From 7a151fa5aa0bbc8f6a9c6eedb0ca012f0e19615c Mon Sep 17 00:00:00 2001
From: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Date: Sat, 10 Feb 2024 04:36:06 +0530
Subject: [PATCH] added github action workflows

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
---
 .github/workflows/build.yaml  | 102 ++++++++++++++++++++++++++++++++++
 .github/workflows/codeql.yaml |  63 +++++++++++++++++++++
 .goreleaser.yaml              |  26 ++++++++-
 Makefile                      |  13 +++++
 4 files changed, 201 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/build.yaml
 create mode 100644 .github/workflows/codeql.yaml
 create mode 100644 Makefile

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 0000000..dd7fd40
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,102 @@
+
+
+name: Build
+
+on:
+  push:
+    paths:
+      - '**'
+      - '!**.md'
+      - '!doc/**'
+      - '!**.txt'
+      - '!images/**'
+      - '!LICENSE'
+      - 'test/**'
+    branches:
+      - main
+
+permissions: read-all
+
+jobs:
+  build:
+    name: build
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      
+      - name: Log in to the ghcr registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: |
+            viveksahu26/url_shortner
+            ghcr.io/${{ github.repository }}
+
+      - name: Build and push Containers images
+        id: build-and-push
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+        #   context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+        #   labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+
+      # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+      - name: Sign image with a key
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+
+      - name: Sign the images with GitHub OIDC Token
+        env:
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.meta.tags }}
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes ${images}
+          
+
+
+    #   - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
+
+    #   - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+    #     with:
+    #       go-version: '1.21'
+    #       check-latest: true
+
+    #   - name: containers-cosign
+    #     run: make sign-ci-containers
+    #     env:
+    #       KO_PREFIX: gcr.io/projectsigstore/cosign/ci
+    #       COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 0000000..777ee04
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,63 @@
+name: CodeQL
+
+on:
+  push:
+    paths:
+     - '**'
+     - '!**.md'
+     - '!doc/**'
+     - '!**.txt'
+     - '!images/**'
+     - '!LICENSE'
+     - 'test/**'
+    branches: [ main ]
+
+env:
+  CODEQL_EXTRACTOR_GO_BUILD_TRACING: true
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+    - name: Utilize Go Module Cache
+      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      with:
+        path: |
+          ~/go/pkg/mod
+          ~/.cache/go-build
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+
+    - name: Set correct version of Golang to use during CodeQL run
+      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      with:
+        go-version: '1.21'
+        check-latest: true
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Build url_shortner for CodeQL
+      run: make url_shortner
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 752160b..9d1d32b 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -5,6 +5,16 @@ project_name: url_shortner
 
 version: 1
 
+gomod:
+  proxy: true
+
+env:
+  - GO111MODULE=on
+  - CGO_ENABLED=1
+  - DOCKER_CLI_EXPERIMENTAL=enabled
+  - COSIGN_YES=true
+  - LATEST_TAG=,latest
+
 before:
   hooks:
     # You may remove this if you don't use go modules.
@@ -16,16 +26,20 @@ sboms:
   - artifacts: binary
 
 builds:
-  - id: linux-amd64
+  - id: linux-amd64-{{ .Arch }}
     env:
       - CGO_ENABLED=0
     goos:
       - linux
     goarch:
       - amd64
+      - arm64
+      - arm
     binary: url_shortner-linux-{{ .Arch }}
-    main: ./main.go
+    main: ./cmd/url_shortner
+    mod_timestamp: '{{ .CommitTimestamp }}'
     no_unique_dist_dir: true
+    
 
   - id: windows-amd64
     goos:
@@ -45,9 +59,11 @@ builds:
 
 archives:
   - format: binary
-    # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: "{{ .Binary }}"
     allow_different_binary_count: true
+  - format: tar.gz
+    name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}"
+    allow_different_binary_count: true
 
 checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
@@ -74,3 +90,7 @@ nfpms:
       - apk
       - deb
       - rpm
+    contents:
+      - src: /usr/bin/url_shortner-linux-{{ .Arch }}
+        dst: /usr/bin/url_shortner
+        type: "symlink"
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..124d214
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,13 @@
+GIT_HASH ?= $(shell git rev-parse HEAD)
+PLATFORMS=darwin linux windows
+ARCHITECTURES=amd64
+
+url_shortner: 
+	CGO_ENABLED=0 go build  -o url_shortner ./cmd/url_shortner
+
+.PHONY: cross
+cross:
+	$(foreach GOOS, $(PLATFORMS),\
+		$(foreach GOARCH, $(ARCHITECTURES), $(shell export GOOS=$(GOOS); export GOARCH=$(GOARCH); \
+	$ go build -o url_shortner-$(GOOS)-$(GOARCH) ./cmd/url_shortner; \
+	shasum -a 256 url_shortner-$(GOOS)-$(GOARCH) > url_shortner-$(GOOS)-$(GOARCH).sha256 ))) \