Implemented docker for gitcache (#231)

* Implemented caching the git folder instead of just a branch. Implemented logging. Refactored code. * Feat - Implemented docker for gitcache
ossf · Mar 4, 2021 · 3e97965 · 3e97965
1 parent b4c2e4f
commit 3e97965
Show file tree

Hide file tree

Showing 11 changed files with 593 additions and 69 deletions.
diff --git a/.github/workflows/gitcache-docker.yaml b/.github/workflows/gitcache-docker.yaml
@@ -0,0 +1,52 @@
+name: Docker
+on:
+  push:
+    branches:
+      - main
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+  # Run tests for any PRs.
+  pull_request:
+env:
+  IMAGE_NAME: gitcache
+
+jobs:
+  # Push image to GitHub Packages.
+  push:
+
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build image
+        run: docker build . --file ./gitcache/Dockerfile --tag $IMAGE_NAME
+
+      - name: Log into registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
+
+      - name: Push image
+        run: |
+          IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME
+
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+
+          # Strip "v" prefix from tag name
+          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "main" ] && VERSION=latest
+
+          echo IMAGE_ID=$IMAGE_ID
+          echo VERSION=$VERSION
+
+          docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+          docker push $IMAGE_ID:$VERSION
+
+
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,7 @@
-# Scorecard binary.
+# binary.
 scorecard
+gitblobcache
+
 
 # Binaries for programs and plugins.
 *.exe

diff --git a/gitcache/.golangci.yml b/gitcache/.golangci.yml
@@ -0,0 +1,142 @@
+---
+run:
+  concurrency: 6
+  deadline: 5m
+linters:
+  disable-all: true
+  enable:
+    - asciicheck
+    - bodyclose
+    - deadcode
+    - depguard
+    - dogsled
+    - dupl
+    - errcheck
+    - exhaustive
+    - exportloopref
+    - gochecknoinits
+    - gocognit
+    - goconst
+    - gocritic
+    - gocyclo
+    - godot
+    - godox
+    - goerr113
+    - gofmt
+    - gofumpt
+    - goheader
+    - goimports
+    - golint
+    - gomnd
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - nestif
+    - noctx
+    - nolintlint
+    - paralleltest
+    - prealloc
+    - predeclared
+    - rowserrcheck
+    - scopelint
+    - sqlclosecheck
+    - staticcheck
+    - structcheck
+    - stylecheck
+    - thelper
+    - tparallel
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+    - whitespace
+    - wrapcheck
+linters-settings:
+  errcheck:
+    check-type-assertions: true
+    check-blank: true
+  govet:
+    enable:
+      - fieldalignment
+  godox:
+    keywords:
+      - BUG
+      - FIXME
+      - HACK
+  gocritic:
+    enabled-checks:
+      # Diagnostic
+      - appendAssign
+      - argOrder
+      - badCond
+      - caseOrder
+      - codegenComment
+      - commentedOutCode
+      - deprecatedComment
+      - dupArg
+      - dupBranchBody
+      - dupCase
+      - dupSubExpr
+      - exitAfterDefer
+      - flagDeref
+      - flagName
+      - nilValReturn
+      - offBy1
+      - sloppyReassign
+      - weakCond
+      - octalLiteral
+
+      # Performance
+      - appendCombine
+      - equalFold
+      - hugeParam
+      - indexAlloc
+      - rangeExprCopy
+      - rangeValCopy
+
+      # Style
+      - assignOp
+      - boolExprSimplify
+      - captLocal
+      - commentFormatting
+      - commentedOutImport
+      - defaultCaseOrder
+      - docStub
+      - elseif
+      - emptyFallthrough
+      - emptyStringTest
+      - hexLiteral
+      - ifElseChain
+      - methodExprCall
+      - regexpMust
+      - singleCaseSwitch
+      - sloppyLen
+      - stringXbytes
+      - switchTrue
+      - typeAssertChain
+      - typeSwitchVar
+      - underef
+      - unlabelStmt
+      - unlambda
+      - unslice
+      - valSwap
+      - wrapperFunc
+      - yodaStyleExpr
+
+      # Opinionated
+      - builtinShadow
+      - importShadow
+      - initClause
+      - nestingReduce
+      - paramTypeCombine
+      - ptrToRefParam
+      - typeUnparen
+      - unnamedResult
+      - unnecessaryBlock
diff --git a/gitcache/Dockerfile b/gitcache/Dockerfile
@@ -0,0 +1,31 @@
+# Copyright 2020 Security Scorecard Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# syntax = docker/dockerfile:1-experimental
+
+FROM  golang:1.16 as base
+WORKDIR /src
+ENV CGO_ENABLED=0
+COPY go.* ./
+RUN go mod download
+COPY . ./
+
+FROM base AS build
+ARG TARGETOS
+ARG TARGETARCH
+RUN --mount=type=cache,target=/root/.cache/go-build  CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags "-static"' -o /out/gitblobcache .
+
+FROM gcr.io/distroless/base:nonroot
+COPY --from=build /out/gitblobcache /
+ENTRYPOINT [ "/scorecard" ]
diff --git a/gitcache/Makefile b/gitcache/Makefile
@@ -0,0 +1,32 @@
+SHELL := /bin/bash
+IMAGE_NAME = gitcache
+.PHONY: help
+help:  ## Display this help
+	@awk \
+		-v "col=${COLOR}" -v "nocol=${NOCOLOR}" \
+		' \
+			BEGIN { \
+				FS = ":.*##" ; \
+				printf "Available targets:\n"; \
+			} \
+			/^[a-zA-Z0-9_-]+:.*?##/ { \
+				printf "  %s%-25s%s %s\n", col, $$1, nocol, $$2 \
+			} \
+			/^##@/ { \
+				printf "\n%s%s%s\n", col, substr($$0, 5), nocol \
+			} \
+		' $(MAKEFILE_LIST)
+
+all:  ## Runs build
+.PHONY: all
+all: build 
+
+.PHONY: build
+build: ## Runs go build and generates executable
+	CGO_ENABLED=0 go build -a -ldflags '-w -extldflags "-static"' -o gitblobcache
+
+.phony: dockerbuild
+dockerbuild: ## runs docker build
+	$(call ndef, github_auth_token)
+	docker build .  --tag $(IMAGE_NAME)
+
diff --git a/gitcache/blob.go b/gitcache/blob.go
@@ -33,14 +33,14 @@ func (c *Cache) Set(key string, resp []byte) error {
 	return c.Bucket.WriteAll(context.Background(), key, resp, nil)
 }
 
-// Delete removes key from the cache.The error is not returned to maintain compatability
+// Delete removes key from the cache.The error is not returned to maintain compatibility
 // with the httpcache Cache interface.
 func (c *Cache) Delete(key string) error {
 	return c.Bucket.Delete(context.Background(), key)
 }
 
-// New opens the bucket for caching.
-func New(bucketKey string) (*Cache, error) {
+// NewBucket opens the bucket for caching.
+func NewBucket(bucketKey string) (*Cache, error) {
 	b, err := blob.OpenBucket(context.Background(), bucketKey)
 	if err != nil {
 		return nil, errors.Wrap(err, fmt.Sprintf("error in opening the bucket %s", bucketKey))

diff --git a/gitcache/go.mod b/gitcache/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/mholt/archiver v3.1.1+incompatible
 	github.com/pierrec/lz4 v2.6.0+incompatible // indirect
 	github.com/pkg/errors v0.9.1
+	go.uber.org/zap v1.16.0
 	gocloud.dev v0.22.0
 )