chore: merged from main

Signed-off-by: Bruno Bressi <[email protected]>
telekom · Dec 6, 2023 · 30ef704 · 30ef704
2 parents d3db577 + faab23e
commit 30ef704
Show file tree

Hide file tree

Showing 47 changed files with 1,435 additions and 88 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,64 @@
+name: Contiuous Integration
+
+on:
+  push:
+  pull_request:
+
+permissions:
+  contents: write
+  packages: write
+  security-events: write
+
+jobs:
+  rel:
+    name: Build, scan & push Snapshot
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      packages: write
+      security-events: write
+
+    steps:
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+
+      - name: Build snapshot artifacts
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: latest
+          args: release --snapshot --clean --config .goreleaser-ci.yaml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get Version
+        id: version
+        run: echo "value=commit-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: "ghcr.io/caas-team/sparrow:${{ steps.version.outputs.value }}"
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"
+
+      - name: Registry login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push snapshot container image
+        run: docker push ghcr.io/caas-team/sparrow:${{ steps.version.outputs.value }}
diff --git a/.github/workflows/end2end.yml b/.github/workflows/end2end.yml
@@ -0,0 +1,84 @@
+# This workflow installs 1 instance of sparrow and
+# verify the API output
+
+name: End2End Testing
+on:
+  push:
+    paths:
+    - 'chart/**'
+
+jobs:
+  end2end:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+    - name: Set up K3S
+      uses: debianmaster/actions-k3s@master
+      id: k3s
+      with:
+        version: 'v1.26.9-k3s1'
+    - name: Check Cluster
+      run: |
+        kubectl get nodes
+    - name: Check Coredns Deployment
+      run: |
+        kubectl -n kube-system rollout status deployment/coredns --timeout=60s
+        STATUS=$(kubectl -n kube-system get deployment coredns -o jsonpath={.status.readyReplicas})
+        if [[ $STATUS  -ne  1 ]]
+        then
+          echo "Deployment coredns not ready"
+          kubectl -n kube-system get events
+          exit 1
+        else
+          echo "Deployment coredns OK"
+        fi
+    - name: Check Metricsserver Deployment
+      run: |
+        kubectl -n kube-system rollout status deployment/metrics-server --timeout=60s
+        STATUS=$(kubectl -n kube-system get deployment metrics-server -o jsonpath={.status.readyReplicas})
+        if [[ $STATUS  -ne  1 ]]
+        then
+          echo "Deployment metrics-server not ready"
+          kubectl -n kube-system get events
+          exit 1
+        else
+          echo "Deployment metrics-server OK"
+        fi
+    - name: Setup Helm
+      run: |
+        curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+        helm version
+    - name: Get Image Tag
+      id: version
+      run: echo "value=commit-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+    - name: Install Sparrow
+      run: |
+        helm upgrade -i sparrow \
+          --atomic \
+          --timeout 300s \
+          --set extraArgs.loaderType=file \
+          --set extraArgs.loaderFilePath=/runconfig/checks.yaml \
+          --set image.tag=${{ steps.version.outputs.value }} \
+          chart
+    - name: Check Pods
+      run: |
+        kubectl get pods
+    - name: Wait for Sparrow
+      run: |
+        sleep 60
+    - name: Healthcheck
+      run: |
+        kubectl create job curl --image=quay.io/curl/curl:latest -- curl -f -v -H 'Content-Type: application/json'  http://sparrow:8080/v1/metrics/health
+        kubectl wait --for=condition=complete job/curl
+        STATUS=$(kubectl get job curl -o jsonpath={.status.succeeded})
+        if [[ $STATUS  -ne  1 ]]
+        then
+          echo "Job failed"
+          kubectl logs -ljob-name=curl
+          kubectl delete job curl
+          exit 1
+        else
+          echo "Job OK"
+          kubectl delete job curl
+        fi
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,56 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v[012].[0-9]+.[0-9]+"
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  main:
+    name: Release Sparrow
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build, push & release
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  helm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Registry login
+        run: helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Helm lint
+        run: helm lint ./chart
+
+      - name: Helm package
+        run: helm package ./chart -d ./chart
+
+      - name: Push helm package
+        run: helm push $(ls ./chart/*.tgz| head -1) oci://ghcr.io/${{ github.repository_owner }}/charts
diff --git a/.github/workflows/test_sast.yml b/.github/workflows/test_sast.yml
@@ -0,0 +1,23 @@
+name: Test - SAST
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    env:
+      GO111MODULE: on
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./...
diff --git a/.github/workflows/test.yml → .github/workflows/test_unit.yml b/.github/workflows/test.yml → .github/workflows/test_unit.yml
@@ -1,25 +1,28 @@
-name: test
+name: Test - Unit
 
 on:
+  push:
   pull_request:
-    branches:
-      - main
+
+permissions:
+  contents: read
 
 jobs:
   test_go:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version-file: 'go.mod'
+          go-version-file: go.mod
 
       - name: Test
         run: |
           go mod download
           go install github.com/matryer/[email protected]
           go generate ./...
-          go test --race --coverprofile cover.out -v ./...
+          go test --race --coverprofile cover.out -v ./...
diff --git a/.goreleaser-ci.yaml b/.goreleaser-ci.yaml
@@ -0,0 +1,26 @@
+project_name: sparrow
+snapshot:
+  name_template: "commit-{{ .ShortCommit }}"
+builds:
+  - env: [CGO_ENABLED=0]
+    ldflags:
+      - -s -w -X main.version={{ .Version }}
+      - -extldflags "-static"
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+dockers:
+  - image_templates:
+      - "ghcr.io/caas-team/sparrow:{{ .Version }}"
+    dockerfile: Dockerfile
+    build_flag_templates:
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.description="This is a pre-release version. Do not use this in production!"
+      - --label=org.opencontainers.image.url=https://caas.telekom.de
+      - --label=org.opencontainers.image.source=https://github.com/caas-team/sparrow
+      - --label=org.opencontainers.image.version={{ .Version }}
+      - --label=org.opencontainers.image.created={{ .Timestamp }}
+      - --label=org.opencontainers.image.revision={{ .FullCommit }}
+      - --label=org.opencontainers.image.licenses="Apache 2.0"
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,37 @@
+project_name: sparrow
+builds:
+  - env: [CGO_ENABLED=0]
+    ldflags:
+      - -s -w -X main.version={{ .Tag }}
+      - -extldflags "-static"
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+dockers:
+  - image_templates:
+      - "ghcr.io/caas-team/sparrow:latest"
+      - "ghcr.io/caas-team/sparrow:{{ .Tag }}"
+      - "ghcr.io/caas-team/sparrow:v{{ .Major }}.{{ .Minor }}"
+      - "ghcr.io/caas-team/sparrow:v{{ .Major }}"
+    dockerfile: Dockerfile
+    build_flag_templates:
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.description={{ .ProjectName }}
+      - --label=org.opencontainers.image.url=https://caas.telekom.de
+      - --label=org.opencontainers.image.source=https://github.com/caas-team/sparrow
+      - --label=org.opencontainers.image.version={{ .Version }}
+      - --label=org.opencontainers.image.created={{ .Timestamp }}
+      - --label=org.opencontainers.image.revision={{ .FullCommit }}
+      - --label=org.opencontainers.image.licenses="Apache 2.0"
+nfpms:
+  - maintainer: CaaS <[email protected]>
+    description: |-
+      Monitoring tool to gather infrastructure network information
+    homepage: https://github.com/caas-team
+    license: Apache 2.0
+    formats:
+      - deb
+      - rpm
+      - apk
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,5 +8,20 @@ repos:
       - id: go-fumpt-repo
         args: [-l, -w]
       - id: golangci-lint-repo-mod
-        # concurrency 1 is needed in case your machine can't handle the golangci
         args: [--config, .golangci.yaml, --, --fix]
+  - repo: local
+    hooks:
+      - id: go-generate-repo
+        name: go generate
+        entry: go
+        args: [generate, ./...]
+        language: system
+        types: [go]
+        pass_filenames: false
+        always_run: true
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: "v1.11.3"
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=chart
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -10,7 +10,9 @@
       "args": [
         "run",
         "--config",
-        ".vscode/config/local.config.yaml"
+        "config.yaml",
+        "--apiAddress",
+        ":9090"
       ]
     },
     {

diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1 +1 @@
-* @y-eight @NiklasTreml @puffitos @nico151999 @lvlcn-t
+* @y-eight @NiklasTreml @puffitos @nico151999 @lvlcn-t @eumel8
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,19 @@
+FROM alpine:3.18 as prep
+
+RUN apk add --no-cache ca-certificates
+RUN adduser \
+    --disabled-password \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid 65532 \
+    sparrow
+
+
+FROM scratch
+COPY --from=prep /etc/passwd /etc/passwd
+COPY --from=prep /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY sparrow ./
+
+USER sparrow
+
+ENTRYPOINT ["/sparrow", "run"]
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		* @y-eight @NiklasTreml @puffitos @nico151999 @lvlcn-t
		* @y-eight @NiklasTreml @puffitos @nico151999 @lvlcn-t @eumel8