Initial commit

Signed-off-by: Dentrax <[email protected]>

.github/workflows/certs/cocert.pub

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAnGt2ksIcVCDCxaF1TpJMTjhvwgSk
+39O1COufymnb99jJ7YT0SIbeNuzn9OtUceShJHPq911DzAfEcjsWQB8QzK4BdYbS
+GGDD1A+07V8jCes9iXSPU8LT3iN11er2X9wqkg0WawVfAvI1oo4bP0KEwiTuuMxA
+nde7+i9mzNuAy/De0HM=
+-----END PUBLIC KEY-----

.github/workflows/certs/cocert0.key

@@ -0,0 +1,23 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6
+OCwicCI6MX0sInNhbHQiOiI5ZEN5QUl4YjFxaEpnRTRNUDdUTjhuNmsvMHRFbmRo
+Mjd6eXdNNGx4TDdVPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94
+Iiwibm9uY2UiOiI5VVA5ZVhSRlk3aUZUYVBBTVM1SEZzMnVsVmE5bnByUSJ9LCJj
+aXBoZXJ0ZXh0IjoibUhZUE1rR3J4bTM5SmdZNDJKRWlTdGFTOXJ6YjZHVjVwcXBo
+R1BuRytXQTkwUHN0cHE2Q2V4d0NXTlN2NVRrMHQ2OEtlQjcyUzA0ODFuc29JUUQw
+ZDN4K0dxMEhWZjJrVzIxc1U5V043RmgzeVNOeVo0bGlxUmE1RHFBT2E1L3JpWDZi
+SXZDRmdEUHU5TTAveEJxRGs4Ym9IU2d1WlFQSEZaNjkrTWdPZmxFYkZkOC8zNzhP
+Sy95aVJ2S2Vwb2lsZmRLOXpZblZLcmZMWE4yY29SeDdVYUVkUG5GVjAzR0w0b05m
+SDJCdHVyVGFhTjU0SFlHVFhHYzVNVWMxMlpJbkJycldHZXRReTZNQTNDN3FnTThh
+ZVB6RmVQZ2lNTmQwS1dLS0ZkMDVDaWZ1RVV1WUExYmQyQkV5MjJCN0t6TG5teElQ
+bHRvSGpTV3FkY1ZEMGZJdTFncUdUUSt0UWJxSDc0YnNUZDNPYkFJdWJudnNMOGZF
+R1l6VnpsSm96cFN3bXhUMFhOMS8xb29oMlp3SEJpcnRnUkZ1azBEYW5nZlVBZjA5
+R29CWVZQbjJ5Q0tuME50ekJSKzV5UTR3QVJCd25KRW96R3VpWk5DWjh4Vi9CaC95
+Q2k1N1pHSjlhQ2xnUEFXaDFSNy9FWGtDM1RIQU14NzFsYnlSZ1hPN2oyV2xBZEpP
+cGVVQ3RuZFZZQWYrWGtRcnRqNzlQVE5VZ0k1NDVOL0VFaU9hV1k3UHJybXVHWS9a
+cWVraFc2d2YzeVFEY0xQRFRLejYrRDJWeUFNVUlIbG12L21teEo4VTNiZFpmZTBp
+aFpoR25xZ2JCTGRvU3g3ZlJ5RWFCK2FUV0xsUEluRzNwajFRdWh4ajY1NFJ5UjFB
+OCtCYnJwRU52cHQzTUVGWDVWYmxVdlhRN3FtVVgyUGVzWnB5M0JxMTJ6bHN6elZZ
+M1pSOHkvdjF0OElTc05MV1IxdVN4UGNUR3pBRm5ORW9mOUxtWXlaUXlDRlg4MUQ5
+In0=
+-----END ENCRYPTED PRIVATE KEY-----

.github/workflows/certs/cocert1.key

@@ -0,0 +1,23 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6
+OCwicCI6MX0sInNhbHQiOiJRemZ1NVB2SU8xTmV3NW9Nb2J1VUFxSitBRXV0aVNQ
+TVhGRGRDaFhWNUVrPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94
+Iiwibm9uY2UiOiJwNjR1VDcyVHY4MjkzOFB3V3hqWkRwY0pCTjROZVRWNCJ9LCJj
+aXBoZXJ0ZXh0IjoicHZaaGNBRVMvdmJ6RzR4RFBHZDZoYm5GVktKbkQyN0tpeVlN
+ekZRWDUrTkpyY2tDMHhuR1RraWMyRGh2Z0RzUFZndE1CNWtpYUtwYlhzTkZmYXN2
+YWdMMzdnY1c0azhOdlA5VElUWHJBV0wyN052Q3dWUm5HTExyeGFHOTJYT01PV1ZU
+aXVKRkVJQmE5RjZOUWN0R0c2RzA5NENxdE9jYW1Yd3ZuYUFNUHVJWmZ3V2xoNmV0
+N29vZnF4K0cwMkdPbDlvalo1dm1BNTBZaEpPRVkvTFRKNHJWanZCVDZRREU2TzJ5
+QXBKb0E0WGJKMW42RzdheGNxdENOeEtrbXN6c3lVVW5tV2RkVG5pRERyV1Nqb2Ju
+YXZ5eFVhd2wvaVgrUUZUdnJQMHJyQ2R6QjMwVEVQOSt3bHdZTjdQQ1dBcFZVVGtV
+S2dHZk9DaEdVN1ZDSFp0VlVyWklNUEhtb2ZmeEx2WnA4ZlEvRTlSbjBjUy83UnJF
+TVZWR1psdmRtWG5YN1pMS0JYQUo3azVjaTVnQlA0b2FodS9abFFCYTVWTFVmZVJP
+MTBvdWpUSWxsU0FZSXQ0K3E1Y2gzMjlzUmsvZThoODhPbDFzL2Fsbm9Pd01CL0ZT
+QUV2TTNsQmVqMTBNck9hblZzc3dtTzU0NzFFUUVGbjI2NHh4RG9ZNHdBanBEN21I
+dHM2VUtna1N1eG9WakM1dHdpVzJsOTBnN3A2VitIK2Z2cUxlOGY3WDlXNlVDNWtS
+aU1JekF5OWxocUJuL2ttTXVib1lETWZvZFlUSm11SGF3NlpIQnNoNGFQWVFVT0Uy
+MkZvZExhS1l4VVdQcXQ5RENBNitPUlhIenc1d3V2VEhMZFZYVWgxb0h4WU5pb3g3
+Ty9oMGdyMWNpRW5wZHZEVXVMZDVPZ0hRbjg2RG4wd1NaRWNQMFc5a3pVNVNNbnpM
+VDU2UjF5UTFUSHhWa3k2SDRBMExxQ0dYa3RkUG5UTjVKWW1nQnNnR3ZjUVJZVjdW
+In0=
+-----END ENCRYPTED PRIVATE KEY-----

.github/workflows/publish.yml

@@ -0,0 +1,70 @@
+# Copyright (c) 2021 Furkan Türkal
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+name: Publish
+
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+*"
+  workflow_run:
+    workflows: [ "Release" ]
+    branches: [ main ]
+    types:
+      - completed
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Get TAG
+        id: get_tag
+        run: echo ::set-output name=TAG::${GITHUB_REF#refs/tags/}
+      - uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v0.4.0'
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '1.16.3'
+      - name: Install ko
+        run: |
+          curl -L https://github.com/google/ko/releases/download/v0.8.2/ko_0.8.2_Linux_x86_64.tar.gz | tar xzf - ko && \
+          chmod +x ./ko && sudo mv ko /usr/local/bin/
+      - name: Login to Docker Registry
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          registry: ghcr.io
+      - name: Sign & Publish
+        run: |
+          set -x
+
+          curl https://gist.githubusercontent.com/Dentrax/ea76daab84bcd90953397b31f12a28f3/raw/4d307796d7b9c94b6e99f26afdbddce879a7fe0b/cocert2.key -o cocert2.key
+
+          echo -n "${{secrets.PASSWORD_COCERT_KEY0}}" | go run . decrypt -f .github/workflows/certs/cocert0.key -o cocert0.key.decrypted
+          echo -n "${{secrets.PASSWORD_COCERT_KEY2}}" | go run . decrypt -f cocert2.key -o cocert2.key.decrypted
+          echo -n "${{secrets.PASSWORD_COCERT_MASTER}}" | go run . combine -F cocert0.key.decrypted -F cocert2.key.decrypted -o private.key -t "ENCRYPTED COSIGN PRIVATE KEY"
+
+          GIT_HASH=$(git rev-parse HEAD)
+          export KO_DOCKER_REPO=ghcr.io/dentrax/cocert
+
+          ko publish --bare ./
+          echo -n "${{secrets.PASSWORD_COCERT_MASTER}}" | cosign sign -key private.key -a GIT_HASH=$GIT_HASH $KO_DOCKER_REPO

.github/workflows/release.yml

@@ -0,0 +1,42 @@
+# Copyright (c) 2021 Furkan Türkal
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+name: Release
+
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+*"
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -0,0 +1,79 @@
+# Copyright (c) 2021 Furkan Türkal
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+name: Test
+
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+
+jobs:
+  Build:
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: [1.16.x]
+        platform: [ubuntu-latest]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Setup Go ${{ matrix.go }}
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Fetch Repository
+        uses: actions/checkout@v2
+      - name: Tidy
+        run: go mod tidy
+      - name: Build
+        run: go build -v .
+      - name: Test
+        run: go test ./... -v -race
+      - name: Setup Prerequisites
+        run: |
+          sudo npm install -g bats --force
+          sudo apt-get install expect
+      - name: E2E Test
+        run: pushd ./test; bats ./e2e.bats; popd
+
+  golangci:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: v1.39
+
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: go
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.gitignore

@@ -0,0 +1,25 @@
+### IDE
+.idea
+
+### Go
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+.DS_Store
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+vendor/
+
+*.cert
+
+cocert

.golangci.yml

@@ -0,0 +1,29 @@
+run:
+  concurrency: 4
+  timeout: 5m
+
+linters:
+  enable:
+    - asciicheck
+    - structcheck
+    - varcheck
+    - staticcheck
+    - stylecheck
+    - prealloc
+    - gofmt
+    - goimports
+    - golint
+    - gosec
+    - ineffassign
+    - vet
+    - unused
+    - unparam
+    - unconvert
+    - misspell
+    - revive
+
+issues:
+  exclude-rules:
+    - path: test
+      linters:
+        - gosec

.ko.yaml

@@ -0,0 +1,20 @@
+# Copyright (c) 2021 Furkan Türkal
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+defaultBaseImage: gcr.io/distroless/static:nonroot