Skip to content

Commit

Permalink
feat: Init project
Browse files Browse the repository at this point in the history
  • Loading branch information
@NoUseFreak
NoUseFreak committed Dec 12, 2022
0 parents commit 2994a9d
Show file tree
Hide file tree
Showing 104 changed files with 42,558 additions and 0 deletions.
37 changes: 37 additions & 0 deletions .air.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
root = "."
testdata_dir = "testdata"
tmp_dir = "tmp"

[build]
args_bin = []
bin = ";export $(grep -v '^#' .env | xargs); ./tmp/main server"
cmd = "go build -o ./tmp/main ./cmd/ledger/"
delay = 1000
exclude_dir = ["assets", "tmp", "vendor", "testdata", "ui"]
exclude_file = []
exclude_regex = ["_test.go"]
exclude_unchanged = false
follow_symlink = false
full_bin = ""
include_dir = []
include_ext = ["go", "tpl", "tmpl", "html"]
kill_delay = "0s"
log = "build-errors.log"
send_interrupt = false
stop_on_error = true

[color]
app = ""
build = "yellow"
main = "magenta"
runner = "green"
watcher = "cyan"

[log]
time = false

[misc]
clean_on_exit = false

[screen]
clear_on_rebuild = false
8 changes: 8 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
ui/node_modules
data
build
tmp
Makefile
.env
docs
charts
2 changes: 2 additions & 0 deletions .env
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
OIDC_ISSUER_URL=https://auth.dev.stenic.io/auth/realms/dev
OIDC_CLIENT_ID=ledger
7 changes: 7 additions & 0 deletions .github/ct.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
chart-dirs:
- charts
remote: origin
target-branch: main
check-version-increment: false
chart-repos:
- bitnami=https://charts.bitnami.com/bitnami
126 changes: 126 additions & 0 deletions .github/kubescape-controls-inputs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
{
"cpu_limit_max": [],
"cpu_limit_min": [],
"cpu_request_max": [],
"cpu_request_min": [],
"imageRepositoryAllowList": [
"ghcr.io"
],
"insecureCapabilities": [
"SETPCAP",
"NET_ADMIN",
"NET_RAW",
"SYS_MODULE",
"SYS_RAWIO",
"SYS_PTRACE",
"SYS_ADMIN",
"SYS_BOOT",
"MAC_OVERRIDE",
"MAC_ADMIN",
"PERFMON",
"ALL",
"BPF"
],
"k8sRecommendedLabels": [
"app.kubernetes.io/name",
"app.kubernetes.io/instance",
"app.kubernetes.io/version",
"app.kubernetes.io/component",
"app.kubernetes.io/part-of",
"app.kubernetes.io/managed-by",
"app.kubernetes.io/created-by"
],
"listOfDangerousArtifcats": [
"bin/bash",
"sbin/sh",
"bin/ksh",
"bin/tcsh",
"bin/zsh",
"usr/bin/scsh",
"bin/csh",
"bin/busybox",
"usr/bin/busybox"
],
"max_critical_vulnerabilities": [
"5"
],
"max_high_vulnerabilities": [
"10"
],
"memory_limit_max": [],
"memory_limit_min": [],
"memory_request_max": [],
"memory_request_min": [],
"publicRegistries": [
"quay.io",
"registry.hub.docker.com"
],
"recommendedLabels": [
"app",
"tier",
"phase",
"version",
"owner",
"env"
],
"sensitiveInterfaces": [
"nifi",
"argo-server",
"weave-scope-app",
"kubeflow",
"kubernetes-dashboard"
],
"sensitiveKeyNames": [
"aws_access_key_id",
"aws_secret_access_key",
"azure_batchai_storage_account",
"azure_batchai_storage_key",
"azure_batch_account",
"azure_batch_key",
"secret",
"key",
"password",
"pwd",
"token",
"jwt",
"bearer",
"credential"
],
"sensitiveValues": [
"BEGIN \\w+ PRIVATE KEY",
"PRIVATE KEY",
"eyJhbGciO",
"JWT",
"Bearer"
],
"sensitiveValuesAllowed": [],
"servicesNames": [
"nifi-service",
"argo-server",
"minio",
"postgres",
"workflow-controller-metrics",
"weave-scope-app",
"kubernetes-dashboard"
],
"untrustedRegistries": [],
"wlKnownNames": [
"coredns",
"kube-proxy",
"event-exporter-gke",
"kube-dns",
"17-default-backend",
"metrics-server",
"ca-audit",
"ca-dashboard-aggregator",
"ca-notification-server",
"ca-ocimage",
"ca-oracle",
"ca-posture",
"ca-rbac",
"ca-vuln-scan",
"ca-webhook",
"ca-websocket",
"clair-clair"
]
}
17 changes: 17 additions & 0 deletions .github/stale.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
daysUntilStale: 30
daysUntilClose: 14
onlyLabels: []
exemptLabels:
- pinned
- security

exemptProjects: false
exemptMilestones: true
exemptAssignees: false
staleLabel: stale

markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.
limitPerRun: 30
101 changes: 101 additions & 0 deletions .github/workflows/chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
name: Chart
on:
pull_request:
branches:
- 'main'
push:
branches:
- 'main'

jobs:
chart-testing:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.7.1

- uses: actions/setup-python@v4
with:
python-version: 3.7

- name: Set up chart-testing
uses: helm/[email protected]

- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct --config .github/ct.yaml list-changed)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
fi
- name: Run chart-testing (lint)
run: ct --config .github/ct.yaml lint

polaris-audit:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.7.1

- name: Setup polaris
uses: fairwindsops/polaris/.github/actions/setup-polaris@master
with:
version: 7.2.0

- name: Run audit
run: |
(cd ./charts && ../polaris/polaris audit --helm-chart ledger --helm-values ./ledger/values.yaml --format pretty --set-exit-code-on-danger --set-exit-code-below-score 90)
kubescape-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Install Kubescape
run: curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash

- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.7.1

- name: Scan helm
run: helm template ./charts/ledger --generate-name --dry-run | kubescape scan --controls-config .github/kubescape-controls-inputs.json -v --fail-threshold 5 -

pluto-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.7.1

- name: Download Pluto
uses: FairwindsOps/pluto/github-action@master

- name: Use pluto
run: |
helm template ./charts/ledger -f ./charts/ledger/ci/pluto-values.yaml | pluto detect - --ignore-deprecations
16 changes: 16 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Release
on:
push:
branches:
- 'main'

jobs:
release:
name: Release
uses: stenic/github-workflows/.github/workflows/release-docker-helm.yaml@main
with:
docker_image: "ghcr.io/${{ github.repository }}"
docker_platforms: linux/amd64
chart_path: './charts/ledger'
secrets:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
24 changes: 24 additions & 0 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Build

on:
pull_request:
branches:
- 'main'
push:
branches:
- 'main'

jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Build
uses: docker/build-push-action@v3
with:
push: false
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
/data
/tmp
local-values.yaml
Chart.lock
Loading

0 comments on commit 2994a9d

Please sign in to comment.