Skip to content

Commit

Permalink
bug: fix rust injector
Browse files Browse the repository at this point in the history
Signed-off-by: schristoff <28318173+schristoff@users.noreply.github.com>
  • Loading branch information
schristoff committed May 15, 2024
1 parent 057df41 commit c0b58b2
Show file tree
Hide file tree
Showing 154 changed files with 3,972 additions and 2,888 deletions.
4 changes: 2 additions & 2 deletions .github/CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ We use [pre-commit](https://pre-commit.com/) to manage our pre-commit hooks. Thi
# install hooks
pre-commit install

# install goimports
go install golang.org/x/tools/cmd/goimports@latest
# install golang-ci-lint
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
```

Now every time you commit, the hooks will run and format your code, linting can be called via `make lint-go`.
Expand Down
21 changes: 21 additions & 0 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Reporting Security Issues

To report a security issue or vulnerability in Zarf, please use the confidential GitHub Security Advisory ["Report a Vulnerability"](https://github.com/defenseunicorns/zarf/security/advisories) tab. The Zarf team will send a response indicating the next steps in handling your report. After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

### When Should I Report a Vulnerability?

* You found a vulnerability in the Zarf code.
* You found a vulnerability in one of the Zarf dependencies that affects the project that has not been patched yet.

### When Should I NOT Report a Vulnerability?

* You found a bug or malfunction in the Zarf code (not security related).
* You want to add a feature to Zarf.

## Supported Versions

As Zarf has not yet reached v1.0.0, only the current latest minor release is supported.

## Contacting Us

To discuss security related issues, please email the maintainers at zarf-dev-private@googlegroups.com.
6 changes: 5 additions & 1 deletion .github/actions/install-tools/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,11 @@ runs:

- uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8

- run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin --tag v0.64.2"
- name: install grype
env:
# renovate: datasource=github-tags depName=anchore/grype versioning=semver
VERSION: v0.74.6
run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin $VERSION"
shell: bash

- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
4 changes: 2 additions & 2 deletions .github/actions/k3d/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ runs:
- run: "curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash"
shell: bash

- run: k3d cluster delete && k3d cluster create --k3s-arg="--disable=traefik@server:0" --image="rancher/k3s:v1.28.4-k3s2"
shell: bash
- run: k3d cluster delete && k3d cluster create --k3s-arg="--disable=traefik@server:0"
shell: bash
2 changes: 1 addition & 1 deletion .github/codeql.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ paths-ignore:
- src/pkg/packager/network.go
- src/pkg/utils/network.go
- src/pkg/utils/credentials.go
- docs-website/**
- site/**
- build/**

query-filters:
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/build-rust-injector.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@ jobs:

- name: "Build Rust Binary for x86_64 and arm64"
run: |
cd src/injector
make build-injector-linux
cd src/injector/target
cd target
mkdir -p ../dist
cp x86_64-unknown-linux-musl/release/zarf-injector ../dist/zarf-injector-amd64
cp aarch64-unknown-linux-musl/release/zarf-injector ../dist/zarf-injector-arm64
Expand Down
33 changes: 33 additions & 0 deletions .github/workflows/compare-cves.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Compare CVEs to main

permissions:
contents: read

on:
pull_request:
paths:
- "go.mod"
- "go.sum"
- "cargo.toml"
- "cargo.lock"

jobs:
validate:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.head_ref || github.ref_name }}

- name: fetch main
run: git fetch origin main --depth 1

- name: Setup golang
uses: ./.github/actions/golang

- name: Install tools
uses: ./.github/actions/install-tools

- name: Check for CVEs in Dependencies
run: "hack/check-vulnerabilities.sh"
2 changes: 0 additions & 2 deletions .github/workflows/scan-codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
env:
CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yaml
Expand Down
6 changes: 0 additions & 6 deletions .github/workflows/scan-cves.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,6 @@ permissions:
on:
schedule:
- cron: "0 10 * * *"
pull_request:
paths:
- "go.mod"
- "go.sum"
- "cargo.toml"
- "cargo.lock"

jobs:
validate:
Expand Down
11 changes: 2 additions & 9 deletions .github/workflows/scan-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,5 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Run Revive Action by pulling pre-built image
uses: docker://morphy/revive-action:v2.5.7@sha256:087d4e61077087755711ab7e9fae3cc899b7bb07ff8f6a30c3dfb240b1620ae8
with:
config: revive.toml
# Exclude patterns, separated by semicolons (optional)
exclude: "src/cmd/viper.go"
# Path pattern (default: ./...)
path: "./src/..."
- name: Run golangci-lint
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
62 changes: 62 additions & 0 deletions .golangci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
run:
timeout: 5m
linters:
disable-all: true
enable:
- gosimple
- govet
- staticcheck
- unused
- revive
- goheader
- goimports
- nolintlint
linters-settings:
govet:
enable-all: true
disable:
- shadow
- fieldalignment
- unusedwrite
nolintlint:
require-specific: true
goheader:
template: |-
SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2021-Present The Zarf Authors
revive:
rules:
- name: blank-imports
- name: context-as-argument
- name: context-keys-type
- name: dot-imports
- name: error-return
- name: error-strings
- name: error-naming
- name: exported
- name: if-return
- name: increment-decrement
- name: var-naming
- name: var-declaration
- name: package-comments
- name: range
- name: receiver-naming
- name: time-naming
- name: unexported-return
- name: indent-error-flow
- name: errorf
- name: empty-block
- name: superfluous-else
- name: unused-parameter
- name: unreachable-code
- name: redefines-builtin-id
issues:
# Revive rules that are disabled by default.
include:
- EXC0012
- EXC0013
- EXC0014
- EXC0015
# Exclude linting code copied from Helm.
exclude-dirs:
- "src/cmd/tools/helm"
14 changes: 0 additions & 14 deletions .grype.yaml
Original file line number Diff line number Diff line change
@@ -1,20 +1,6 @@
# Ignore file for false positives from protobuf, see the following for more information:
# https://github.com/anchore/grype/issues/558
ignore:
# This vulnerability does not affect Zarf as we do not instantiate a rekor client
- vulnerability: GHSA-2h5h-59f5-c5x9

# This vulnerability does not affect Zarf as we do not instantiate a rekor client
- vulnerability: GHSA-frqx-jfcm-6jjr

# From rouille - The Zarf injector does not expose endpoints that use multipart form data
- vulnerability: GHSA-mc8h-8q98-g5hr

# From semver - This comes through nodemon which is only used for development
- vulnerability: GHSA-c2qf-rxjj-qqgw

# From k8s.io/apiserver - This is a false positive due to the difference in versioning between the library / binary k8s versioning
- vulnerability: GHSA-82hx-w2r5-c2wq

# From helm - This behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).
- vulnerability: GHSA-jw44-4f3j-q396
18 changes: 12 additions & 6 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,13 @@ repos:
args:
- "--allow-missing-credentials"
- id: detect-private-key
exclude: "src/test/e2e/30_config_file_test.go"
- id: end-of-file-fixer
exclude: site/src/content/docs/commands/.*
- id: fix-byte-order-marker
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]
exclude: site/src/content/docs/commands/.*
- repo: https://github.com/sirosen/texthooks
rev: 0.6.4
hooks:
Expand All @@ -27,13 +30,16 @@ repos:
language: script
- id: goimports
name: goimports
entry: goimports
files: .go$
args:
- -l
- -w
language: system
entry: golangci-lint run --enable-only goimports --fix
types: [go]
language: golang
pass_filenames: true
- id: lint
name: golangci-lint go lint
entry: golangci-lint run
types: [go]
language: golang
pass_filenames: false
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.14.0
hooks:
Expand Down
32 changes: 1 addition & 31 deletions CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,35 +1,5 @@
* @defenseunicorns/zarf
* @defenseunicorns/zarf @dgershman

# Docs & examples
/adr/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/docs/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/examples/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
*.md @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321

# Core code
/src/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/go.* @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
main.go @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321

# Init package
/packages/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/zarf.yaml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321

# Docs Website
/docs-website/ @Racer159 @Noxsios @jeff-mccoy @lucasrod16 @AustinAbro321

# Privileged pipeline files
/.github/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/hack/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/.gitignore @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/.golangci.yml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/.goreleaser.yml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/.grype.yaml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/Dockerfile @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/renovate.json @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
/Makefile @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321

# Additional privileged files
/CODEOWNERS @jeff-mccoy @austenbryan
/cosign.pub @jeff-mccoy @austenbryan
/LICENSE @jeff-mccoy @austenbryan

0 comments on commit c0b58b2

Please sign in to comment.