDS-CLI binary
+        run: make build-cli-linux-amd ARCH=amd64
+
+      - name: Setup K3d
+        uses: ./.github/actions/k3d
+
+      - name: Run tests
+        run: make test
+
+      - name: Save logs
+        if: always()
+        uses: ./.github/actions/save-logs

.grype.yaml

@@ -0,0 +1,7 @@
+ignore:
+  # This vulnerability does not affect UDS as we do not instantiate a rekor client
+  - vulnerability: GHSA-2h5h-59f5-c5x9
+
+  # This vulnerability does not affect UDS as we do not instantiate a rekor client
+  - vulnerability: GHSA-frqx-jfcm-6jjr
+

Makefile

@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2023-Present The UDS Authors
+
+ARCH ?= amd64
+BUILD_ARGS := -s -w # remove debugging info
+
+build-cli-linux-amd:
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$(BUILD_ARGS)" -o build/uds main.go
+
+build-cli-linux-arm:
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="$(BUILD_ARGS)" -o build/uds-arm main.go
+
+build-cli-mac-intel:
+	GOOS=darwin GOARCH=amd64 go build -ldflags="$(BUILD_ARGS)" -o build/uds-mac-intel main.go
+
+build-cli-mac-apple:
+	GOOS=darwin GOARCH=arm64 go build -ldflags="$(BUILD_ARGS)" -o build/uds-mac-apple main.go
+
+test:
+	cd src/test && go test -failfast -v -timeout 30m
+
+clean:
+	rm -rf build