crowdsecurity · rr404 · Sep 18, 2023 · Jul 26, 2023 · Jul 27, 2023 · Aug 3, 2023
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,4 @@
+template: |
+  ## What’s Changed
+
+  $CHANGES
diff --git a/.github/release.py b/.github/release.py
@@ -0,0 +1,153 @@
+#!/usr/bin/env python3
+
+import argparse
+import json
+import os
+import shutil
+import subprocess
+import sys
+
+
+def _goos():
+    yield 'linux'
+    yield 'freebsd'
+
+
+def _goarch(goos):
+    yield '386'
+    yield 'amd64'
+    yield 'arm'
+    yield 'arm64'
+    if goos == 'linux':
+        yield 'ppc64le'
+        yield 's390x'
+    yield 'riscv64'
+
+
+def _goarm(goarch):
+    if goarch != 'arm':
+        yield ''
+        return
+    yield '6'
+    yield '7'
+
+
+def _build_tarball(os):
+    if os == 'linux':
+        yield True
+    else:
+        yield False
+
+
+def filename_for_entry(prog_name, entry):
+    arch = entry['goarch']
+    if entry['goarch'] == 'arm':
+        arch += 'v' + entry['goarm']
+    ret = f'{prog_name}-{entry["goos"]}-{arch}'
+    if entry['build_tarball']:
+        ret += '.tgz'
+    return ret
+
+
+def matrix(prog_name):
+    for goos in _goos():
+        for goarch in _goarch(goos):
+            for goarm in _goarm(goarch):
+                for build_tarball in _build_tarball(goos):
+                    yield {
+                        'goos': goos,
+                        'goarch': goarch,
+                        'goarm': goarm,
+                        'build_tarball': build_tarball,
+                    }
+
+
+def print_matrix(prog_name):
+    j = {'include': list(matrix(prog_name))}
+
+    if os.isatty(sys.stdout.fileno()):
+        print(json.dumps(j, indent=2))
+    else:
+        print(json.dumps(j))
+
+
+default_tarball = {
+    'goos': 'linux',
+    'goarch': 'amd64',
+    'goarm': '',
+    'build_tarball': True,
+}
+
+default_binary = {
+    'goos': 'linux',
+    'goarch': 'amd64',
+    'goarm': '',
+    'build_tarball': False,
+}
+
+
+def run_build(prog_name):
+    # call the makefile for each matrix entry
+
+    default_tarball_filename = None
+    default_binary_filename = None
+
+    for entry in matrix(prog_name):
+        env = {'GOOS': entry['goos'], 'GOARCH': entry['goarch']}
+
+        if entry['goarm']:
+            env['GOARM'] = entry['goarm']
+
+        if entry['build_tarball']:
+            target = 'tarball'
+        else:
+            target = 'binary'
+
+        print(f"Running make {target} for {env}")
+
+        subprocess.run(['make', target], env=os.environ | env, check=True)
+
+        want_filename = filename_for_entry(prog_name, entry)
+
+        if entry['build_tarball']:
+            os.rename(f'{prog_name}.tgz', want_filename)
+        else:
+            os.rename(f'{prog_name}', want_filename)
+
+        # if this is the default tarball or binary, save the filename
+        # we'll use it later to publish a "default" package
+
+        if entry == default_tarball:
+            default_tarball_filename = want_filename
+
+        if entry == default_binary:
+            default_binary_filename = want_filename
+
+        # Remove the directory to reuse it
+        subprocess.run(['make', 'clean-release-dir'], env=os.environ | env, check=True)
+
+    # publish the default tarball and binary
+    if default_tarball_filename:
+        shutil.copy(default_tarball_filename, f'{prog_name}.tgz')
+
+    if default_binary_filename:
+        shutil.copy(default_binary_filename, f'{prog_name}')
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description='Build release binaries and tarballs for all supported platforms')
+    parser.add_argument('action', help='Action to perform (ex. run-build, print-matrix)')
+    parser.add_argument('prog_name', help='Name of the program (ex. crowdsec-firewall-bouncer)')
+
+    args = parser.parse_args()
+
+    if args.action == 'print-matrix':
+        print_matrix(args.prog_name)
+
+    if args.action == 'run-build':
+        run_build(args.prog_name)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/.github/workflows/build-binary-package.yml b/.github/workflows/build-binary-package.yml
@@ -0,0 +1,40 @@
+name: build-binary-package
+
+on:
+  release:
+    types: [prereleased]
+
+permissions:
+  # Use write for: hub release edit
+  contents: write
+
+env:
+  PROGRAM_NAME: crowdsec-cloudflare-worker-bouncer
+
+jobs:
+  build:
+    name: Build and upload all platforms
+    runs-on: ubuntu-latest
+
+    steps:
+
+    - name: Check out repository
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.20.5
+
+    - name: Build all versions
+      run: |
+        make platform-all
+
+    - name: Upload to release
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        tag_name="${GITHUB_REF##*/}"
+        hub release edit $(find . -name "$PROGRAM_NAME*" -maxdepth 1 -printf "-a %p ") -m "" "$tag_name"
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -0,0 +1,30 @@
+name: Release Drafter
+
+on:
+  push:
+    # branches to consider in the event; optional, defaults to all
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  update_release_draft:
+    permissions:
+      # write permission is required to create a github release
+      contents: write
+      # write permission is required for autolabeler
+      # otherwise, read permission is required at least
+      pull-requests: read
+    runs-on: ubuntu-latest
+    name: Update the release draft
+    steps:
+      # Drafts your next Release notes as Pull Requests are merged into "main"
+      - uses: release-drafter/release-drafter@v5
+        with:
+          config-name: release-drafter.yml
+          # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
+          # config-name: my-config.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -0,0 +1,54 @@
+name: Build + tests
+
+on:
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: "Build + tests"
+    runs-on: ubuntu-latest
+
+    steps:
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.20.5
+
+    - name: Set up Node
+      uses: actions/setup-node@v3
+      with:
+        node-version: 16
+
+    - name: Build
+      run: |
+        make build
+
+    - name: Run unit tests
+      run: |
+        go install github.com/kyoh86/richgo@v0.3.12
+        set -o pipefail
+        make test | richgo testfilter
+      env:
+        RICHGO_FORCE_COLOR: 1
+        CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
+
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v3
+      with:
+        version: v1.51
+        args: --issues-exit-code=1 --timeout 10m
+        only-new-issues: false
+        # the cache is already managed above, enabling it here
+        # gives errors when extracting
+        skip-pkg-cache: true
+        skip-build-cache: true
diff --git a/.gitignore b/.gitignore
@@ -1,21 +1,38 @@
-# If you prefer the allow list template instead of the deny list, see community template:
-# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
-#
-# Binaries for programs and plugins
-*.exe
-*.exe~
-*.dll
-*.so
-*.dylib
-
 # Test binary, built with `go test -c`
 *.test
-
+.vscode
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 
-# Dependency directories (remove the comment below to include it)
-# vendor/
+# Dependencies are not vendored by default, but a tarball is created by "make vendor"
+# and provided in the release. Used by freebsd, gentoo, etc.
+vendor/
+vendor.tgz
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+venv/
+
+crowdsec-cloudflare-worker-bouncer
+pkg/cloudflare/worker/node_modules
+
+# built by make
+/crowdsec-cloudflare-worker-bouncer
+/crowdsec-cloudflare-worker-bouncer-*
+/crowdsec-cloudflare-worker-bouncer.tgz
+
+# built by dpkg-buildpackage
+/debian/crowdsec-cloudflare-worker-bouncer
+/debian/files
+/debian/*.substvars
+/debian/*.debhelper
+/debian/*-stamp
 
-# Go workspace file
-go.work
+# built by rpmbuild
+/rpm/BUILD
+/rpm/BUILDROOT
+/rpm/RPMS
+/rpm/SOURCES/*.tar.gz
+/rpm/SRPMS
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 crowdsec
+Copyright (c) 2023 CrowdSec
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal