axone-protocol · amimart · Sep 18, 2024 · Sep 17, 2024 · Sep 17, 2024 · Sep 17, 2024
diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml
@@ -10,7 +10,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/[email protected].0
+      - uses: actions/[email protected].2
         with:
-          project-url: https://github.com/orgs/okp4/projects/9
-          github-token: ${{ secrets.OKP4_TOKEN }}
+          project-url: https://github.com/orgs/axone-protocol/projects/2
+          github-token: ${{ secrets.OPS_TOKEN }}
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -12,4 +12,4 @@ jobs:
         uses: ahmadnassri/action-dependabot-auto-merge@v2
         with:
           target: minor
-          github-token: ${{ secrets.OKP4_TOKEN }}
+          github-token: ${{ secrets.OPS_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,10 +4,10 @@ on:
   workflow_call:
 
   push:
-    branches: [ main ]
+    branches: [main]
 
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 concurrency:
   group: build-${{ github.ref }}
@@ -21,20 +21,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Go environment
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
-          go-version: "1.21"
+          go-version: '1.21'
 
       - name: Build go project
         run: |
           make build
-
-  build-docker:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-
-      - name: Build docker image
-        run: |
-          docker build .
diff --git a/.github/workflows/follow-contributor.yml b/.github/workflows/follow-contributor.yml
@@ -12,4 +12,4 @@ jobs:
         uses: okp4/[email protected]
         with:
           username: ${{ github.event.pull_request.user.login }}
-          token: ${{ secrets.OKP4_TOKEN }}
+          token: ${{ secrets.OPS_TOKEN }}
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -1,17 +1,13 @@
 name: Lint
 
 on:
-  workflow_call:
-
   push:
     branches: [ main ]
 
   pull_request:
     branches: [ main ]
 
-concurrency:
-  group: lint-${{ github.ref }}
-  cancel-in-progress: true
+  workflow_dispatch:
 
 jobs:
   lint-commits:
@@ -36,7 +32,6 @@ jobs:
         uses: avto-dev/[email protected]
         with:
           args: "**/*.md"
-          ignore: "CHANGELOG.md"
 
   lint-yaml:
     runs-on: ubuntu-22.04
@@ -53,27 +48,79 @@ jobs:
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Find changed go files
         id: changed-go-files
-        uses: tj-actions/changed-files@v44.0.0
+        uses: tj-actions/changed-files@v44.5.7
         with:
           files: |
             **/*.go
             go.mod
             go.sum
 
       - name: Setup Go environment
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         if: steps.changed-go-files.outputs.any_changed == 'true'
         with:
           go-version: "1.21"
+          cache: false
 
       - name: Lint go code (golangci-lint)
-        uses: golangci/golangci-lint-action@v4
+        uses: golangci/golangci-lint-action@v6
         if: steps.changed-go-files.outputs.any_changed == 'true'
         with:
-          version: v1.55
+          version: v1.59
+
+      - name: Lint go code (gofumpt)
+        if: steps.changed-go-files.outputs.any_changed == 'true'
+        run: |
+          go install mvdan.cc/[email protected]
+          if [ "$(gofumpt -l .)" != "" ]; then
+            echo "❌ Code is not gofumpt!"
+            exit 1
+          fi
+          echo "✅ Code is gofumpt!"
+
+  analyze-go:
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Find changed go files
+        id: changed-go-files
+        uses: tj-actions/[email protected]
+        with:
+          files: |
+            **/*.go
+            go.mod
+            go.sum
+
+      - name: Setup Go environment
+        uses: actions/[email protected]
+        with:
+          go-version: "1.21"
+          cache: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: "go"
+
+      - name: Autobuild project
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
 
   lint-dockerfile:
     runs-on: ubuntu-22.04
@@ -84,13 +131,22 @@ jobs:
 
       - name: Lint dockerfile (hadolint)
         uses: hadolint/[email protected]
+        with:
+          verbose: true
+
+  lint-shell:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
 
-      - name: Lint dockerfile (docker-lint)
-        uses: luke142367/[email protected]
+      - name: Lint shell scripts
+        uses: ludeeus/[email protected]
         with:
-          target: Dockerfile
+          scandir: .
+          version: "v0.9.0"
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SHELLCHECK_OPTS: -e SC2034
 
   lint-branch-name:
     runs-on: ubuntu-22.04
@@ -125,7 +181,7 @@ jobs:
         if: ${{ failure() }}
         uses: codelytv/no-pull-requests@v1
         with:
-          GITHUB_TOKEN: ${{ secrets.OKP4_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OPS_TOKEN }}
           message: 🙅 Closing the PR because it does not respect naming conventions. Edit the branch name and submit a new PR.
     env:
-      GITHUB_TOKEN: ${{ secrets.OKP4_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.OPS_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -16,17 +16,16 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
 
-      - name: Set up context
-        id: project_context
-        uses: FranzDiebold/[email protected]
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Extract metadata (tags, labels) for Docker
         id: docker_metadata
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository }}
           tags: |
-            type=raw,value=nightly
+            type=raw,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }},value=nightly
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
@@ -41,10 +40,10 @@ jobs:
           password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
 
       - name: Build and publish image(s)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.docker_metadata.outputs.tags }}
           labels: ${{ steps.docker_metadata.outputs.labels }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -27,13 +27,13 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.OKP4_TOKEN }}
+          token: ${{ secrets.OPS_TOKEN }}
 
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@v6
         with:
-          gpg_private_key: ${{ secrets.OKP4_BOT_GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.OKP4_BOT_GPG_PASSPHRASE }}
+          gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
           git_config_global: true
           git_user_signingkey: true
           git_commit_gpgsign: true
@@ -59,8 +59,8 @@ jobs:
           extends: |
             [email protected]
         env:
-          GITHUB_TOKEN: ${{ secrets.OKP4_TOKEN }}
-          GIT_AUTHOR_NAME: ${{ secrets.OKP4_BOT_GIT_AUTHOR_NAME }}
-          GIT_AUTHOR_EMAIL: ${{ secrets.OKP4_BOT_GIT_AUTHOR_EMAIL }}
-          GIT_COMMITTER_NAME: ${{ secrets.OKP4_BOT_GIT_COMMITTER_NAME }}
-          GIT_COMMITTER_EMAIL: ${{ secrets.OKP4_BOT_GIT_COMMITTER_EMAIL }}
+          GITHUB_TOKEN: ${{ secrets.OPS_TOKEN }}
+          GIT_AUTHOR_NAME: ${{ vars.BOT_GIT_AUTHOR_NAME }}
+          GIT_AUTHOR_EMAIL: ${{ vars.BOT_GIT_AUTHOR_EMAIL }}
+          GIT_COMMITTER_NAME: ${{ vars.BOT_GIT_COMMITTER_NAME }}
+          GIT_COMMITTER_EMAIL: ${{ vars.BOT_GIT_COMMITTER_EMAIL }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -21,19 +21,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Go environment
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
           go-version: "1.21"
 
       - name: Test go project
         run: |
           make test-go
-
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
-        if: github.actor != 'dependabot[bot]'
-        with:
-          files: ./target/coverage.out
-          env_vars: OS,GOLANG
-          fail_ci_if_error: true
-          verbose: true
diff --git a/.github/workflows/thank.yml b/.github/workflows/thank.yml
@@ -1,6 +1,8 @@
 name: Give thanks
 
 on:
+  workflow_dispatch:
+
   push:
     branches: [ main ]
 
@@ -15,7 +17,7 @@ jobs:
 
       - name: Find changed dependencies
         id: changed-dependencies
-        uses: tj-actions/changed-files@v44.0.0
+        uses: tj-actions/changed-files@v44.5.7
         with:
           files: |
             go.mod
@@ -27,4 +29,4 @@ jobs:
             -v $(pwd):/home \
             psampaz/gothanks:v0.4.0 \
             -y \
-            -github-token=${{ secrets.OKP4_TOKEN }}
+            -github-token=${{ secrets.OPS_TOKEN }}
diff --git a/.releaserc.yml b/.releaserc.yml
@@ -4,11 +4,30 @@ branches:
 plugins:
   - - "@semantic-release/commit-analyzer"
     - preset: conventionalcommits
+      releaseRules:
+        - type: build
+          scope: deps
+          release: patch
+        - type: build
+          scope: deps-dev
+          release: patch
+        - type: refactor
+          release: patch
+        - type: style
+          release: patch
+        - type: ci
+          release: patch
+        - type: chore
+          release: patch
+        - type: docs
+          release: patch
+        - breaking: true
+          release: major
   - - "@semantic-release/release-notes-generator"
     - preset: conventionalcommits
   - - "@semantic-release/changelog"
     - changelogFile: CHANGELOG.md
-      changelogTitle: "# ØKP4 S3 auth proxy"
+      changelogTitle: "# Axone S3 auth proxy"
   - - "@google/semantic-release-replace-plugin"
     - replacements:
         - files: [version]
@@ -20,6 +39,9 @@ plugins:
               hasChanged: true
               numMatches: 1
               numReplacements: 1
+  - - "@semantic-release/exec"
+    - prepareCmd: |
+        ./scripts/bump-module.sh
   - - "@semantic-release/exec"
     - prepareCmd: |
         make build-go-all
@@ -41,4 +63,7 @@ plugins:
     - assets:
         - CHANGELOG.md
         - version
+        - go.mod
+        - go.sum
+        - "**/*.go"
       message: "chore(release): perform release ${nextRelease.version}"
diff --git a/Makefile b/Makefile
@@ -19,9 +19,9 @@ COLOR_RESET  = $(shell tput -Txterm sgr0)
 VERSION  := $(shell cat version)
 COMMIT   := $(shell git log -1 --format='%H')
 LD_FLAGS  = \
-	-X okp4/s3-auth-proxy/internal/version.Name=$(BINARY_NAME) \
-	-X okp4/s3-auth-proxy/internal/version.Version=$(VERSION)  \
-	-X okp4/s3-auth-proxy/internal/version.Commit=$(COMMIT)
+	-X axone-protocol/s3-auth-proxy/internal/version.Name=$(BINARY_NAME) \
+	-X axone-protocol/s3-auth-proxy/internal/version.Version=$(VERSION)  \
+	-X axone-protocol/s3-auth-proxy/internal/version.Commit=$(COMMIT)
 BUILD_FLAGS := -ldflags '$(LD_FLAGS)'
 
 # Commands