ZupIT · nathanmartinszup · Sep 30, 2021 · Sep 23, 2021
diff --git a/.github/workflows/alpha.yml b/.github/workflows/alpha.yml
@@ -0,0 +1,180 @@
+# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Alpha
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  Alpha:
+    runs-on: ubuntu-latest
+    env:
+      COSIGN_KEY_LOCATION: /tmp/cosign.key
+      COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+
+      - name: Docker Login
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Cosign Installer
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.2.0'
+
+      - name: Install cosign private key
+        run: 'echo "$COSIGN_KEY" > $COSIGN_KEY_LOCATION'
+        shell: bash
+        env:
+          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+
+      - name: Build and push api
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./api
+          file: ./api/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-api:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-api:alpha
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
+      - name: Build and push auth
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./auth
+          file: ./auth/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-auth:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-auth:alpha
+      - name: Build and push analytic
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./analytic
+          file: ./analytic/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-analytic:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-analytic:alpha
+      - name: Build and push core
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./core
+          file: ./core/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-core:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-core:alpha
+      - name: Build and push manager
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./manager
+          file: ./manager/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-manager:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:alpha
+
+      - name: Build and push messages
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./messages
+          file: ./messages/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-messages:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-messages:alpha
+      - name: Build and push migrations
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./migrations
+          file: ./migrations/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-migrations:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-migrations:alpha
+      - name: Build and push vulnerability
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./vulnerability
+          file: ./vulnerability/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-vulnerability:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-vulnerability:alpha
+      - name: Build and push webhook
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./webhook
+          file: ./webhook/deployments/dockerfiles/Dockerfile
+          tags: horuszup/horusec-webhook:alpha
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-webhook:alpha
+
+      - name: Update alpha release
+        uses: meeDamian/github-release@2.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: alpha
+          name: alpha
+          draft: false
+          prerelease: true
+          commitish: ${{ github.sha }}
+          gzip: false
+          allow_override: true
+          body: |
+            ## Docker images
+            - `docker pull horuszup/horusec-analytic:alpha`
+            - `docker pull horuszup/horusec-api:alpha`
+            - `docker pull horuszup/horusec-auth:alpha`
+            - `docker pull horuszup/horusec-core:alpha`
+            - `docker pull horuszup/horusec-manager:alpha`
+            - `docker pull horuszup/horusec-messages:alpha`
+            - `docker pull horuszup/horusec-migrations:alpha`
+            - `docker pull horuszup/horusec-vulnerability:alpha`
+            - `docker pull horuszup/horusec-webhook:alpha`
diff --git a/.github/workflows/new-release.yml b/.github/workflows/new-release.yml
@@ -0,0 +1,146 @@
+# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: New-Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      releaseType:
+        description: 'Release type: M (Major); m (Minor); p (Path)'
+        required: true
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    env:
+      COSIGN_KEY_LOCATION: "/tmp/cosign.key"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+      - name: Set up nodejs
+        uses: actions/setup-node@v2
+        with:
+          node-version: 12
+      - name: "Login to DockerHub"
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Version increment
+        id: updated-version
+        run: |
+          curl https://raw.githubusercontent.com/ZupIT/horusec-devkit/main/scripts/semver.sh -o /tmp/semver.sh
+          chmod +x /tmp/semver.sh
+          /tmp/semver.sh -${{ github.event.inputs.releaseType }} ${{ github.event.repository.full_name }}
+      - uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.2.0'
+      - name: install cosign private key
+        run: 'echo "$COSIGN_KEY" > $COSIGN_KEY_LOCATION'
+        shell: bash
+        env:
+          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+      - name: Update versions on package.json
+        run: |
+          npm install -g json
+          json -I -f ./manager/package.json -e 'this.version="${{ steps.updated-version.outputs.strippedVersion }}"'
+      - name: Update versions on rest of the project
+        run: |
+          find . -type f -not -path "./.git/*" -not -path "./Makefile" -not -path "./manager/cypress/*" -not -path "./manager/cypress/*" -not -name "*.sum" -not -name "*.mod"|
+          xargs sed -i "s/${{ steps.updated-version.outputs.actualVersion }}/${{ steps.updated-version.outputs.version }}/g"
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v7.3.0
+        with:
+          push: false
+          signoff: true
+          author_name: Horusec
+          author_email: horusec@zup.com.br
+          committer_name: Horusec
+          committer_email: horusec@zup.com.br
+      - name: Create tag
+        run: |
+          git tag ${{ steps.updated-version.outputs.version }}
+          sleep 5
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist
+        env:
+          COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
+          GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.version }}
+
+      - name: "Docker meta"
+        uses: docker/metadata-action@v3
+        id: meta
+        env:
+          RELEASE_VERSION: ${{ steps.updated-version.outputs.version }}
+        with:
+          images: |
+            horuszup/horusec-manager
+          tags: |
+            type=semver,prefix=v,pattern={{version}},value=${{ env.RELEASE_VERSION }}
+            type=semver,prefix=v,pattern={{major}}.{{minor}},value=${{ env.RELEASE_VERSION }}
+            type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
+
+      - name: "Build and push manager"
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./manager
+          file: ./manager/deployments/dockerfiles/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:latest
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
+
+      - name: Push tag
+        run: |
+          git push origin ${{ steps.updated-version.outputs.version }}
+      - name: Get release branch name
+        if: github.event.inputs.releaseType != 'p'
+        run: |
+          version=${{ steps.updated-version.outputs.version }}
+          echo "RELEASE_BRANCH=$(echo release/${version%.*})" >> $GITHUB_ENV
+      - name: Create release branch
+        if: github.event.inputs.releaseType != 'p'
+        run: |
+          git push origin main
+          git branch ${{ env.RELEASE_BRANCH }}
+          git push origin ${{ env.RELEASE_BRANCH }}
diff --git a/.gitignore b/.gitignore
@@ -18,4 +18,5 @@ e2e/**analysis
 horusec-cli/cmd/horusec/start/examples/
 vendor
 **/e2e/cypress/src/screenshots/**
-**/e2e/cypress/src/videos/**
+**/e2e/cypress/src/videos/**
+dist/