From 524321dacd61d4d7633ac49b11db19c67df0a878 Mon Sep 17 00:00:00 2001 From: Kai Hendry Date: Tue, 1 Aug 2023 10:23:43 +0100 Subject: [PATCH 1/7] refactor: fetch token programmatically --- Makefile | 28 ++++++++++++++++++++++++++++ README.md | 14 ++++++-------- scripts/generate-tls-cert.sh | 16 ---------------- scripts/get-ca-cert.sh | 11 +---------- scripts/run.sh | 35 +++++------------------------------ 5 files changed, 40 insertions(+), 64 deletions(-) create mode 100644 Makefile delete mode 100755 scripts/generate-tls-cert.sh diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c6888c5 --- /dev/null +++ b/Makefile @@ -0,0 +1,28 @@ +cert_dir := config/certificates + +# Temporary file for process substitution +temp_file := $(cert_dir)/temp.ext + +csms.key: + openssl ecparam -name prime256v1 -genkey -noout -out $(cert_dir)/csms.key + +csms.csr: csms.key + openssl req -new -nodes -key $(cert_dir)/csms.key \ + -subj "/CN=CSMS/O=Thoughtworks" \ + -addext "subjectAltName = DNS:localhost, DNS:gateway, DNS:lb" \ + -out $(cert_dir)/csms.csr + +csms.pem: csms.csr + echo "basicConstraints = critical, CA:false" > $(temp_file) + echo "keyUsage = critical, digitalSignature, keyEncipherment" >> $(temp_file) + echo "subjectAltName = DNS:localhost, DNS:gateway, DNS:lb" >> $(temp_file) + openssl x509 -req -in $(cert_dir)/csms.csr \ + -out $(cert_dir)/csms.pem \ + -signkey $(cert_dir)/csms.key \ + -days 365 \ + -extfile $(temp_file) + rm -f $(temp_file) + +.PHONY: clean +clean: + rm -f $(cert_dir)/* diff --git a/README.md b/README.md index 22245a3..ff71075 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ MaEVe is an EV charge station management system (CSMS). It began life as a simpl implementing ISO-15118-2 Plug and Charge (PnC) functionality and remains a work in progress. It is hoped that over time it will become more complete, but already provides a useful basis for experimentation. -The system currently integrates with [Hubject](https://hubject.stoplight.io/) for PnC functionality. +The system currently integrates with [Hubject](https://hubject.stoplight.io/) for PnC functionality. ## Table of Contents - [Documentation](#documentation) @@ -21,18 +21,16 @@ MaEVe is implemented in Go 1.20. Learn more about MaEVe and its existing compone ## Pre-requisites -MaEVe runs in a set of Docker containers. This means you need to have `docker`, `docker-compose` and a docker daemon (e.g. docker desktop, `colima` or `rancher`) installed and running. +MaEVe runs in a set of Docker containers. This means you need to have `docker`, `docker-compose` and a docker daemon (e.g. docker desktop, `colima` or `rancher`) installed and running. ## Getting started To get the system up and running: -1. Run the [./scripts/generate-tls-cert.sh](./scripts/generate-tls-cert.sh) script which will create a server -certificate for the CSMS -2. Run the [./scripts/get-ca-cert.sh](./scripts/get-ca-cert.sh) script with a token retrieved from -the [Hubject test environment](https://hubject.stoplight.io/docs/open-plugncharge/6bb8b3bc79c2e-authorization-token) +1. Run the [./scripts/get-ca-cert.sh](./scripts/get-ca-cert.sh) script with a token retrieved from +the [Hubject test environment](https://hubject.stoplight.io/docs/open-plugncharge/6bb8b3bc79c2e-authorization-token) to retrieve the V2G root certificate and CPO Sub CA certificates - remember to put your token argument within quotes -3. Run the [./scripts/run.sh](./scripts/run.sh) script with the same token to run all the required components - again, don't forget the quotes around the token +1. Run the [./scripts/run.sh](./scripts/run.sh) script with the same token to run all the required components - again, don't forget the quotes around the token Charge stations can connect to the CSMS using: * `ws://localhost/ws/` @@ -40,7 +38,7 @@ Charge stations can connect to the CSMS using: Charge stations can use either OCPP 1.6j or OCPP 2.0.1. -For TLS, the charge station should use a certificate provisioned using the +For TLS, the charge station should use a certificate provisioned using the [Hubject CPO EST service](https://hubject.stoplight.io/docs/open-plugncharge/486f0b8b3ded4-simple-enroll-iso-15118-2-and-iso-15118-20). A charge station must first be registered with the CSMS before it can be used. This can be done using the diff --git a/scripts/generate-tls-cert.sh b/scripts/generate-tls-cert.sh deleted file mode 100755 index 245533b..0000000 --- a/scripts/generate-tls-cert.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) - -openssl ecparam -name prime256v1 -genkey -noout -out "${script_dir}"/../config/certificates/csms.key -openssl req -new -nodes -key "${script_dir}"/../config/certificates/csms.key \ - -subj "/CN=CSMS/O=Thoughtworks" \ - -addext "subjectAltName = DNS:localhost, DNS:gateway, DNS:lb" \ - -out "${script_dir}"/../config/certificates/csms.csr -openssl x509 -req -in "${script_dir}"/../config/certificates/csms.csr \ - -out "${script_dir}"/../config/certificates/csms.pem \ - -signkey "${script_dir}"/../config/certificates/csms.key \ - -days 365 \ - -extfile <(printf "basicConstraints = critical, CA:false\n\ -keyUsage = critical, digitalSignature, keyEncipherment\n\ -subjectAltName = DNS:localhost, DNS:gateway, DNS:lb") diff --git a/scripts/get-ca-cert.sh b/scripts/get-ca-cert.sh index f6ca406..3227b1c 100755 --- a/scripts/get-ca-cert.sh +++ b/scripts/get-ca-cert.sh @@ -1,15 +1,6 @@ #!/usr/bin/env bash -BEARER_TOKEN="$1" -if [[ "$BEARER_TOKEN" == "" ]]; then - echo "You must provide a bearer token" - echo "Usage: get-ca-cert.sh " - echo " BEARER_TOKEN can be obtained from the Hubject test environment: " - echo " https://hubject.stoplight.io/docs/open-plugncharge/6bb8b3bc79c2e-authorization-token" - exit 1 -fi - -BEARER_TOKEN=${BEARER_TOKEN#"Bearer "} +BEARER_TOKEN=$(curl -s https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token | jq -r .data | sed -n '/Bearer/s/^.*Bearer //p') script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) diff --git a/scripts/run.sh b/scripts/run.sh index 49b5112..26cf959 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -1,34 +1,9 @@ #!/usr/bin/env bash -command_exists() { - command -v "$1" >/dev/null 2>&1 -} +BEARER_TOKEN=$(curl -s https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token | jq -r .data | sed -n '/Bearer/s/^.*Bearer //p') -CSO_OPCP_TOKEN="$1" -MO_OPCP_TOKEN="$2" -if [[ "$CSO_OPCP_TOKEN" == "" ]]; then - echo "You must provide a bearer token" - echo "Usage: run.sh " - echo " CSO_OPCP_TOKEN and MO_OPCP_TOKEN can be obtained from the Hubject test environment: " - echo " https://hubject.stoplight.io/docs/open-plugncharge/6bb8b3bc79c2e-authorization-token" - exit 1 -fi -CSO_OPCP_TOKEN=${CSO_OPCP_TOKEN#"Bearer "} -MO_OPCP_TOKEN=${MO_OPCP_TOKEN#"Bearer "} +# fall back to BEARER_TOKEN if no arg +CSO_OPCP_TOKEN="${1:-$BEARER_TOKEN}" +MO_OPCP_TOKEN="${2:-$BEARER_TOKEN}" -shift - -# Check if 'docker compose' is available (with space) -if command_exists "docker compose"; then - DOCKER_COMPOSE_CMD="docker compose" -else - # Check if 'docker-compose' is available - if command_exists docker-compose; then - DOCKER_COMPOSE_CMD="docker-compose" - else - echo "Error: Neither 'docker-compose' nor 'docker compose' is available. Please install Docker Compose." - exit 1 - fi -fi - -export MO_OPCP_TOKEN=$MO_OPCP_TOKEN; export CSO_OPCP_TOKEN=$CSO_OPCP_TOKEN;$DOCKER_COMPOSE_CMD up "${@:2}" +export MO_OPCP_TOKEN=$MO_OPCP_TOKEN; export CSO_OPCP_TOKEN=$CSO_OPCP_TOKEN;docker-compose up "${@:2}" --build From 93cae9187f3be7481354c0cb0ca7347dea1aab9f Mon Sep 17 00:00:00 2001 From: Kai Hendry Date: Tue, 1 Aug 2023 10:53:11 +0100 Subject: [PATCH 2/7] refactor: generate all certificates via a makefile and remove .gitignore so we can see them --- .gitignore | 351 ----------------------- README.md | 4 +- Makefile => config/certificates/Makefile | 23 +- 3 files changed, 14 insertions(+), 364 deletions(-) delete mode 100644 .gitignore rename Makefile => config/certificates/Makefile (54%) diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 9c9aa54..0000000 --- a/.gitignore +++ /dev/null @@ -1,351 +0,0 @@ -*.crt -*.key -.idea -config/certificates -pki -.vscode -data -go.work.sum - -# Created by https://www.toptal.com/developers/gitignore/api/goland+all,visualstudiocode,terraform,go,python -# Edit at https://www.toptal.com/developers/gitignore?templates=goland+all,visualstudiocode,terraform,go,python - -### Go ### -# If you prefer the allow list template instead of the deny list, see community template: -# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore -# -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib - -# Test binary, built with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Dependency directories (remove the comment below to include it) -# vendor/ - -# Go workspace file -go.work - -### GoLand+all ### -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# User-specific stuff -.idea/**/workspace.xml -.idea/**/tasks.xml -.idea/**/usage.statistics.xml -.idea/**/dictionaries -.idea/**/shelf - -# AWS User-specific -.idea/**/aws.xml - -# Generated files -.idea/**/contentModel.xml - -# Sensitive or high-churn files -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml -.idea/**/dbnavigator.xml - -# Gradle -.idea/**/gradle.xml -.idea/**/libraries - -# Gradle and Maven with auto-import -# When using Gradle or Maven with auto-import, you should exclude module files, -# since they will be recreated, and may cause churn. Uncomment if using -# auto-import. -.idea/artifacts -.idea/compiler.xml -.idea/jarRepositories.xml -.idea/modules.xml -.idea/*.iml -.idea/modules -*.iml -*.ipr - -# CMake -cmake-build-*/ - -# Mongo Explorer plugin -.idea/**/mongoSettings.xml - -# File-based project format -*.iws - -# IntelliJ -out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# SonarLint plugin -.idea/sonarlint/ - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -# Editor-based Rest Client -.idea/httpRequests - -# Android studio 3.1+ serialized cache file -.idea/caches/build_file_checksums.ser - -### GoLand+all Patch ### -# Ignore everything but code style settings and run configurations -# that are supposed to be shared within teams. - -.idea/* - -!.idea/codeStyles -!.idea/runConfigurations - -### Python ### -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ -cover/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -.pybuilder/ -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -# For a library or package, you might want to ignore these files since the code is -# intended to run in multiple environments; otherwise, check them in: -# .python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# poetry -# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. -# This is especially recommended for binary packages to ensure reproducibility, and is more -# commonly ignored for libraries. -# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control -#poetry.lock - -# pdm -# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. -#pdm.lock -# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it -# in version control. -# https://pdm.fming.dev/#use-with-ide -.pdm.toml - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# pytype static type analyzer -.pytype/ - -# Cython debug symbols -cython_debug/ - -# PyCharm -# JetBrains specific template is maintained in a separate JetBrains.gitignore that can -# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore -# and can be added to the global gitignore or merged into this file. For a more nuclear -# option (not recommended) you can uncomment the following to ignore the entire idea folder. -#.idea/ - -### Python Patch ### -# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration -poetry.toml - -# ruff -.ruff_cache/ - -# LSP config files -pyrightconfig.json - -### Terraform ### -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc - -### VisualStudioCode ### -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json -!.vscode/*.code-snippets - -# Local History for Visual Studio Code -.history/ - -# Built Visual Studio Code Extensions -*.vsix - -### VisualStudioCode Patch ### -# Ignore all local history of files -.history -.ionide - -# End of https://www.toptal.com/developers/gitignore/api/goland+all,visualstudiocode,terraform,go,python - diff --git a/README.md b/README.md index ff71075..e7fd92c 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,7 @@ MaEVe runs in a set of Docker containers. This means you need to have `docker`, To get the system up and running: -1. Run the [./scripts/get-ca-cert.sh](./scripts/get-ca-cert.sh) script with a token retrieved from -the [Hubject test environment](https://hubject.stoplight.io/docs/open-plugncharge/6bb8b3bc79c2e-authorization-token) -to retrieve the V2G root certificate and CPO Sub CA certificates - remember to put your token argument within quotes +1. `(cd config/certificates && make)` 1. Run the [./scripts/run.sh](./scripts/run.sh) script with the same token to run all the required components - again, don't forget the quotes around the token Charge stations can connect to the CSMS using: diff --git a/Makefile b/config/certificates/Makefile similarity index 54% rename from Makefile rename to config/certificates/Makefile index c6888c5..9005cd9 100644 --- a/Makefile +++ b/config/certificates/Makefile @@ -1,28 +1,31 @@ -cert_dir := config/certificates - # Temporary file for process substitution -temp_file := $(cert_dir)/temp.ext +temp_file := /tmp/temp.ext + +all: csms.pem cpo_sub_ca1.pem cpo_sub_ca2.pem root-V2G-cert.pem trust.pem csms.key: - openssl ecparam -name prime256v1 -genkey -noout -out $(cert_dir)/csms.key + openssl ecparam -name prime256v1 -genkey -noout -out csms.key csms.csr: csms.key - openssl req -new -nodes -key $(cert_dir)/csms.key \ + openssl req -new -nodes -key csms.key \ -subj "/CN=CSMS/O=Thoughtworks" \ -addext "subjectAltName = DNS:localhost, DNS:gateway, DNS:lb" \ - -out $(cert_dir)/csms.csr + -out csms.csr csms.pem: csms.csr echo "basicConstraints = critical, CA:false" > $(temp_file) echo "keyUsage = critical, digitalSignature, keyEncipherment" >> $(temp_file) echo "subjectAltName = DNS:localhost, DNS:gateway, DNS:lb" >> $(temp_file) - openssl x509 -req -in $(cert_dir)/csms.csr \ - -out $(cert_dir)/csms.pem \ - -signkey $(cert_dir)/csms.key \ + openssl x509 -req -in csms.csr \ + -out csms.pem \ + -signkey csms.key \ -days 365 \ -extfile $(temp_file) rm -f $(temp_file) +cpo_sub_ca1.pem cpo_sub_ca2.pem root-V2G-cert.pem trust.pem: + ../../scripts/get-ca-cert.sh + .PHONY: clean clean: - rm -f $(cert_dir)/* + rm -f *.pem csms.key csms.csr From 20e49969e1faa2b5ae9268a0d9d199f04a45d0ff Mon Sep 17 00:00:00 2001 From: Kai Hendry Date: Wed, 2 Aug 2023 09:28:56 +0100 Subject: [PATCH 3/7] refactor: pre-commit hooks and apply comments on https://github.com/thoughtworks/maeve-csms/pull/8 --- .github/workflows/pre-commit.yml | 15 +++++++++++++++ README.md | 2 +- scripts/run.sh | 21 ++++++++++++++++++++- 3 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/pre-commit.yml diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000..cb2fb6c --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,15 @@ +on: + pull_request: + push: + +jobs: + main: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: 3.x + - uses: pre-commit/action@v3.0.0 + - uses: pre-commit-ci/lite-action@v1.0.1 + if: always() diff --git a/README.md b/README.md index e7fd92c..377fcbf 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ MaEVe runs in a set of Docker containers. This means you need to have `docker`, To get the system up and running: 1. `(cd config/certificates && make)` -1. Run the [./scripts/run.sh](./scripts/run.sh) script with the same token to run all the required components - again, don't forget the quotes around the token +2. Run the [./scripts/run.sh](./scripts/run.sh) script with the same token to run all the required components - again, don't forget the quotes around the token Charge stations can connect to the CSMS using: * `ws://localhost/ws/` diff --git a/scripts/run.sh b/scripts/run.sh index 26cf959..f36c633 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -1,9 +1,28 @@ #!/usr/bin/env bash +command_exists() { + command -v "$1" >/dev/null 2>&1 +} + BEARER_TOKEN=$(curl -s https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token | jq -r .data | sed -n '/Bearer/s/^.*Bearer //p') # fall back to BEARER_TOKEN if no arg CSO_OPCP_TOKEN="${1:-$BEARER_TOKEN}" MO_OPCP_TOKEN="${2:-$BEARER_TOKEN}" -export MO_OPCP_TOKEN=$MO_OPCP_TOKEN; export CSO_OPCP_TOKEN=$CSO_OPCP_TOKEN;docker-compose up "${@:2}" --build +shift + +# Check if 'docker compose' is available (with space) +if command_exists "docker compose"; then + DOCKER_COMPOSE_CMD="docker compose" +else + # Check if 'docker-compose' is available + if command_exists docker-compose; then + DOCKER_COMPOSE_CMD="docker-compose" + else + echo "Error: Neither 'docker-compose' nor 'docker compose' is available. Please install Docker Compose." + exit 1 + fi +fi + +export MO_OPCP_TOKEN=$MO_OPCP_TOKEN; export CSO_OPCP_TOKEN=$CSO_OPCP_TOKEN;$DOCKER_COMPOSE_CMD up "${@:2}" From 18877391aac5a68da9c82c35319809ea3699617a Mon Sep 17 00:00:00 2001 From: Kai Hendry Date: Tue, 1 Aug 2023 17:48:53 +0100 Subject: [PATCH 4/7] ci: install deps for pre-commit to run --- .github/workflows/pre-commit.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb2fb6c..860c32a 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,6 +7,14 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: "stable" + check-latest: true + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + - name: Install static check + run: go install honnef.co/go/tools/cmd/staticcheck@latest - uses: actions/setup-python@v4 with: python-version: 3.x From f18987f29374c4af67fcd9919cb9643cceb45762 Mon Sep 17 00:00:00 2001 From: Kai Hendry Date: Wed, 2 Aug 2023 09:46:11 +0100 Subject: [PATCH 5/7] ci: prevent IDE project files from being committed https://www.toptal.com/developers/gitignore/api/goland+all,visualstudiocode,go --- .gitignore | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0009741 --- /dev/null +++ b/.gitignore @@ -0,0 +1,134 @@ +# Created by https://www.toptal.com/developers/gitignore/api/goland+all,visualstudiocode,go +# Edit at https://www.toptal.com/developers/gitignore?templates=goland+all,visualstudiocode,go + +### Go ### +# If you prefer the allow list template instead of the deny list, see community template: +# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore +# +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Dependency directories (remove the comment below to include it) +# vendor/ + +# Go workspace file +go.work + +### GoLand+all ### +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# AWS User-specific +.idea/**/aws.xml + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/artifacts +# .idea/compiler.xml +# .idea/jarRepositories.xml +# .idea/modules.xml +# .idea/*.iml +# .idea/modules +# *.iml +# *.ipr + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# SonarLint plugin +.idea/sonarlint/ + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +### GoLand+all Patch ### +# Ignore everything but code style settings and run configurations +# that are supposed to be shared within teams. + +.idea/* + +!.idea/codeStyles +!.idea/runConfigurations + +### VisualStudioCode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +!.vscode/*.code-snippets + +# Local History for Visual Studio Code +.history/ + +# Built Visual Studio Code Extensions +*.vsix + +### VisualStudioCode Patch ### +# Ignore all local history of files +.history +.ionide + +# End of https://www.toptal.com/developers/gitignore/api/goland+all,visualstudiocode,go From 7d81020c4156880f673125ee614226352eb02dfd Mon Sep 17 00:00:00 2001 From: Kai Hendry Date: Wed, 2 Aug 2023 10:04:04 +0100 Subject: [PATCH 6/7] ci: fix talismanrc hook https://github.com/thoughtworks/maeve-csms/actions/runs/5736555489/job/15546384483 --- .hook/sort-talismanrc.sh | 2 +- .talismanrc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.hook/sort-talismanrc.sh b/.hook/sort-talismanrc.sh index ea430b7..2560b87 100755 --- a/.hook/sort-talismanrc.sh +++ b/.hook/sort-talismanrc.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -yq -i '.fileignoreconfig |= sort_by(.filename)' .talismanrc \ No newline at end of file +yq -y -i '.fileignoreconfig |= sort_by(.filename)' .talismanrc diff --git a/.talismanrc b/.talismanrc index f31f0c5..06fdc0c 100644 --- a/.talismanrc +++ b/.talismanrc @@ -99,4 +99,4 @@ fileignoreconfig: checksum: eab0c50edc72d8a53c2a2d0c4238924f9705666dc962a344384d793a501dea50 scopeconfig: - scope: go -version: "" +version: '' From b21e97de7f1959c1aa96cc7f1003a970f2b54db1 Mon Sep 17 00:00:00 2001 From: Kai Hendry Date: Wed, 2 Aug 2023 10:30:40 +0100 Subject: [PATCH 7/7] ci: fix issue that was caused by an old yq 3.1.1 --- .hook/sort-talismanrc.sh | 2 +- .talismanrc | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.hook/sort-talismanrc.sh b/.hook/sort-talismanrc.sh index 2560b87..1e841b6 100755 --- a/.hook/sort-talismanrc.sh +++ b/.hook/sort-talismanrc.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -yq -y -i '.fileignoreconfig |= sort_by(.filename)' .talismanrc +yq -i '.fileignoreconfig |= sort_by(.filename)' .talismanrc diff --git a/.talismanrc b/.talismanrc index 06fdc0c..ed4601b 100644 --- a/.talismanrc +++ b/.talismanrc @@ -95,8 +95,6 @@ fileignoreconfig: checksum: b31b2ed998237c77a6cd3501ce4231c2cbe15a2aca68db8715f4f43f9fc7e01c - filename: manager/store/inmemory/cert_test.go checksum: 535591f9b2a347dd1fc00f07aa3742660c96a636dae8f724c9e2842e09b95356 - - filename: scripts/generate-tls-cert.sh - checksum: eab0c50edc72d8a53c2a2d0c4238924f9705666dc962a344384d793a501dea50 scopeconfig: - scope: go version: ''