Merge pull request #46 from intelops/cobra-cli

Enhancements to Genval
intelops · Apr 5, 2024 · 4240af9 · 4240af9
2 parents a82b158 + d4186d6
commit 4240af9
Show file tree

Hide file tree

Showing 1,536 changed files with 3,634 additions and 271,142 deletions.
diff --git a/.ci.yml b/.ci.yml
@@ -9,7 +9,7 @@ linters:
   enable:
     - errcheck
     - gosimple
-    - govet 
+    - govet
     - ineffassign
     - staticcheck
     - unused

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -31,7 +31,7 @@ jobs:
           args: -v --config=.ci.yml
           skip-pkg-cache: true
           skip-build-cache: true
-          
+
       - name: Static check
         uses: dominikh/staticcheck-action@v1.3.0
         with:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -8,7 +8,7 @@ name: release
 on:
   push:
     tags:
-      - 'v*'  # Run pn Push tag 
+      - 'v*'  # Run pn Push tag
 
 permissions:
    contents: write # needed to write releases
@@ -28,8 +28,8 @@ jobs:
           cache: true
       - name: Run tests
         run: go test ./... -coverprofile=coverage.out -coverpkg=./... -covermode=atomic
-        
-      - uses: sigstore/cosign-installer@v3.1.2         # installs cosign
+
+      - uses: sigstore/cosign-installer@v3.4.0        # installs cosign
       - uses: anchore/sbom-action/download-syft@v0.14.3 # installs syft
       - uses: goreleaser/goreleaser-action@v5          # run goreleaser
         id: goreleaser
@@ -41,17 +41,8 @@ jobs:
 
       - name: verify release
         run: |
-          COMMIT=$(git rev-list --tags --max-count=1)
-          TAG=$(git describe --tags ${COMMIT})
-          wget https://github.com/intelops/genval/releases/download/${TAG}/checksums.txt
-          cosign verify-blob \
-            --certificate-identity "https://github.com/intelops/genval/.github/workflows/release.yaml@refs/tags/${TAG}" \
-            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
-            --cert "https://github.com/intelops/genval/releases/download/${TAG}/checksums.txt.pem" \
-            --signature "https://github.com/intelops/genval/releases/download/${TAG}/checksums.txt.sig" \
-            ./checksums.txt
-          
- 
-
-
-
+          bash ./.github/workflows/verify.sh
+
+
+
+
diff --git a/.github/workflows/verify.sh b/.github/workflows/verify.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -ex
+
+archs=(
+    "darwin_amd64"
+    "darwin_arm64"
+    "linux_amd64"
+    "linux_arm64"
+    "windows_amd64"
+    "windows_arm64"
+)
+COMMIT=$(git rev-list --tags --max-count=1)
+version=$(git describe --tags ${COMMIT})
+version="${version#v}"
+
+for arch in "${archs[@]}"; do
+    # Define the base URL for the release files
+    base_url="https://github.com/santoshkal/genval-fork/releases/download/v${version}/genval_${version}_${arch}.tar.gz"
+
+    # Download the main release file
+    curl -L -O "${base_url}" >/dev/null 2>&1
+
+    # Download the signature file
+    curl -L -O "${base_url}.sig" >/dev/null 2>&1
+
+    # Download the certificate file
+    curl -L -O "${base_url}.crt" >/dev/null 2>&1
+
+    # Verify the downloaded file using cosign
+    cosign verify-blob \
+        --signature "genval_${version}_${arch}.tar.gz.sig" \
+        --certificate "genval_${version}_${arch}.tar.gz.crt" \
+        --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
+        --certificate-identity "https://github.com/intelops/genval/.github/workflows/release.yaml@refs/tags/v${version}" \
+        "genval_${version}_${arch}.tar.gz" >/dev/null 2>&1
+
+    # Check if verification was successful
+    if [ $? -eq 0 ]; then
+        echo "Verification successful for genval_${version}_${arch}.tar.gz."
+    else
+        echo "Error verifying genval_${version}_${arch}.tar.gz. Exiting."
+        exit 1
+    fi
+done
diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,8 @@ input.yaml
 input.json
 input_dockerfile.json
 /output
-Dockerfile*
+Dockerfile*
+genval
+cosign
+.idea
+
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -25,12 +25,7 @@ checksum:
 source:
   enabled: true
 
-sboms:
-  - artifacts: archive
-  - id: source # Two different sbom configurations need two different IDs
-    artifacts: source
-
-# signs the checksum file
+# signs the artifacts
 signs:
 - cmd: cosign
   certificate: '${artifact}.pem'
@@ -39,7 +34,8 @@ signs:
     - '--output-certificate=${certificate}'
     - '--output-signature=${signature}'
     - '${artifact}'
-    - "--yes" 
-  artifacts: checksum
+    - "--yes"
+  # artifacts: checksum
+  artifacts: all
   output: true
 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -45,72 +45,26 @@ repos:
   rev: v1.0.3
   hooks:
   # Formats Go code
-  # - id: gofumpt # requires gofumpt to be installed from github.com/mvdan/gofumpt
-  #   name: Go formatter
-  #   description: Runs a strict Go formatter
+  - id: gofumpt # requires gofumpt to be installed from github.com/mvdan/gofumpt
+    name: Go formatter
+    description: Runs a strict Go formatter
   - id: go-fmt-import
     name: Go formatter
     description: Go formatter with fmt and imports
   # Runs Unit tests
   - id: go-unit-tests
     name: Run Unit tests
-    desription: Runs all the unit tests in the repo
+    description: Runs all the unit tests in the repo
     # Runs static analysis of the Go code
   - id: go-static-check
     name: Go Static Check
     description: Finds bugs and performance issues
 
-# Local hooks
-
-# Check for Dockerfile in a project
-- repo: local
-  hooks:
-  - name: Check Dockerfile
-    id: check-dockerfile-sh
-    entry: bash
-    args:
-    - -c
-    - |
-        check_dockerfile() {
-        if [[ $1 == *"Dockerfile"* ]]; then
-              base_image=$(grep '^FROM' "$1" | awk '{print $2}')
-            if [[ $base_image != cgr.dev/chianguard* ]]; then
-                echo "Error: Base image in $1 is not from cgr.dev/chianguard"
-                return 1
-            fi
-        fi
-        return 0
-        }
-
-        export -f check_dockerfile
-
-        if find . -type f -exec bash -c 'check_dockerfile "$0"' {} \; | grep -q 'Error'; then
-          echo "Commit failed due to non-compliant Dockerfile(s)."
-          exit 1
-        fi
-
-        echo "All Dockerfiles are compliant."
-        exit 0
-    language: system
-    pass_filenames: false
+# Intelops Hooks
 
-# Check commit signed by gitsign
-- repo: local
+- repo: https://github.com/intelops/gitrepos-templates-policies
+  rev: v0.0.1
   hooks:
-  - name: Check GitSign
-    id: check-gitsign-sh
-    entry: bash
-    args:
-    - -c
-    - |
-        latest_commit=$(git rev-parse HEAD)
-        signed_commit=$(git verify-commit $latest_commit 2>&1)
-        if [[ $signed_commit == *"Validated Git signature: true"* ]]; then
-            echo "Latest commit is signed with gitsign."
-            exit 0
-        else
-            echo "WARNING: The latest commit is not signed with gitsign."
-        fi
-        exit 1
-    language: system
-    pass_filenames: false
+  - id: check-gitsign
+    name: Check gitsign
+    description: Check if the last commit is signed with Sigstore gitsign
diff --git a/CONTRIBUTION.md b/CONTRIBUTION.md
@@ -22,7 +22,7 @@ Please follow these steps and note these guidelines to begin contributing:
 ## Set up your Local Development Environment
 
 Make sure you have built the [application from source](./README.md/#build-from-source) on your operating system before you start contributing:
- 
+
 Clone the Genval repository:
 
 ```shell
@@ -114,7 +114,7 @@ package tekton
 
 import "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 
-#Pipeline: v1beta1.#Pipeline & { 
+#Pipeline: v1beta1.#Pipeline & {
 	apiVersion: string | *"tekton.dev/v1beta1"
 	kind:       string | *"Pipeline"
     ...

diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@ test: ## Run full test suite
 testfunc: ## Runs test on a specific function specified in the arg.| Example usage `make testfunc validateInput`
 	@echo "Running specific test function..."
 	@$(GOTEST) $(TESTFLAGS) -run $(filter-out $@,$(MAKECMDGOALS)) $(PKGS)
-	
+
 .PHONY: test testfunc
 
 coverage: ## Generate and view the test coverage
@@ -40,4 +40,4 @@ lint: ## Run a linter on the codebase using golangci-lint.
 
 
 build: ## builds the GenVal app for defined OS/Arch by passing GOOS=$(GOOS) GOARCH=$GOARCH args.| Example usage `make build GOOS=linux GOARCH=amd64`
-	@GOOS=$(GOOS) GOARCH=$(GOARCH) go build -ldflags="-X main.Version=$(shell git describe --tags --abbrev=0)" -o genval ./cmd
+	@GOOS=$(GOOS) GOARCH=$(GOARCH) go build -ldflags="-X main.Version=$(shell git describe --tags --abbrev=0)" -o ./bin/genval .