initial commit

qonto · Dec 15, 2023 · ba7fd61 · ba7fd61
1 parent fcd7ec9
commit ba7fd61
Show file tree

Hide file tree

Showing 113 changed files with 12,690 additions and 0 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,68 @@
+name: build
+run-name: building and publishing new release
+on:
+  push:
+    # run only against tags
+    tags:
+      - "*"
+permissions:
+  contents: write # allows the action to create a Github release
+  id-token: write # This is required for requesting the AWS JWT
+
+jobs:
+  build-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-east-1 # ECR Public can only be logged into from the us-east-1 region
+          role-to-assume: arn:aws:iam::202662887508:role/ecr-upgrade-manager
+          role-session-name: githubActions
+
+      - name: Login to Amazon ECR
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+          mask-password: 'true'
+
+      - run: git fetch --force --tags
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version: 1.20
+
+      - name: Set up QEMU for ARM64 build
+        uses: docker/setup-qemu-action@v3
+
+      - uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure AWS credentials for helm chart
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-east-1 # ECR Public can only be logged into from the us-east-1 region
+          role-to-assume: arn:aws:iam::202662887508:role/ecr-upgrade-manager-chart
+          role-session-name: githubActions
+
+      - name: Login to Amazon ECR for helm chart
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+          mask-password: 'true'
+
+      - name: Helm release
+        run: |
+          RELEASE_VERSION=$(jq -r .tag dist/metadata.json)
+          ./scripts/helm-release.sh upgrade-manager-chart chart ${RELEASE_VERSION} qonto
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -0,0 +1,19 @@
+on:
+  push:
+    branches : [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v4
+        with:
+          go-version: 1.20
+      - uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.55.2
+          args: --timeout=5m
+          skip-cache: false
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -0,0 +1,16 @@
+on:
+  push:
+    branches : [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v4
+        with:
+          go-version: 1.20
+      - name: Run testing
+        run: go test -race -v ./...
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+upgrade-manager
+tmp*
+/config.yaml
+*.tgz
+.*rendered.*
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,92 @@
+run:
+  concurrency: 4
+  deadline: 1m
+  issues-exit-code: 1
+  tests: true
+
+output:
+  format: colored-line-number
+  print-issued-lines: true
+  print-linter-name: true
+
+linters:
+  enable-all: false
+  disable-all: false
+  enable:
+    - deadcode
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - structcheck
+    - typecheck
+    - unused
+    - varcheck
+    - asciicheck
+    - bodyclose
+    - depguard
+    - dogsled
+    - durationcheck
+    - errorlint
+    - exhaustive
+    - exportloopref
+    - forcetypeassert
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goimports
+    - gomoddirectives
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - ifshort
+    - importas
+    - makezero
+    - misspell
+    - nakedret
+    - nestif
+    - nilerr
+    - noctx
+    - predeclared
+    - revive
+    - rowserrcheck
+    - sqlclosecheck
+    - thelper
+    - tparallel
+    - unconvert
+    - unparam
+    - wastedassign
+    - whitespace
+    - gci # File is not `gci`-ed with --skip-generated -s standard,default (gci) 
+linters-settings:
+  gocyclo:
+    min-complexity: 35
+
+  revive:
+    rules:
+      - name: exported
+        disabled: true
+
+issues:
+  exclude-use-default: false
+  max-per-linter: 1024
+  max-same: 1024
+
+  exclude-rules:
+    - text: "SA1029"
+      linters:
+        - staticcheck
+    - text: "G304"
+      linters:
+        - gosec
+    # Exclude some linters from running on test files
+    - path: _test\.go
+      linters:
+        # bodyclose reports some false-positives when using a test request recorder
+        - bodyclose
+        # It's overkill to use `NewRequestWithContext` in tests
+        - noctx
+        - goerr113
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,141 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+env:
+  - BUILD_INFO_PACKAGE_PATH=github.com/qonto/upgrade-manager/internal/build
+  - DOCKER_REGISTRY=public.ecr.aws/qonto
+  - DOCKER_IMAGE_NAME=upgrade-manager
+
+builds:
+  - env:
+      - CGO_ENABLED=0
+    ldflags:
+        - '-s'
+        - '-w'
+        - '-X "{{ .Env.BUILD_INFO_PACKAGE_PATH }}.Version={{.Version}}"'
+        - '-X "{{ .Env.BUILD_INFO_PACKAGE_PATH }}.Commit={{.Commit}}"'
+        - '-X "{{ .Env.BUILD_INFO_PACKAGE_PATH }}.Date={{.Date}}"'
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+    - goos: windows
+      format: zip
+
+checksum:
+  name_template: 'checksums.txt'
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+
+changelog:
+  sort: asc
+  use: github
+  filters:
+    exclude:
+      - "^test:"
+      - "^chore"
+      - "merge conflict"
+      - Merge pull request
+      - Merge remote-tracking branch
+      - Merge branch
+      - go mod tidy
+  groups:
+    - title: Dependency updates
+      regexp: '^.*?(feat|fix)\(deps\)!?:.+$'
+      order: 300
+    - title: "New Features"
+      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
+      order: 100
+    - title: "Security updates"
+      regexp: '^.*?sec(\([[:word:]]+\))??!?:.+$'
+      order: 150
+    - title: "Bug fixes"
+      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+      order: 200
+    - title: "Documentation updates"
+      regexp: ^.*?doc(\([[:word:]]+\))??!?:.+$
+      order: 400
+    - title: "Build process updates"
+      regexp: ^.*?build(\([[:word:]]+\))??!?:.+$
+      order: 400
+    - title: Other work
+      order: 9999
+
+dockers:
+- image_templates:
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}-amd64"
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}-amd64"
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}.{{ .Minor }}-amd64"
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest-amd64"
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - --label=org.opencontainers.image.title={{ .ProjectName }}
+  - --label=org.opencontainers.image.description={{ .ProjectName }}
+  - --label=org.opencontainers.image.url=https://github.com/qonto/upgrade-manager
+  - --label=org.opencontainers.image.source=https://github.com/qonto/upgrade-manager
+  - --label=org.opencontainers.image.version={{ .Version }}
+  - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}
+  - --label=org.opencontainers.image.revision={{ .FullCommit }}
+  - --label=org.opencontainers.image.licenses=MIT
+  - "--pull"
+  - "--platform=linux/amd64"
+  use: buildx
+- image_templates:
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}-arm64"
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}-arm64"
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}.{{ .Minor }}-arm64"
+    - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest-arm64"
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - --label=org.opencontainers.image.title={{ .ProjectName }}
+  - --label=org.opencontainers.image.description={{ .ProjectName }}
+  - --label=org.opencontainers.image.url=https://github.com/qonto/upgrade-manager
+  - --label=org.opencontainers.image.source=https://github.com/qonto/upgrade-manager
+  - --label=org.opencontainers.image.version={{ .Version }}
+  - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}
+  - --label=org.opencontainers.image.revision={{ .FullCommit }}
+  - --label=org.opencontainers.image.licenses=MIT
+  - "--pull"
+  - "--platform=linux/arm64"
+  use: buildx
+  goarch: arm64
+
+docker_manifests:
+- name_template: '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}'
+  image_templates:
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}-amd64'
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}-arm64'
+- name_template: '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}'
+  image_templates:
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}-amd64'
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}-arm64'
+- name_template: '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}.{{ .Minor }}'
+  image_templates:
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}.{{ .Minor }}-amd64'
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}.{{ .Minor }}-arm64'
+- name_template: '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest'
+  image_templates:
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest-amd64'
+  - '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest-arm64'
+
+release:
+  github:
+    owner: qonto
+    name: upgrade-manager
+  name_template: "v{{.Version}}"
+  footer: |
+    **Full Changelog**: https://github.com/qonto/upgrade-manager/compare/{{ .PreviousTag }}...{{ .Tag }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,21 @@
+FROM alpine:3.19
+
+ARG HOME=/app
+
+RUN apk add --update --no-cache ca-certificates
+
+RUN addgroup -g 1616 -S upgrademanager \
+    && adduser --home ${HOME} -u 1616 -S upgrademanager -G upgrademanager \
+    && mkdir -p /app \
+    && chown upgrademanager: -R /app
+
+USER 1616
+
+WORKDIR ${HOME}
+
+COPY upgrade-manager /app/
+
+EXPOSE 10000
+
+ENTRYPOINT ["/app/upgrade-manager"]
+CMD ["start"]
diff --git a/Makefile b/Makefile
@@ -0,0 +1,10 @@
+test:
+	go test -v -cover -race ./...
+
+start:
+	go run main.go start --debug
+
+lint:
+	golangci-lint run
+
+.PHONY: test start lint
diff --git a/README.md b/README.md
@@ -0,0 +1,7 @@
+# Description
+
+An autodiscovery tool to help you know what and when to update.
+Features:
+    + automatically discover current software version
+    + automatically discover newer versions for the softwares
+    + calculate the obsolescence score SLI