Merge pull request #1 from ehl-jf/feature/WKS-913

WKS-916 - Initial code contribution

.github/scripts/gotest.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+
+set -e
+
+DEBUG="${DEBUG:-false}"
+GOCMD="${GOCMD:-go}"
+OUTFILE="${OUTFILE:-}"
+XUNIT_OUTFILE="${XUNIT_OUTFILE:-}"
+JSON_OUTFILE="${JSON_OUTFILE:-}"
+COVERAGE_OUTFILE="${COVERAGE_OUTFILE:-}"
+
+function echoDebug {
+  if [[ "${DEBUG}" == true ]]; then
+    echo "[gotest.sh] $@"
+  fi
+}
+
+if [[ -n "${OUTFILE}" ]]; then
+  mkdir -p "$(dirname "${OUTFILE}")"
+else
+  OUTFILE="$(mktemp)"
+fi
+if [[ -n "${XUNIT_OUTFILE}" ]]; then
+  mkdir -p "$(dirname "${XUNIT_OUTFILE}")"
+fi
+if [[ -n "${JSON_OUTFILE}" ]]; then
+  mkdir -p "$(dirname "${JSON_OUTFILE}")"
+fi
+if [[ -n "${COVERAGE_OUTFILE}" ]]; then
+  mkdir -p "$(dirname "${COVERAGE_OUTFILE}")"
+fi
+
+echoDebug "GOCMD: ${GOCMD}"
+echoDebug "Raw output file:      ${OUTFILE}"
+echoDebug "JSON output file:     ${JSON_OUTFILE}"
+echoDebug "xUnit output file:    ${XUNIT_OUTFILE}"
+echoDebug "Coverage output file: ${COVERAGE_OUTFILE}"
+
+exitCodeFile="$(mktemp)"
+echo "0" > "${exitCodeFile}"
+declare -a modargs
+GORACE="-race"
+for value in "$@"; do
+    if [ "$value" = "-norace" ]; then
+        GORACE=""
+    elif [ "$value" != "-race" ]; then
+        modargs+=("$value")
+    fi
+done
+modargs+=("$GORACE")
+
+if [[ -n "${COVERAGE_OUTFILE}" ]]; then
+    echoDebug "Collecting packages for coverage report..."
+    coverpkg=""
+    for pkg in $(go list ./...); do
+        if [[ -n "${coverpkg}" ]]; then
+            coverpkg="${coverpkg},"
+        fi
+        coverpkg="${coverpkg}${pkg}"
+    done
+    modargs+=("-coverpkg=${coverpkg}")
+    modargs+=("-coverprofile=${COVERAGE_OUTFILE}")
+fi
+
+if [[ -n "${XUNIT_OUTFILE}" ]]; then
+    # jstemmer/go-junit-report requires verbose output
+    modargs+=("-v")
+fi
+
+echoDebug "Running ${GOCMD} test ${modargs[*]}"
+# Disable log coloring (ANSI codes are invalid xml characters)
+(2>&1 DEV_DISABLE_LOG_COLORS=true ${GOCMD} test ${modargs[*]} || echo "$?" > "${exitCodeFile}") | tee "${OUTFILE}"
+exitCode="$(cat "${exitCodeFile}")"
+echoDebug "Tests Exit Code: $exitCode"
+
+if [[ -n "${JSON_OUTFILE}" ]]; then
+  echoDebug "Gernerating JSON test report at: ${JSON_OUTFILE}"
+  go tool test2json < "${OUTFILE}" > "${JSON_OUTFILE}"
+fi
+
+if [[ -n "${XUNIT_OUTFILE}" ]]; then
+  echoDebug "Ensuring jstemmer/go-junit-report is installed"
+  ${GOCMD} install github.com/jstemmer/[email protected]
+  echoDebug "Generating xUnit test report at: ${XUNIT_OUTFILE}"
+  go-junit-report < "${OUTFILE}" > "${XUNIT_OUTFILE}"
+fi
+
+echoDebug "Done"
+exit "$exitCode"

.github/workflows/analysis.yml

@@ -0,0 +1,41 @@
+name: "Static Analysis"
+on:
+  push:
+    branches:
+      - '**'
+    tags-ignore:
+      - '**'
+  pull_request:
+jobs:
+  Static-Check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Static Code Analysis
+        uses: golangci/golangci-lint-action@v5
+        with:
+          version: latest
+
+
+  Go-Sec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Run Gosec Security Scanner
+        uses: securego/[email protected]
+        with:
+          args: -exclude G204,G301,G302,G304,G306,G601,G101 -tests -exclude-dir \.*test\.* ./...

.github/workflows/cla.yml

@@ -0,0 +1,35 @@
+name: "CLA Assistant"
+on:
+  # issue_comment triggers this action on each comment on issues and pull requests
+  issue_comment:
+    types: [ created ]
+  pull_request_target:
+    types: [ opened, synchronize ]
+
+jobs:
+  CLAssistant:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions-ecosystem/action-regex-match@v2
+        id: sign-or-recheck
+        with:
+          text: ${{ github.event.comment.body }}
+          regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheck)\s*'
+
+      - name: "CLA Assistant"
+        if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }}
+        # Alpha Release
+        uses: cla-assistant/[email protected]
+        env:
+          # Generated and maintained by GitHub
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # JFrog organization secret
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_SIGN_TOKEN }}
+        with:
+          path-to-signatures: "signed_clas.json"
+          path-to-document: "https://jfrog.com/cla/"
+          remote-organization-name: "jfrog"
+          remote-repository-name: "jfrog-signed-clas"
+          # branch should not be protected
+          branch: "master"
+          allowlist: bot*

.github/workflows/frogbot-scan-pull-request.yml

@@ -0,0 +1,47 @@
+name: "Frogbot Scan Pull Request"
+on:
+  pull_request_target:
+    types: [ opened, synchronize ]
+permissions:
+  pull-requests: write
+  contents: read
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    # A pull request needs to be approved before Frogbot scans it. Any GitHub user who is associated with the
+    # "frogbot" GitHub environment can approve the pull request to be scanned.
+    environment: frogbot
+    steps:
+      - uses: jfrog/frogbot@v2
+        env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+          # [Mandatory]
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+          JF_URL: ${{ secrets.FROGBOT_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token is automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Optional]
+          # Configure the SMTP server to enable Frogbot to send emails with detected secrets in pull request scans.
+          # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
+          # JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }}
+
+          # [Mandatory if JF_SMTP_SERVER is set]
+          # The username required for authenticating with the SMTP server.
+          #JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }}
+
+          # [Mandatory if JF_SMTP_SERVER is set]
+          # The password associated with the username required for authentication with the SMTP server.
+          # JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }}
+
+          # [Optional]
+          # List of comma separated email addresses to receive email notifications about secrets
+          # detected during pull request scanning. The notification is also sent to the email set
+          # in the committer git profile regardless of whether this variable is set or not.
+          JF_EMAIL_RECEIVERS: "[email protected]"

.github/workflows/frogbot-scan-repository.yml

@@ -0,0 +1,36 @@
+name: "Frogbot Scan Repository"
+on:
+  workflow_dispatch:
+  schedule:
+    # The repository will be scanned once a day at 00:00 GMT.
+    - cron: "0 0 * * *"
+permissions:
+  contents: write
+  pull-requests: write
+  security-events: write
+jobs:
+  scan-repository:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # The repository scanning will be triggered periodically on the following branches.
+        branch: [ "main" ]
+    steps:
+      - uses: jfrog/frogbot@v2
+        env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+          # [Mandatory]
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+          JF_URL: ${{ secrets.FROGBOT_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token is automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Mandatory]
+          # The name of the branch on which Frogbot will perform the scan
+          JF_GIT_BASE_BRANCH: ${{ matrix.branch }}

.github/workflows/unit-tests.yml

@@ -0,0 +1,41 @@
+name: Go Tests
+on:
+  push:
+    branches:
+      - '**'
+    tags-ignore:
+      - '**'
+  # Triggers the workflow on labeled PRs only.
+  pull_request_target:
+    types: [labeled]
+# Ensures that only the latest commit is running for each PR at a time.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  GO-tests:
+    # Go modules doesn't allow passing credentials to a private registry using an HTTP URL. Therefore, the Go tests run against a remote Artifactory server.
+    if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
+    name: Unit tests
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: false
+
+      - name: Go Cache
+        uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: go-${{ hashFiles('**/go.sum') }}
+          restore-keys: go-
+
+      - name: Run Go tests
+        run: |
+          ${GITHUB_WORKSPACE}/.github/scripts/gotest.sh ./...

.gitignore

@@ -0,0 +1,4 @@
+.idea
+.tools
+bin
+*-nogit*

.golangci.yml

@@ -0,0 +1,45 @@
+# Options for analysis running
+# More info could be found at https://golangci-lint.run/usage/configuration/
+run:
+    # timeout for analysis, e.g. 30s, 5m, default is 1m
+    timeout: 5m
+    modules-download-mode: readonly
+
+# List of useful linters could be found at https://github.com/golangci/awesome-go-linters
+linters:
+    disable-all: true
+    enable:
+        - errcheck
+        - exportloopref
+        # - depguard
+        #    - gci
+        - gofumpt
+        - goimports
+        - gosimple
+        - govet
+        - ineffassign
+        - makezero
+        - megacheck
+        - misspell
+        - noctx
+        - nolintlint
+        #    - revive
+        - rowserrcheck
+        - sqlclosecheck
+        - staticcheck
+        #    - stylecheck
+        - unconvert
+        - unused
+        - wastedassign
+
+linters-settings:
+    staticcheck:
+        # https://staticcheck.io/docs/options#checks
+        checks: [ "all","-SA1019","-SA1029" ]
+
+issues:
+    exclude-use-default: false
+    # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+    max-issues-per-linter: 0
+    # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+    max-same-issues: 0