diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..59bc948 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,30 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' + +template: | + ## General Changes + + $CHANGES + +categories: +- title: '🚀 Features' + labels: + - 'feature' + - 'enhancement' +- title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + patch: + labels: + - 'patch' + default: patch diff --git a/.github/workflows/latest.yaml b/.github/workflows/latest.yaml index fbd422d..ebbc0e1 100644 --- a/.github/workflows/latest.yaml +++ b/.github/workflows/latest.yaml @@ -11,12 +11,25 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 + + - name: Docker Login + uses: docker/login-action@v1 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + - name: Lint - uses: actions-contrib/golangci-lint@master + uses: golangci/golangci-lint-action@v2 with: - args: run + version: v1.32.2 + args: -p bugs + - name: Build and push Docker image run: | - docker login -u mreiger -p ${{ secrets.DOCKER_HUB_TOKEN }} - docker build -t mreiger/audit-forwarder . - docker push mreiger/audit-forwarder + docker build -t ghcr.io/metal-stack/audit-forwarder . + docker push ghcr.io/metal-stack/audit-forwarder + + - uses: release-drafter/release-drafter@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 4752785..7cf92f7 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -11,13 +11,31 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 + + - name: Figure out if running fork PR + id: fork + run: '["${{ secrets.DOCKER_REGISTRY_TOKEN }}" == ""] && echo "::set-output name=is_fork_pr::true" || echo "::set-output name=is_fork_pr::false"' + + - name: Docker Login + uses: docker/login-action@v1 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + if: steps.fork.outputs.is_fork_pr == 'false' + - name: Lint - uses: actions-contrib/golangci-lint@master + uses: golangci/golangci-lint-action@v2 with: - args: run - - name: Build and push Docker image + version: v1.32.2 + args: -p bugs + + - name: Build Docker image + run: | + docker build -t ghcr.io/metal-stack/audit-forwarder:pr-${GITHUB_HEAD_REF##*/} . + + - name: Push Docker image run: | - docker login -u mreiger -p ${{ secrets.DOCKER_HUB_TOKEN }} # pull request images are prefixed with 'pr' to prevent them from overriding released images - docker build -t mreiger/audit-forwarder:pr-${GITHUB_HEAD_REF##*/} . - docker push mreiger/audit-forwarder:pr-${GITHUB_HEAD_REF##*/} + docker push ghcr.io/metal-stack/audit-forwarder:pr-${GITHUB_HEAD_REF##*/} + if: steps.fork.outputs.is_fork_pr == 'false' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index af0623a..b04b39d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,9 +1,9 @@ name: Build image from release tag on: - push: - tags: - - "v*" + release: + types: + - published jobs: build: @@ -11,12 +11,21 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 + + - name: Docker Login + uses: docker/login-action@v1 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + - name: Lint - uses: actions-contrib/golangci-lint@master + uses: golangci/golangci-lint-action@v2 with: - args: run + version: v1.32.2 + args: -p bugs + - name: Build and push Docker image run: | - docker login -u mreiger -p ${{ secrets.DOCKER_HUB_TOKEN }} - docker build -t mreiger/audit-forwarder:${GITHUB_REF##*/} . - docker push mreiger/audit-forwarder:${GITHUB_REF##*/} + docker build -t ghcr.io/metal-stack/audit-forwarder:${GITHUB_REF##*/} . + docker push ghcr.io/metal-stack/audit-forwarder:${GITHUB_REF##*/} diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..3ed68b3 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @metal-stack/metal-api-maintainers \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..63418fe --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,3 @@ +# Contributing + +Please check out the [contributing section](https://docs.metal-stack.io/stable/development/contributing/) in our [docs](https://docs.metal-stack.io/). \ No newline at end of file diff --git a/main.go b/main.go index 224f873..f913c54 100644 --- a/main.go +++ b/main.go @@ -483,9 +483,9 @@ func checkSecret(opts *Opts, client *k8s.Clientset) error { } f := path.Join(opts.TLSBaseDir, k) logger.Debugw("Writing certificate to file", k, f) - err := ioutil.WriteFile(f, v, 0640) + err := ioutil.WriteFile(f, v, 0600) if err != nil { - return fmt.Errorf("could not write secret to certificate base folder:%v", err) + return fmt.Errorf("could not write secret to certificate base folder:%w", err) } }