Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add common workflows and files #69

Merged
merged 6 commits into from
Jul 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
root = true

[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
indent_size = 4
indent_style = tab

[*.{md,yml,yaml}]
indent_size = 2
indent_style = space
16 changes: 8 additions & 8 deletions .github/labeler.yml
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
change:
- head-branch: ['^change/']
- head-branch: ["^change/"]

enhancement:
- head-branch: ['^feature/', '^feat/', '^enhancement/', '^enh/']
- head-branch: ["^feature/", "^feat/", "^enhancement/", "^enh/"]

bug:
- head-branch: ['^fix/', '^bug/']
- head-branch: ["^fix/", "^bug/"]

chore:
- head-branch: ['^chore/']
- head-branch: ["^chore/"]

documentation:
- head-branch: ['^docs/', '^doc/']
- head-branch: ["^docs/", "^doc/"]
- changed-files:
- any-glob-to-any-file: '**/*.md'
- any-glob-to-any-file: "**/*.md"

dependencies:
- head-branch: ['^deps/', '^dep/', '^dependabot/']
- head-branch: ["^deps/", "^dep/", "^dependabot/"]
- changed-files:
- any-glob-to-any-file: ['go.mod', 'go.sum']
- any-glob-to-any-file: ["go.mod", "go.sum"]
23 changes: 23 additions & 0 deletions .github/workflows/dependabot-auto-merge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Dependabot auto-merge
on: pull_request_target

permissions:
contents: read

jobs:
dependabot:
runs-on: ubuntu-22.04
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
permissions:
pull-requests: write
contents: write
steps:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 # v2.1.0

- name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{ secrets.NGINX_PAT }}
27 changes: 27 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Dependency Review
on:
pull_request:
branches:
- main

concurrency:
group: ${{ github.ref_name }}-deps-review
cancel-in-progress: true

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-22.04
permissions:
contents: read # for actions/checkout
pull-requests: write # for actions/dependency-review-action to post comments
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Dependency Review
uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
with:
config-file: "nginxinc/k8s-common/dependency-review-config.yml@main"
30 changes: 30 additions & 0 deletions .github/workflows/fossa.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Fossa

on:
push:
branches:
- main
paths-ignore:
- "**.md"
- "LICENSE"

concurrency:
group: ${{ github.ref_name }}-fossa
cancel-in-progress: true

permissions:
contents: read

jobs:
scan:
name: Fossa
runs-on: ubuntu-22.04
if: ${{ github.event.repository.fork == false }}
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Scan
uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # v1.3.3
with:
api-key: ${{ secrets.FOSSA_TOKEN }}
54 changes: 54 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Lint

on:
pull_request:
branches:
- main

defaults:
run:
shell: bash

concurrency:
group: ${{ github.ref_name }}-lint
cancel-in-progress: true

permissions:
contents: read

jobs:
actionlint:
name: Actionlint
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Lint Actions
uses: reviewdog/action-actionlint@afad3b6ab835e5611bda8c8193377e2d5c21413d # v1.51.0
with:
actionlint_flags: -shellcheck ""

markdown-lint:
name: Markdown Lint
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Lint Markdown
uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0
with:
config: .markdownlint-cli2.yaml
globs: "**/*.md"
fix: false

yaml-lint:
name: YAML lint
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Lint YAML
uses: reviewdog/action-yamllint@508148c0d959b166798f9792d1b29dddcac37348 # v1.16.0
61 changes: 61 additions & 0 deletions .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: OpenSSF Scorecards
on:
branch_protection_rule: # yamllint disable-line rule:empty-values
schedule:
- cron: "18 4 * * 0" # Run every Sunday at 4:18 UTC
push:
branches:
- main

# Declare default permissions as read only.
permissions: read-all

jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-22.04
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read

steps:
- name: "Checkout code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
with:
results_file: results.sarif
results_format: sarif
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}

# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true

# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
with:
sarif_file: results.sarif
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# NGINX Plus license files
*.crt
*.key

# Visual Studio Code settings
.vscode
18 changes: 18 additions & 0 deletions .markdownlint-cli2.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Rule configuration.
# For rule descriptions and how to fix: https://github.com/DavidAnson/markdownlint/tree/main#rules--aliases
config:
ul-style:
style: dash
no-duplicate-heading:
siblings_only: true
line-length:
line_length: 120
code_blocks: false
tables: false

# Define glob expressions to ignore
ignores:
- ".github/"

# Fix any fixable errors
fix: true
41 changes: 41 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
args: [--allow-multiple-documents]
- id: check-ast
- id: check-added-large-files
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-executables-have-shebangs
- id: check-symlinks
- id: check-case-conflict
- id: check-vcs-permalinks
- id: check-json
- id: pretty-format-json
args: [--autofix, --no-ensure-ascii]
- id: mixed-line-ending
args: [--fix=lf]
- id: no-commit-to-branch
- id: requirements-txt-fixer
- id: fix-byte-order-marker

- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.4
hooks:
- id: gitleaks

- repo: https://github.com/DavidAnson/markdownlint-cli2
rev: v0.13.0
hooks:
- id: markdownlint-cli2

- repo: https://github.com/adrienverge/yamllint.git
rev: v1.35.1
hooks:
- id: yamllint
21 changes: 21 additions & 0 deletions .yamllint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
yaml-files:
- "*.yaml"
- "*.yml"

ignore-from-file: .gitignore

extends: default

rules:
comments:
min-spaces-from-content: 1
comments-indentation: enable
document-start: disable
empty-values: enable
line-length:
max: 120
ignore: |
.github/
truthy:
check-keys: false
22 changes: 11 additions & 11 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,21 +16,21 @@ appearance, race, religion, or sexual identity and orientation.
Examples of behavior that contributes to creating a positive environment
include:

* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members

Examples of unacceptable behavior by participants include:

* The use of sexualized language or imagery and unwelcome sexual attention or
- The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
- Other conduct which could reasonably be considered inappropriate in a
professional setting

## Our Responsibilities
Expand Down Expand Up @@ -70,6 +70,6 @@ members of the project's leadership.
## Attribution

This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
available at <https://www.contributor-covenant.org/version/1/4/code-of-conduct.html>

[homepage]: https://www.contributor-covenant.org
9 changes: 8 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
<!-- markdownlint-disable-next-line first-line-h1 -->
[![OpenSSFScorecard](https://api.securityscorecards.dev/projects/github.com/nginxinc/alpine-fips/badge)](https://api.securityscorecards.dev/projects/github.com/nginxinc/alpine-fips)
[![CI](https://github.com/nginxinc/alpine-fips/actions/workflows/ci.yml/badge.svg)](https://github.com/nginxinc/alpine-fips/actions/workflows/ci.yml)
[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Falpine-fips.svg?type=shield)](https://app.fossa.com/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Falpine-fips?ref=badge_shield)
[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)

# Alpine Linux with FIPS OpenSSL module

## Dockerfile

The Dockerfile is based on the official Alpine Linux image and adds the FIPS OpenSSL module. The FIPS module is built from source and the build process is based on the [OpenSSL FIPS support guide](https://github.com/openssl/openssl/blob/master/README-FIPS.md).
The Dockerfile is based on the official Alpine Linux image and adds the FIPS OpenSSL module.
The FIPS module is built from source and the build process is based on the [OpenSSL FIPS support guide](https://github.com/openssl/openssl/blob/master/README-FIPS.md).

## Build

Expand Down
Loading