chore: update repo config

.envrc

@@ -2,3 +2,7 @@ if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
   source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
 fi
 use flake . --impure
+
+# Vault
+export VAULT_ADDR=http://127.0.0.1:8200
+export VAULT_TOKEN=227e1cce-6bf7-30bb-2d2a-acc854318caf

.goreleaser.yaml

@@ -1,12 +1,14 @@
+project_name: secret-sync
+
 dist: build/dist
 
+before:
+  hooks:
+    - go mod tidy
 builds:
-  - main: .
-    env:
+  - env:
       - CGO_ENABLED=0
-    flags:
-      - -trimpath
-    ldflags: "-s -w -X main.version={{ .Version }}"
+    main: .
     goos:
       - linux
       - darwin
@@ -15,18 +17,18 @@ builds:
       - arm64
 
 archives:
-  - name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
-    format_overrides:
-      - goos: windows
-        format: zip
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
 
 checksum:
   name_template: "checksums.txt"
 
 changelog:
-  skip: false
-
-release:
-  draft: true
-  replace_existing_draft: true
-  prerelease: auto
+  disable: true

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3018
+  - DL3059

.licensei.toml

@@ -38,7 +38,7 @@ ignored = [
 ]
 
 [header]
-authors = ["Cisco"]
+authors = ["Bank-Vaults Maintainers"]
 ignorePaths = [".direnv", ".devenv", "vendor", "examples"]
 ignoreFiles = ["zz_generated.*.go"]
 template = """// Copyright © :YEAR: :AUTHOR:

.yamlignore

@@ -0,0 +1 @@
+/.github/

.yamllint.yaml

@@ -1,6 +1,8 @@
-ignore-from-file: [.gitignore]
+ignore-from-file: [.gitignore, .yamlignore]
 
 extends: default
 
 rules:
   line-length: disable
+  document-start: disable
+  comments: disable

Makefile

@@ -12,13 +12,39 @@ default: help
 help: ## Display this help
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
+##@ Development
+
+.PHONY: up
+up: ## Start development environment
+	docker compose -f dev/vault/docker-compose.yml up -d
+
+.PHONY: stop
+stop: ## Stop development environment
+	docker compose -v -f dev/vault/docker-compose.yml stop
+
+.PHONY: down
+down: ## Destroy development environment
+	docker compose -v -f dev/vault/docker-compose.yml down
+
 ##@ Build
 
 .PHONY: build
 build: ## Build binary
 	@mkdir -p build
 	go build -race -o build/
 
+.PHONY: container-image
+container-image: ## Build container image
+	docker build .
+
+.PHONY: binary-snapshot
+binary-snapshot: ## Build binary snapshot
+	VERSION=v${GORELEASER_VERSION} ${GORELEASER_BIN} release --clean --skip=publish --snapshot
+
+.PHONY: artifacts
+artifacts: container-image binary-snapshot
+artifacts: ## Build artifacts
+
 ##@ Checks
 
 .PHONY: check
@@ -29,38 +55,45 @@ test: ## Run tests
 	go test -race -v ./...
 
 .PHONY: lint
-lint: lint-go lint-yaml #lint-docker
+lint: lint-go lint-docker lint-yaml
 lint: ## Run linters
 
 .PHONY: lint-go
 lint-go:
 	$(GOLANGCI_LINT_BIN) run $(if ${CI},--out-format github-actions,)
 
+.PHONY: lint-docker
+lint-docker:
+	hadolint Dockerfile
+
 .PHONY: lint-yaml
 lint-yaml:
 	yamllint $(if ${CI},-f github,) --no-warnings .
 
+.PHONY: fmt
+fmt: ## Format code
+	$(GOLANGCI_LINT_BIN) run --fix
+
 .PHONY: license-check
 license-check: ## Run license check
 	$(LICENSEI_BIN) check
 	$(LICENSEI_BIN) header
 
-.PHONY: fmt
-fmt: ## Format code
-	$(GOLANGCI_LINT_BIN) run --fix
-
 ##@ Dependencies
 
-deps: bin/golangci-lint bin/licensei
+deps: bin/golangci-lint bin/licensei bin/cosign bin/goreleaser
 deps: ## Install dependencies
 
 # Dependency versions
-GOLANGCI_VERSION = 1.53.3
-LICENSEI_VERSION = 0.8.0
+GOLANGCI_VERSION = 1.59.0
+LICENSEI_VERSION = 0.9.0
+COSIGN_VERSION = 2.2.4
+GORELEASER_VERSION = 2.0.0
 
 # Dependency binaries
 GOLANGCI_LINT_BIN := golangci-lint
 LICENSEI_BIN := licensei
+GORELEASER_BIN := goreleaser
 
 # If we have "bin" dir, use those binaries instead
 ifneq ($(wildcard ./bin/.),)
@@ -75,3 +108,25 @@ bin/golangci-lint:
 bin/licensei:
 	@mkdir -p bin
 	curl -sfL https://raw.githubusercontent.com/goph/licensei/master/install.sh | bash -s -- v${LICENSEI_VERSION}
+
+bin/cosign:
+	@mkdir -p bin
+	@OS=$$(uname -s); \
+	case $$OS in \
+		"Linux") \
+			curl -sSfL https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64 -o bin/cosign; \
+			;; \
+		"Darwin") \
+			curl -sSfL https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-darwin-arm64 -o bin/cosign; \
+			;; \
+		*) \
+			echo "Unsupported OS: $$OS"; \
+			exit 1; \
+			;; \
+	esac
+	@chmod +x bin/cosign
+
+bin/goreleaser:
+	@mkdir -p bin
+	curl -sfL https://goreleaser.com/static/run -o bin/goreleaser
+	@chmod +x bin/goreleaser

README.md

@@ -57,10 +57,12 @@ Check out the [project documentation](docs) or [pkg.go.dev](https://pkg.go.dev/m
 
 _Alternatively, install [Go](https://go.dev/dl/) on your computer then run `make deps` to install the rest of the dependencies._
 
-Fetch required tools:
+Make sure Docker is installed with Compose and Buildx.
+
+Run project dependencies:
 
 ```shell
-make deps
+make up
 ```
 
 Build the CLI:
@@ -87,6 +89,22 @@ Some linter violations can automatically be fixed:
 make fmt
 ```
 
+Build artifacts locally:
+
+```shell
+make artifacts
+```
+
+Once you are done either stop or tear down dependencies:
+
+```shell
+make stop
+
+# OR
+
+make down
+```
+
 ## License
 
 The project is licensed under the [Apache 2.0 License](https://github.com/bank-vaults/secret-sync/blob/master/LICENSE).

cmd/sync.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/sync_test.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

dev/vault/docker-compose.yml

@@ -1,24 +1,22 @@
 services:
   vault-1:
-    container_name: vault-1
-    image: hashicorp/vault:latest
+    container_name: secret-sync-vault-1
+    image: hashicorp/vault:1.14.8
     ports:
-      - 8200:8200
+      - 127.0.0.1:8200:8200
     environment:
-      VAULT_ADDR: "http://0.0.0.0:8200"
-      VAULT_API_ADDR: "http://0.0.0.0:8200"
-    cap_add:
-      - IPC_LOCK
-    entrypoint: vault server -dev -dev-listen-address="0.0.0.0:8200" -dev-root-token-id="root"
+      SKIP_SETCAP: "true"
+      VAULT_ADDR: http://127.0.0.1:8200
+      VAULT_TOKEN: 227e1cce-6bf7-30bb-2d2a-acc854318caf
+      VAULT_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf
 
   vault-2:
-    container_name: vault-2
-    image: hashicorp/vault:latest
+    container_name: secret-sync-vault-2
+    image: hashicorp/vault:1.14.8
     ports:
-      - 8201:8200
+      - 127.0.0.1:8201:8200
     environment:
-      VAULT_ADDR: "http://0.0.0.0:8200"
-      VAULT_API_ADDR: "http://0.0.0.0:8200"
-    cap_add:
-      - IPC_LOCK
-    entrypoint: vault server -dev -dev-listen-address="0.0.0.0:8200" -dev-root-token-id="root"
+      SKIP_SETCAP: "true"
+      VAULT_ADDR: http://127.0.0.1:8200
+      VAULT_TOKEN: 227e1cce-6bf7-30bb-2d2a-acc854318caf
+      VAULT_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf

flake.nix

@@ -44,7 +44,7 @@
               goreleaser
 
               yamllint
-              # hadolint
+              hadolint
             ] ++ [
               self'.packages.licensei
               self'.packages.golangci-lint

main.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/apis/v1alpha1/secretkey_types.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/apis/v1alpha1/secretstore.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/apis/v1alpha1/secretstore_local_types.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/apis/v1alpha1/secretstore_schema.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/apis/v1alpha1/secretstore_vault_types.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/apis/v1alpha1/syncjob_types.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/provider/file/client.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/provider/file/provider.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/provider/provider.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/provider/vault/client.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/provider/vault/provider.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/storesync/processor.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/storesync/storesync.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pkg/storesync/storesync_test.go

@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2023 Bank-Vaults Maintainers
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.