edgefarm · renovate · Sep 21, 2022 · Sep 29, 2022 · Sep 29, 2022 · Sep 30, 2022
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -0,0 +1,18 @@
+name: Lint Commit Messages
+on:
+  pull_request:
+    branches:
+      - "**"
+  push:
+    branches:
+      - beta
+      - main
+
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@v4
diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml
@@ -0,0 +1,52 @@
+name: "release-image"
+
+on:
+  pull_request:
+    branches:
+      - beta
+      - main
+  release:
+    types:
+      - "published"
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: edgefarm/vault-certretrieval
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@d398f07826957cd0a18ea1b059cf1207835e60bc
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.TRIGGER_WORKFLOWS_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@97c170d70b5f8bfc77e6b23e68381f217cb64ded
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{tag}}
+            type=semver,pattern={{major}}.{{minor}}.{{patch}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@42863b1282f7046f6c1ec9222965bbceafae3bb8
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,25 @@
+name: Release
+on:
+  workflow_run:
+    workflows:
+      - "Lint Commit Messages"
+    types: [completed]
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' &&
+      (github.ref == 'refs/heads/beta' || github.ref == 'refs/heads/main')}}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Release
+        env:
+          # dont use GITHUB_TOKEN here
+          # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
+          GITHUB_TOKEN: ${{ secrets.TRIGGER_WORKFLOWS_TOKEN }}
+          # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npm install @semantic-release/git -D && npx semantic-release
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,50 @@
+exclude: "(?x)^(.*/base/charts/.*)"
+repos:
+  # general stuff
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      # Git style
+      - id: check-added-large-files
+        exclude: ^vendor
+      - id: check-merge-conflict
+        exclude: ^vendor
+      - id: check-vcs-permalinks
+        exclude: ^vendor
+      - id: forbid-new-submodules
+        exclude: ^vendor
+      - id: no-commit-to-branch
+        exclude: ^vendor
+
+      # Common errors
+      - id: end-of-file-fixer
+        exclude: ^vendor
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+        exclude: ^vendor
+      - id: check-yaml
+        exclude: (^vendor)|(config/manager/manager.yaml)
+      - id: check-merge-conflict
+        exclude: ^vendor
+      - id: check-executables-have-shebangs
+        exclude: ^vendor
+
+  # markdown
+  - repo: https://github.com/markdownlint/markdownlint.git
+    rev: master
+    hooks:
+      - id: markdownlint_docker
+        exclude: ^vendor
+
+  # Golang
+  - repo: git://github.com/dnephin/pre-commit-golang
+    rev: master
+    hooks:
+      - id: go-fmt
+        exclude: ^vendor
+      - id: go-lint
+        exclude: ^vendor
+      - id: go-imports
+        exclude: ^vendor
+      - id: go-mod-tidy
+        exclude: ^vendor
diff --git a/.releaserc.yaml b/.releaserc.yaml
@@ -0,0 +1,8 @@
+branches:
+  - name: "main"
+  - name: "beta"
+    prerelease: true
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - "@semantic-release/github"
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
-REPOSITORY ?= $(shell minikube ip):5000
 TAG ?= $(shell git describe --always)
+GO_LDFLAGS = -tags 'netgo osusergo static_build'
 
 DOCS = docs/index.pdf \
 	docs/configuration.pdf \
@@ -10,25 +10,15 @@ DOCS = docs/index.pdf \
 all : install
 
 install : test
-	go install -v ./cmd/certretrieval
+	go install $(GO_LDFLAGS) -v ./cmd/certretrieval
 
 build : 
-	go build -v ./cmd/certretrieval
+	go build $(GO_LDFLAGS) -v ./cmd/certretrieval
 
 test : build
 	go test ./pkg/certretrieval
 
 
-docker : docker.image docker.push
-
-docker.image : 
-	docker build -t $(REPOSITORY)/certretrieval:$(TAG) .
-	docker tag $(REPOSITORY)/certretrieval:$(TAG) $(REPOSITORY)/certretrieval:latest
-
-docker.push : 
-	docker push $(REPOSITORY)/certretrieval:$(TAG)
-	docker push $(REPOSITORY)/certretrieval:latest
-
 %.pdf : %.md
 	mkdir -p tmp/docs
 	docker run --rm --name pandoc -v $(PWD):/data pandoc/latex -o tmp/$@ $<

diff --git a/README.md b/README.md
@@ -39,14 +39,14 @@ Example:
 
     authrole=cloudcore
     force=false
-    name=cloudcore.ci4rail.com
+    name=cloudcore.edgefarm.io
     ca=/etc/kubeedge/certs/rootCA.crt
     cert=/etc/kubeedge/certs/edge.crt
     key=/etc/kubeedge/certs/edge.key
     role=server
     serverca=/opt/certretrieval/cert/ca.crt
     ttl=24h
-    vault=https://vault.ci4rail.com
+    vault=https://vault.edgefarm.io
 
 The file is passed using _-config_ parameter and is intended for usage within kubernetes, where configuration may be passed as configmap.
 

diff --git a/cmd/certretrieval/main.go b/cmd/certretrieval/main.go
@@ -24,13 +24,15 @@ func main() {
 	flags := flag.NewFlagSet("certretrieval", flag.ExitOnError)
 	flags.StringVar(&config.Tokenfile, "tokenfile", "", "The vault tokenfile (env: VAULT_TOKEN)")
 	flags.StringVar(&config.Name, "name", "", "The common name of the certificate (env: COMMON_NAME)")
+	flags.StringVar(&config.AltNames, "altnames", "", "The requested Subject Alternative Names as comma seperated list e.g. \"a,b,c\" (env: ALT_NAMES)")
+	flags.StringVar(&config.IpSans, "ipsans", "", "The requested IP Subject Alternative Names as comma seperated list e.g. \"127.0.0.1,192.168.1.1\" (env: IP_SANS)")
 	flags.StringVar(&config.OutCAfile, "ca", "", "The targetfile for the issuing CA (env: CA_FILE)")
 	flags.StringVar(&config.OutCertfile, "cert", "", "The targetfile for the PEM encoded certificate(env: CERT_FILE)")
 	flags.StringVar(&config.OutKeyfile, "key", "", "The targetfile for the PEM encoded private key(env: KEY_FILE)")
 	flags.StringVar(&config.Role, "role", "", "The Vault role when requesting the certificate (env: ROLE)")
 	flags.StringVar(&config.ServerCA, "serverca", "", "The signing CA of the vault server certificate when requesting the certificate(env: VAULT_CACERT)")
 	flags.StringVar(&config.PKI, "pki", "pki", "The path to the PKI engine in Vault (env: VAULT_PKI)")
-	flags.StringVar(&config.Vault, "vault", "", "The vault address (env: VAULT_ADDR)")
+	flags.StringVar(&config.Address, "address", "", "The vault address (env: VAULT_ADDR)")
 	flags.StringVar(&config.AuthRole, "authrole", "", "The Vault role to use, when authenticating via the k8s api. Not needed, when a token is used. (env: AUTH_ROLE)")
 	flags.DurationVar(&config.TTL, "ttl", 0, "The validity period of the certificate (env : TTL")
 	flags.BoolVar(&config.Force, "force", false, "Force retrieval of new certificate")
@@ -45,13 +47,15 @@ func main() {
 	setFallbackByEnv(&config.Tokenfile, "VAULT_TOKEN_FILE")
 	setFallbackByEnv(&config.Token, "VAULT_TOKEN")
 	setFallbackByEnv(&config.Name, "COMMON_NAME")
+	setFallbackByEnv(&config.AltNames, "ALT_NAMES")
+	setFallbackByEnv(&config.IpSans, "IP_SANS")
 	setFallbackByEnv(&config.OutCAfile, "CA_FILE")
 	setFallbackByEnv(&config.OutCertfile, "CERT_FILE")
 	setFallbackByEnv(&config.OutKeyfile, "KEY_FILE")
 	setFallbackByEnv(&config.Role, "ROLE")
 	setFallbackByEnv(&config.ServerCA, "VAULT_CACERT")
 	setFallbackByEnv(&config.PKI, "VAULT_PKI")
-	setFallbackByEnv(&config.Vault, "VAULT_ADDR")
+	setFallbackByEnv(&config.Address, "VAULT_ADDR")
 	setFallbackByEnv(&config.AuthRole, "AUTH_ROLE")
 
 	if *configFile != "" {
@@ -62,6 +66,8 @@ func main() {
 		config.AuthRole = props.GetString("authrole", config.AuthRole)
 		config.Force = props.GetBool("force", config.Force)
 		config.Name = props.GetString("name", config.Name)
+		config.AltNames = props.GetString("altnames", config.AltNames)
+		config.IpSans = props.GetString("ipsans", config.IpSans)
 		config.OutCAfile = props.GetString("ca", config.OutCAfile)
 		config.OutCertfile = props.GetString("cert", config.OutCertfile)
 		config.OutKeyfile = props.GetString("key", config.OutKeyfile)
@@ -78,7 +84,7 @@ func main() {
 		config.Token = props.GetString("token", config.Token)
 		config.Tokenfile = props.GetString("tokenfile", config.Tokenfile)
 		config.ValidityCheckTolerance = props.GetInt64("checktolerance", config.ValidityCheckTolerance)
-		config.Vault = props.GetString("vault", config.Vault)
+		config.Address = props.GetString("address", config.Address)
 	}
 
 	if val := os.Getenv("TTL"); config.TTL == 0 && val != "" {