diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..05624b6 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,47 @@ +name: Create and publish a Docker image +on: + push: + tags: + - '**' + workflow_dispatch: + pull_request: + branches: + - main + + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + name: Build and Push + + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.1.1 + with: + images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" + + - name: Build and push Docker image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..cff7548 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,34 @@ +name: Pull request +on: + pull_request: + branches: + - main + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: golangci-lint + uses: golangci/golangci-lint-action@v4 + with: + version: v1.55.2 + + test: + name: Unit Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version-file: 'go.mod' + - name: Install dependencies + run: go mod download + - name: Run Tests + run: go test -cover `go list ./... | grep -v 'pkg/client'` diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..204d974 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,30 @@ +FROM golang:1.22-alpine3.19 as builder + +RUN apk update && \ + apk add bash jq alpine-sdk sed gawk git ca-certificates curl && \ + apk add --no-cache gcc musl-dev + +# WORKDIR /go/src/ + +# get dependencies +COPY go.mod go.sum ./ +RUN go mod download + +# copy code +COPY . . + +# Build project +RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o /radix-oauth-guard + +RUN addgroup -S -g 1000 guard +RUN adduser -S -u 1000 -G guard guard + +FROM scratch + +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /etc/passwd /etc/passwd +COPY --from=builder /radix-oauth-guard /radix-oauth-guard + +EXPOSE 8000 +USER 1000 +ENTRYPOINT ["/radix-oauth-guard"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..073d00a --- /dev/null +++ b/Makefile @@ -0,0 +1,29 @@ +DOCKER_REGISTRY=radixdev.azurecr.io +VERSION=latest +BRANCH := $(shell git rev-parse --abbrev-ref HEAD) +IMAGE_NAME=$(DOCKER_REGISTRY)/radix-oauth-guard:$(BRANCH)-$(VERSION) + +.PHONY: build +build: + docker build -t $(IMAGE_NAME) . + +.PHONY: push +push: + az acr login -n $(DOCKER_REGISTRY) + docker push $(IMAGE_NAME) + +.PHONY: test +test: + go test -cover `go list ./... | grep -v 'pkg/client'` + +.PHONY: lint +lint: bootstrap + golangci-lint run --max-same-issues 0 + + +HAS_GOLANGCI_LINT := $(shell command -v golangci-lint;) + +bootstrap: +ifndef HAS_GOLANGCI_LINT + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2 +endif diff --git a/auth.go b/auth.go index df249a7..f221ff6 100644 --- a/auth.go +++ b/auth.go @@ -55,7 +55,6 @@ func AuthHandler(subjects []string, verifier Verifier) http.Handler { w.WriteHeader(http.StatusOK) _, _ = w.Write([]byte("OK")) log.Info().Dur("latency", time.Since(t)).Int("status", http.StatusOK).Str("sub", subject).Msg("Authorized") - return }) }