DoodleScheduling · rackep · Nov 13, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024
diff --git a/.github/ISSUE_TEMPLATE/VULN-TEMPLATE.md b/.github/ISSUE_TEMPLATE/VULN-TEMPLATE.md
@@ -0,0 +1,7 @@
+---
+title: Vulnerabilities detected
+labels: security
+---
+High or critical vulnerabilities detected. Scan results are below:
+
+{{ env.RESULTS }}
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,24 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+#### Describe the bug
+A clear and concise description of what the bug is.
+
+#### To Reproduce
+Steps to reproduce the behavior:
+
+#### Expected behavior
+A clear and concise description of what you expected to happen.
+
+#### Environment
+ - controller version: [e.g. v0.1.0]
+ - kubernetes version: [e.g. v1.23.0]
+
+#### Additional context
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/change_request.md b/.github/ISSUE_TEMPLATE/change_request.md
@@ -0,0 +1,20 @@
+---
+name: Change request
+about: Propose a change for an already implemented solution
+title: ''
+labels: change
+assignees: ''
+
+---
+
+#### Describe the change
+A clear and concise description of what the change is about.
+
+#### Current situation
+Describe the current situation.
+
+#### Should
+Describe the changes you would like to propose.
+
+#### Additional context
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: feature
+assignees: ''
+
+---
+
+#### Is your feature request related to a problem? Please describe
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+#### Describe the solution you'd like
+A clear and concise description of what you want to happen.
+
+#### Describe alternatives you've considered
+A clear and concise description of any alternative solutions or features you've considered.
+
+#### Additional context
+Add any other context or screenshots about the feature request here.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,5 @@
+## Current situation
+<!--- Shortly describe the current situation -->
+
+## Proposal
+<!--- Describe what this PR is intended to achieve -->
@@ -1,35 +1,29 @@
 name: main
+
 on:
   push:
     branches:
       - master
-      - main
-      - beta
-      - next
-      - next-major
+
+permissions: {}
+
 jobs:
-  release:
-    permissions:
-      contents: write
-      issues: write
-      pull-requests: write
-    runs-on:
-      labels:
-        - minimalistic-v2
-    concurrency: release
+  build:
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout source
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
-          fetch-depth: 0
-      - name: Get shared actions
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+          egress-policy: audit
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - name: Setup Go
+        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
-          repository: 'DoodleScheduling/actions'
-          ref: v3
-          path: './.actions'
-          token: ${{ secrets.GH_ACTIONS }}
-      - uses: ./.actions/release
+          go-version: 1.22.x
+      - name: Tests
+        run: make test
+      - name: Send go coverage report
+        uses: shogo82148/actions-goveralls@785c9d68212c91196d3994652647f8721918ba11 # v1.9.0
         with:
-          token: ${{ secrets.GH_ACTIONS }}
-    timeout-minutes: 45
+          path-to-profile: coverage.out
@@ -1,47 +1,27 @@
 name: pr-actions
+
+permissions: {}
+
 on:
   pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-permissions: {}
+    branches:
+      - 'master'
+
 jobs:
-  validate-workflows:
-    permissions:
-      contents: read
-    runs-on:
-      labels:
-        - minimalistic-v2
-    if: ${{ github.event.pull_request.state == 'open' }}
+  ensure-sha-pinned:
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout source
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Get shared actions
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
-          repository: 'DoodleScheduling/actions'
-          ref: v3
-          path: './.actions'
-          token: ${{ secrets.GH_ACTIONS }}
-      - uses: './.actions/validate-workflow'
-    timeout-minutes: 45
-  ensure-pinned-actions:
-    permissions:
-      contents: read
-    runs-on:
-      labels:
-        - minimalistic-v2
-    if: ${{ github.event.pull_request.state == 'open' }}
-    steps:
-      - name: Checkout source
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Get shared actions
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@38608ef4fb69adae7f1eac6eeb88e67b7d083bfd # v3.0.16
         with:
-          repository: 'DoodleScheduling/actions'
-          ref: v3
-          path: './.actions'
-          token: ${{ secrets.GH_ACTIONS }}
-      - uses: './.actions/ensure-pinned-actions'
-    timeout-minutes: 45
+          # slsa-github-generator requires using a semver tag for reusable workflows. 
+          # See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
+          allowlist: |
+            slsa-framework/slsa-github-generator
@@ -1,44 +1,51 @@
 name: pr-build
+
 on:
   pull_request:
     types:
       - opened
       - synchronize
       - reopened
+
+permissions:
+  packages: write
+  contents: read
+  statuses: read
+  actions: write
+  id-token: write
+
 jobs:
   build:
-    permissions:
-      packages: write
-      contents: read
-      statuses: read
-      actions: write
-      id-token: write
-    runs-on:
-      labels:
-        - generic-v2
+    runs-on: ubuntu-latest
+    outputs:
+      profiles: ${{ steps.profiles.outputs.matrix }}    
     steps:
-      - name: Checkout source
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
-          fetch-depth: 0
-      - name: Get shared actions
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+          egress-policy: audit    
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - name: Setup Go
+        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
-          repository: 'DoodleScheduling/actions'
-          ref: v3
-          path: './.actions'
-          token: ${{ secrets.GH_ACTIONS }}
-      - uses: ./.actions/short-sha
-        id: short-sha
-      - uses: ./.actions/container-image
-        with:
-          tags: ghcr.io/doodlescheduling/${{ github.event.repository.name }}:${{ steps.short-sha.outputs.ref }}
-          dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
-          dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
-          ghcr-password: ${{ secrets.GITHUB_TOKEN }}
-          cosign-private-key: ${{ secrets.COSIGN_PRIV_KEY }}
-          platforms: linux/amd64,linux/arm64
-    timeout-minutes: 45
-concurrency:
-  group: ${{ github.ref }}
-  cancel-in-progress: true
+          go-version: 1.22.x
+      - name: build
+        run: |
+          echo GOBIN $GOBIN
+          echo GOPATH $GOPATH
+          echo GOMODCACHE $GOMODCACHE
+          go install
+          echo GOBIN $GOBIN
+          echo GOPATH $GOPATH
+          echo GOMODCACHE $GOMODCACHE
+
+          go mod download
+
+          echo "tailscale module path:"
+          go list -m -f '{{.Dir}}' tailscale.com
+          echo "tailscale module content:"
+          ls $(go list -m -f '{{.Dir}}' tailscale.com)/cmd/derper
+          # ln -s $(go list -m -f '{{.Dir}}' tailscale.com) app
+          # cd app
+          CGO_ENABLED=0 go build -x -o derper $(go list -m -f '{{.Dir}}' tailscale.com)/cmd/derper