feat: Initial version of github-secrets-synchronizer

* release: v0.0.1 * fix: Rewrite structure. Add support for YAML file * chore: Overhaul some more. Implement Azure and AWS. Change license * chore: Big license update Co-authored-by: Maikel <[email protected]> * chore: Implement comments. Centralize formatting of secret name * chore: Put .env.example in a separate file * chore: Add a CI workflow. Implement golangci updates. Do Docker through goreleaser * chore: Improve goreleaser Docker config * fix: Simplify Dockerfile * chore: Add some tests. Change publishing flow * fix: Testing * chore: Add dryrunning * chore: Small updates * chore: Fix workflow
Devleaps · Jan 15, 2025 · 2deb7e1 · 2deb7e1
1 parent 35799a3
commit 2deb7e1
Show file tree

Hide file tree

Showing 24 changed files with 2,194 additions and 21 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+.github
+.gitignore
+README.md
diff --git a/.env.example b/.env.example
@@ -0,0 +1,21 @@
+GITHUB_APP_ID=a-github-app-id
+GITHUB_INSTALLATION_ID=a-github-installation-id
+GITHUB_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
+a-multi-line-private-key
+-----END RSA PRIVATE KEY-----"
+GITHUB_ORG_NAME=an-org-name
+
+// TODO: Replace with managed identity to improve security
+AZURE_KEYVAULT_URL="https://some-vault.vault.azure.net"
+AZURE_CLIENT_ID="an-azure-client-id"
+AZURE_TENANT_ID="an-azure-tenant-id"
+AZURE_CLIENT_SECRET="an-azure-client-secret"
+
+AWS_ACCESS_KEY_ID="an-aws-access-key-id"
+AWS_SECRET_ACCESS_KEY="an-aws-secret-access-key"
+AWS_REGION="an-aws-region"
+
+DEFAULT_VISIBILITY="all-or-private-or-selected"
+DEFAULT_TYPE="secret-or-variable"
+
+LOCAL=true
diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
@@ -0,0 +1,75 @@
+---
+name: CI Build
+
+on:
+  pull_request_target:
+    branches:
+      - main
+
+env:
+  GOLANG_VERSION: '1.23.4'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  check-go:
+    name: Ensure Go modules synchronicity
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+
+      - name: Setup Golang
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+
+      - name: Download all Go modules
+        run: |
+          go mod download
+
+      - name: Check for tidiness of go.mod and go.sum
+        run: |
+          go mod tidy
+          git diff --exit-code -- .
+
+  lint-go:
+    name: Lint Go code
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Golang
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
+        with:
+          # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
+          version: v1.63.4
+          args: --verbose
+
+  test-go:
+    name: Test Go code
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Golang
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+
+      - name: Run tests
+        run: go test -v ./...
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -0,0 +1,43 @@
+---
+name: Publish
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    runs-on: ubuntu-24.04
+    env:
+      REGISTRY: ghcr.io
+      IMAGE_NAME: ${{ github.repository }}:${{ github.ref_name }}
+    steps:
+      - name: Checkout ${{ github.repository }}
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a #v3.3.0
+
+      - name: Set up Go
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version: '1.23.1'
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}