intelops · anila-intelops · Oct 27, 2023 · Oct 27, 2023 · Oct 27, 2023 · Oct 27, 2023
diff --git a/.ci.yml b/.ci.yml
@@ -0,0 +1,30 @@
+run:
+  timeout: 10m
+  concurrency: 4
+
+concurrency: 4
+
+linters:
+  disable-all: true
+  enable:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    - misspell
+    - dupl
+    - stylecheck
+
+linters-settings:
+  gofmt:
+    simplify: true
+  dupl:
+    threshold: 400
+
+issues:
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -0,0 +1,25 @@
+# Add 'Documentation' label to any changes within 'docs' folder or any subfolders
+Documentation:
+  - changed-files:
+      - any-glob-to-any-file: 
+          - 'docs/**'
+
+# Add 'Documentation' label to any file changes within 'docs' folder
+Documentation_docs:
+  - changed-files:
+      - any-glob-to-any-file: 
+          - 'docs/*'
+
+# Add 'Documentation' label to any change to .md files within the entire repository 
+Documentation_md:
+  - changed-files:
+      - any-glob-to-any-file: 
+          - '**/*.md'
+
+# Add 'feature' label to any PR where the head branch name starts with `feature` or has a `feature` section in the name
+feature:
+  - head-branch: ['^feature', 'feature']
+
+# Add 'release' label to any PR that is opened against the `main` branch
+release:
+  - base-branch: 'main'
diff --git a/.github/workflows/agent-container-pr.yml b/.github/workflows/agent-container-pr.yml
@@ -2,6 +2,9 @@ name: Container Agent Docker Image CI
 
 on:
   pull_request:
+    paths-ignore:
+      - '**.md'
+      - 'charts/**'
     branches:
       - 'main'
 
@@ -17,11 +20,11 @@ jobs:
         uses: actions/checkout@v3
         with:
             fetch-depth: 0
-          
+
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-        
+
       - uses: docker/setup-buildx-action@v1
         name: Set up Docker Buildx
 
@@ -32,8 +35,8 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-    
-            
+
+
       -
         name: Build and push on PR
         uses: docker/build-push-action@v4
@@ -45,4 +48,4 @@ jobs:
           tags: ${{ env.REGISTRY }}/${{ github.repository }}/container-agent:pr-${{ github.event.pull_request.number }}
           build-args: |
             "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}"
- 
+
diff --git a/.github/workflows/agent-container.yml b/.github/workflows/agent-container.yml
@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: Checkout GitHub Action
         uses: actions/checkout@v3
-        
+
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
@@ -56,7 +56,7 @@ jobs:
           file:  ./dockerfiles/agent/container/Dockerfile
           tags: ${{ env.REGISTRY }}/${{ github.repository }}/container-agent:${{ github.run_id }}
           labels: ${{ steps.metadata.outputs.labels }}
-        
+
           push: true
 
       - name: Install cosign
@@ -67,12 +67,12 @@ jobs:
           cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/container-agent:${{ github.run_id }}
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Verify the pushed tags
         run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/container-agent:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/agent-container.yml@refs/heads/main  --certificate-oidc-issuer https://token.actions.githubusercontent.com
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@master
         with:

diff --git a/.github/workflows/agent-git-pr.yml b/.github/workflows/agent-git-pr.yml
@@ -2,6 +2,9 @@ name: Git Agent Docker Image CI
 
 on:
   pull_request:
+    paths-ignore:
+      - '**.md'
+      - 'charts/**'
     branches:
       - 'main'
 
@@ -17,11 +20,11 @@ jobs:
         uses: actions/checkout@v3
         with:
             fetch-depth: 0
-          
+
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-        
+
       - uses: docker/setup-buildx-action@v1
         name: Set up Docker Buildx
 
@@ -32,7 +35,7 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-    
+
       -
         name: Build and push on PR
         uses: docker/build-push-action@v4
@@ -44,4 +47,4 @@ jobs:
           tags: ${{ env.REGISTRY }}/${{ github.repository }}/git-agent:pr-${{ github.event.pull_request.number }}
           build-args: |
             "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}"
- 
+
diff --git a/.github/workflows/agent-git.yml b/.github/workflows/agent-git.yml
@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: Checkout GitHub Action
         uses: actions/checkout@v3
-        
+
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
@@ -56,7 +56,7 @@ jobs:
           file:  ./dockerfiles/agent/git/Dockerfile
           tags: ${{ env.REGISTRY }}/${{ github.repository }}/git-agent:${{ github.run_id }}
           labels: ${{ steps.metadata.outputs.labels }}
-        
+
           push: true
 
       - name: Install cosign
@@ -67,12 +67,12 @@ jobs:
           cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/git-agent:${{ github.run_id }}
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Verify the pushed tags
         run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/git-agent:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/agent-git.yml@refs/heads/main  --certificate-oidc-issuer https://token.actions.githubusercontent.com
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@master
         with:

diff --git a/.github/workflows/agent-kubviz-image.yml b/.github/workflows/agent-kubviz-image.yml
@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: Checkout GitHub Action
         uses: actions/checkout@v3
-        
+
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
@@ -56,7 +56,7 @@ jobs:
           file: ./dockerfiles/agent/kubviz/Dockerfile
           tags: ${{ env.REGISTRY }}/${{ github.repository }}/kubviz-agent:${{ github.run_id }}
           labels: ${{ steps.metadata.outputs.labels }}
-        
+
           push: true
 
       - name: Install cosign
@@ -67,12 +67,12 @@ jobs:
           cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/kubviz-agent:${{ github.run_id }}
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Verify the pushed tags
         run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/kubviz-agent:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/agent-kubviz-image.yml@refs/heads/main  --certificate-oidc-issuer https://token.actions.githubusercontent.com
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@master
         with:

diff --git a/.github/workflows/agent-kubviz-pr.yml b/.github/workflows/agent-kubviz-pr.yml
@@ -2,6 +2,9 @@ name: Agent Docker Image CI
 
 on:
   pull_request:
+    paths-ignore:
+      - '**.md'
+      - 'charts/**'
     branches:
       - 'main'
 
@@ -17,11 +20,11 @@ jobs:
         uses: actions/checkout@v3
         with:
             fetch-depth: 0
-          
+
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-        
+
       - uses: docker/setup-buildx-action@v1
         name: Set up Docker Buildx
 
@@ -32,7 +35,7 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-    
+
       -
         name: Build and push on PR
         uses: docker/build-push-action@v4
@@ -44,4 +47,4 @@ jobs:
           tags: ${{ env.REGISTRY }}/${{ github.repository }}/kubviz-agent:pr-${{ github.event.pull_request.number }}
           build-args: |
             "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}"
- 
+
diff --git a/.github/workflows/apisec-scan.yml b/.github/workflows/apisec-scan.yml
@@ -3,8 +3,8 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-# APIsec addresses the critical need to secure APIs before they reach production. 
-# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. 
+# APIsec addresses the critical need to secure APIs before they reach production.
+# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
 # Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
 
 # How to Get Started with APIsec.ai

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,41 @@
+
+name: ci
+on:
+  push:
+    branches:
+      - "*"
+      - main
+  pull_request:
+
+permissions:
+  contents: write
+  security-events: write
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  pull-requests: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+          cache: false
+      - name: Run tests
+        run: go test ./... -coverprofile=coverage.out -coverpkg=./... -covermode=atomic
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.54
+          args: -v --config=.ci.yml
+          skip-pkg-cache: true
+          skip-build-cache: true
+
+      - name: Static check
+        uses: dominikh/[email protected]
+        with:
+          version: "2023.1.6"
+          install-go: false
+          cache-key: '1.21'
diff --git a/.github/workflows/client-image.yml b/.github/workflows/client-image.yml
@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: Checkout GitHub Action
         uses: actions/checkout@v3
-        
+
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
@@ -56,7 +56,7 @@ jobs:
           file: ./dockerfiles/client/Dockerfile
           tags: ${{ env.REGISTRY }}/${{ github.repository }}/client:${{ github.run_id }}
           labels: ${{ steps.metadata.outputs.labels }}
-        
+
           push: true
 
       - name: Install cosign
@@ -67,12 +67,12 @@ jobs:
           cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/client:${{ github.run_id }}
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Verify the pushed tags
         run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/client:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/client-image.yml@refs/heads/main  --certificate-oidc-issuer https://token.actions.githubusercontent.com
         env:
           COSIGN_EXPERIMENTAL: 1
-      
+
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@master
         with: