Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add github actions #2

Merged
merged 8 commits into from
Sep 6, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# CODEOWNERS reference: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

# These owners will be the default owners for everything in
# the repo. Unless a later match takes precedence,
# the following users/teams will be requested for
# review when someone opens a pull request.
* @openclarity/vmclarity-maintainers

# Enforces admin protections for repo configuration via probot settings app.
# ref: https://github.com/probot/settings#security-implications
.github/settings.yml @openclarity/vmclarity-admins
35 changes: 35 additions & 0 deletions .github/ISSUE_TEMPLATE/BUG_REPORT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
name: Bug Report
about: Report a bug to help us improve
title: ''
labels: ''
assignees: ''

---

## Description

Please provide a description of the problem.

## Expected Behavior

Please describe what you expected would happen.

## Actual Behavior

Please describe what happened instead.

## Affected Version

Please provide the version number where this issue was encountered.

## Steps to Reproduce

1. First step
1. Second step
1. etc.

## Checklist

- [ ] I have read the [contributing guidelines](https://github.com/openclarity/yara-rule-server/blob/main/CONTRIBUTING.md)
- [ ] I have verified this does not duplicate an existing issue
25 changes: 25 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
name: Feature Request
about: Suggest a feature for this project
title: ''
labels: ''
assignees: ''

---

## Problem Statement

Please describe the problem to be addressed by the proposed feature.

## Proposed Solution

Please describe what you envision the solution to this problem would look like.

## Alternatives Considered

Please briefly describe which alternatives, if any, have been considered, including merits of alternate approaches and
tradeoffs being made.

## Additional Context

Please provide any other information that may be relevant.
26 changes: 26 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
## Description

Please provide a meaningful description of what this change will do, or is for. Bonus points for including links to
related issues, other PRs, or technical references.

Note that by _not_ including a description, you are asking reviewers to do extra work to understand the context of this
change, which may lead to your PR taking much longer to review, or result in it not being reviewed at all.

## Type of Change

[ ] Bug Fix
[ ] New Feature
[ ] Breaking Change
[ ] Refactor
[ ] Documentation
[ ] Other (please describe)

## Checklist

- [ ] I have read the [contributing guidelines](https://github.com/openclarity/yara-rule-server/blob/main/CONTRIBUTING.md)
- [ ] Existing issues have been referenced (where applicable)
- [ ] I have verified this change is not present in other open pull requests
- [ ] Functionality is documented
- [ ] All code style checks pass
- [ ] New code contribution is covered by automated tests
- [ ] All new and existing tests pass
17 changes: 17 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
version: 2
updates:
- package-ecosystem: gomod
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
- package-ecosystem: docker
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
87 changes: 87 additions & 0 deletions .github/settings.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
repository:
# See https://developer.github.com/v3/repos/#edit for all available settings.

# The name of the repository. Changing this will rename the repository
name: yara-rule-server

# A short description of the repository that will show up on GitHub
description: YARA rule server download and compile rules into one binary file.

# A URL with more information about the repository
homepage: openclarity.io

# Updates the default branch for this repository.
default_branch: main

# Either `true` to enable automated security fixes, or `false` to disable
# automated security fixes.
enable_automated_security_fixes: true

# Either `true` to enable vulnerability alerts, or `false` to disable
# vulnerability alerts.
enable_vulnerability_alerts: true

# Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging.
allow_squash_merge: true

# Either `true` to allow merging pull requests with a merge commit, or `false`
# to prevent merging pull requests with merge commits.
allow_merge_commit: false

# Either `true` to allow rebase-merging pull requests, or `false` to prevent
# rebase-merging.
allow_rebase_merge: true

# Either `true` to enable automatic deletion of branches on merge, or `false` to disable
delete_branch_on_merge: true

# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options
teams:
- name: vmclarity-admins
# The permission to grant the team. Can be one of:
# * `pull` - can pull, but not push to or administer this repository.
# * `push` - can pull and push, but not administer this repository.
# * `admin` - can pull, push and administer this repository.
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
permission: admin

- name: vmclarity-maintainers
permission: maintain

# Collaborators: give specific users access to this repository.
# See https://docs.github.com/en/rest/reference/collaborators for available options
collaborators: []

branches:
- name: main
# https://docs.github.com/en/rest/reference/repos#update-branch-protection
# Branch Protection settings. Set to null to disable
protection:
# Required. Require at least one approving review on a pull request, before merging. Set to null to disable.
required_pull_request_reviews:
# The number of approvals required. (1-6)
required_approving_review_count: 1
# Dismiss approved reviews automatically when a new commit is pushed.
dismiss_stale_reviews: true
# Blocks merge until code owners have reviewed.
require_code_owner_reviews: true
# Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories.
dismissal_restrictions:
users: []
teams: []
# Required. Require status checks to pass before merging. Set to null to disable
required_status_checks:
# Required. Require branches to be up to date before merging.
strict: true
# Required. The list of status checks to require in order to merge into this branch
contexts: []
# Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
enforce_admins: true
# Prevent merge commits from being pushed to matching branches
required_linear_history: true
# Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
restrictions:
apps: []
users: []
teams: []
80 changes: 80 additions & 0 deletions .github/workflows/build-and-push-component.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: 'Build and Push Component'

on:
workflow_call:
inputs:
dockerfile:
required: true
type: string
description: 'Dockerfile to build and push'
image_name:
required: true
type: string
description: 'Name of the image to publish'
image_tag:
required: true
type: string
description: 'Image tag to build and push.'
push:
required: false
type: string
description: 'If set to true, push the image.'
default: false
upload:
required: false
type: string
description: 'If set to true, upload the image.'
default: false

jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
restore-keys: |
${{ runner.os }}-buildx-

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set build output env var
if: ${{ inputs.upload == 'true' }}
run: |
echo "OUTPUTS=type=docker,dest=/tmp/${{ inputs.image_name }}.tar" >> $GITHUB_ENV

- name: Build
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
tags: ghcr.io/openclarity/${{ inputs.image_name }}:${{ inputs.image_tag }}
file: ${{ inputs.dockerfile }}
push: ${{ inputs.push }}
outputs: "${{ env.OUTPUTS }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
build-args: |
VERSION=${{ inputs.image_tag }}
BUILD_TIMESTAMP=${{ needs.timestamp.outputs.timestamp }}
COMMIT_HASH=${{ github.sha }}

- name: Upload artifact
if: ${{ inputs.upload == 'true' }}
uses: actions/upload-artifact@v3
with:
name: ${{ inputs.image_name }}
path: /tmp/${{ inputs.image_name }}.tar
37 changes: 37 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: CI
on:
pull_request:
merge_group:

env:
GO_VERSION: "1.20"

jobs:
verification:
name: Verification
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}

- name: Check licenses
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: make license-check

- name: Run verification
run: make check

build:
needs: verification
name: Build
uses: ./.github/workflows/reusable-build-and-push.yml
with:
image_tag: ${{ github.sha }}
push: false
upload: false
16 changes: 16 additions & 0 deletions .github/workflows/main-merge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Main merge
on:
push:
branches:
- main

permissions:
packages: write

jobs:
build_and_push:
uses: ./.github/workflows/reusable-build-and-push.yml
with:
image_tag: latest
push: true
upload: false
Loading
Loading