defenseunicorns · Noxsios · Apr 24, 2024 · Apr 10, 2024 · Apr 10, 2024 · Apr 10, 2024
@@ -25,6 +25,9 @@ pre-commit install
 
 # install goimports
 go install golang.org/x/tools/cmd/goimports@latest
+
+# install revive
+go install github.com/mgechev/revive@latest
 ```
 
 Now every time you commit, the hooks will run and format your code, linting can be called via `make lint-go`.

@@ -8,7 +8,11 @@ runs:
 
     - uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
 
-    - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin --tag v0.64.2"
+    - name: install grype
+      env:
+        # renovate: datasource=github-tags depName=anchore/grype versioning=semver
+        VERSION: v0.74.6
+      run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin $VERSION"
       shell: bash
 
     - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
@@ -2,7 +2,7 @@ paths-ignore:
   - src/pkg/packager/network.go
   - src/pkg/utils/network.go
   - src/pkg/utils/credentials.go
-  - docs-website/**
+  - site/**
   - build/**
 
 query-filters:

@@ -14,7 +14,7 @@ jobs:
       - name: Run Revive Action by pulling pre-built image
         uses: docker://morphy/revive-action:v2.5.7@sha256:087d4e61077087755711ab7e9fae3cc899b7bb07ff8f6a30c3dfb240b1620ae8
         with:
-          config: revive.toml
+          config: hack/revive.toml
           # Exclude patterns, separated by semicolons (optional)
           exclude: "src/cmd/viper.go"
           # Path pattern (default: ./...)

diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml
@@ -72,6 +72,13 @@ jobs:
           name: build-artifacts
           path: build/
 
+      - name: copy init package
+        run: |
+          sudo mkdir /mnt/zarf-tmp
+          sudo chown -R runner:runner /mnt/zarf-tmp
+          mv build/zarf-init* /mnt/zarf-tmp
+
+
       - name: Setup golang
         uses: ./.github/actions/golang
 
@@ -101,8 +108,6 @@ jobs:
         env:
           IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
         run: |
-          sudo mkdir /mnt/zarf-tmp
-          sudo chown -R runner:runner /mnt/zarf-tmp
           CI=true go test ./src/extensions/bigbang/test -failfast -v -timeout 30m
 
       - name: Save logs

@@ -34,6 +34,17 @@ repos:
           - -w
         language: system
         pass_filenames: true
+      - id: lint
+        name: revive go lint
+        entry: revive
+        args:
+          - "-config"
+          - "hack/revive.toml"
+          - "-exclude"
+          - "src/cmd/viper.go"
+        files: .go$
+        language: system
+        pass_filenames: true
   - repo: https://github.com/python-jsonschema/check-jsonschema
     rev: 0.14.0
     hooks:

@@ -1,35 +1,5 @@
 * @defenseunicorns/zarf
 
-# Docs & examples
-/adr/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/docs/ @jeff-mccoy  @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/examples/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-*.md @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-
-# Core code
-/src/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/go.* @jeff-mccoy  @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-main.go @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-
-# Init package
-/packages/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/zarf.yaml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-
-# Docs Website
-/docs-website/ @Racer159 @Noxsios @jeff-mccoy @lucasrod16 @AustinAbro321
-
-# Privileged pipeline files
-/.github/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/hack/ @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/.gitignore @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/.golangci.yml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/.goreleaser.yml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/.grype.yaml @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/Dockerfile @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/renovate.json @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-/Makefile @jeff-mccoy @Racer159 @Noxsios @lucasrod16 @AustinAbro321
-
-# Additional privileged files
 /CODEOWNERS @jeff-mccoy @austenbryan
 /cosign.pub @jeff-mccoy @austenbryan
 /LICENSE @jeff-mccoy @austenbryan
@@ -3,7 +3,6 @@
 
 # Provide a default value for the operating system architecture used in tests, e.g. " APPLIANCE_MODE=true|false make test-e2e ARCH=arm64"
 ARCH ?= amd64
-KEY ?= ""
 ######################################################################################
 
 # Figure out which Zarf binary we should use based on the operating system we are on
@@ -74,7 +73,7 @@ destroy: ## Run `zarf destroy` on the current cluster
 	rm -fr build
 
 delete-packages: ## Delete all Zarf package tarballs in the project recursively
-	find . -type f -name 'zarf-package-*' -delete
+	find . -type f \( -name 'zarf-package-*' -o -name 'zarf-init-*' \) -delete
 
 # Note: the path to the main.go file is not used due to https://github.com/golang/go/issues/51831#issuecomment-1074188363
 .PHONY: build
@@ -219,11 +218,12 @@ test-docs-and-schema:
 
 # INTERNAL: used to test for new CVEs that may have been introduced
 test-cves:
-	go run main.go tools sbom scan . -o json --exclude './docs-website' --exclude './examples' | grype --fail-on low
+	go run main.go tools sbom scan . -o json --exclude './site' --exclude './examples' | grype --fail-on low
 
 cve-report: ## Create a CVE report for the current project (must `brew install grype` first)
 	@test -d ./build || mkdir ./build
-	go run main.go tools sbom scan . -o json --exclude './docs-website' --exclude './examples' | grype -o template -t hack/.templates/grype.tmpl > build/zarf-known-cves.csv
+	go run main.go tools sbom scan . -o json --exclude './site' --exclude './examples' | grype -o template -t hack/grype.tmpl > build/zarf-known-cves.csv
 
 lint-go: ## Run revive to lint the go code (must `brew install revive` first)
-	revive -config revive.toml -exclude src/cmd/viper.go -formatter stylish ./src/...
+	revive -config hack/revive.toml -exclude src/cmd/viper.go -formatter stylish ./src/...
+	hack/check-spdx-go.sh src >/dev/null || (echo "SPDX check for go failed, please run 'hack/check-spdx-go.sh src' to see the errors" && exit 1)
@@ -4,7 +4,7 @@
 [![Go version](https://img.shields.io/github/go-mod/go-version/defenseunicorns/zarf?filename=go.mod)](https://go.dev/)
 [![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/zarf/release.yml)](https://github.com/defenseunicorns/zarf/actions/workflows/release.yml)
 [![Zarf Documentation Status](https://api.netlify.com/api/v1/badges/fe846ae4-25fb-4274-9968-90782640ee9f/deploy-status)](https://app.netlify.com/sites/zarf-docs/deploys)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf/badge)](https://securityscorecards.dev/viewer/?uri=github.com/defenseunicorns/zarf)
 
 <img align="right" alt="zarf logo" src="site/src/assets/zarf-logo.png"  height="256" />
 

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Directory containing the Go files
+DIRECTORY="$1"
+
+# Array of paths to exclude from the check
+EXCLUDE_PATHS=(
+  "src/cmd/tools/helm/repo_update.go"
+  "src/cmd/tools/helm/repo_remove.go"
+  "src/cmd/tools/helm/load_plugins.go"
+  "src/cmd/tools/helm/repo_list.go"
+  "src/cmd/tools/helm/flags.go"
+  "src/cmd/tools/helm/repo_add.go"
+  "src/cmd/tools/helm/dependency.go"
+  "src/cmd/tools/helm/repo_index.go"
+  "src/cmd/tools/helm/repo.go"
+  "src/cmd/tools/helm/dependency_build.go"
+  "src/cmd/tools/helm/dependency_update.go"
+  "src/cmd/tools/helm/root.go"
+)
+
+BLACK='\033[0;30m'
+RED='\033[0;31m'
+RESET='\033[0m'
+
+# Function to check if a path is in the EXCLUDE_PATHS array
+is_excluded() {
+  local path="$1"
+  for exclude in "${EXCLUDE_PATHS[@]}"; do
+    if [[ "$path" == "$exclude"* ]]; then
+      return 0 # 0 means true/success in shell script
+    fi
+  done
+  return 1 # 1 means false/failure in shell script
+}
+
+# Flag to track if any file meets the condition
+found=0
+
+# Use process substitution to avoid subshell issue with the 'found' variable
+while IFS= read -r file; do
+  if is_excluded "$file"; then
+    echo -e "$BLACK$file$RESET"
+    continue
+  fi
+
+  # Use `head` to grab the first two lines and compare them directly
+  firstLine=$(head -n 1 "$file")
+  secondLine=$(head -n 2 "$file" | tail -n 1)
+
+  # Check if the lines do not match the specified strings
+  if [[ "$firstLine" != "// SPDX-License-Identifier: Apache-2.0" || "$secondLine" != "// SPDX-FileCopyrightText: 2021-Present The Zarf Authors" ]]; then
+    echo -e "$RED$file$RESET"
+    found=1
+  fi
+done < <(find "$DIRECTORY" -type f -name "*.go")
+
+# If any file met the condition, exit with status 1
+if [ "$found" -eq 1 ]; then
+  exit 1
+fi
@@ -1,4 +1,6 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
+
+set -euo pipefail
 
 if [ -z "$(git status -s docs/ zarf.schema.json)" ]; then
     echo "Success!"

@@ -1,4 +1,6 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
+
+set -euo pipefail
 
 # Create the json schema for the zarf.yaml
 go run main.go internal gen-config-schema > zarf.schema.json

@@ -0,0 +1,3 @@
+# This is here so it can be used during certain Zarf commands
+# such as `internal gen-cli-docs` where we prefer an empty config
+# as opposed to the init package config at the base of the repo
@@ -1,4 +1,6 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
+set -euo pipefail
 
 ZARF_BIN=$1
 LINT_SRC_TEST=$2
@@ -11,7 +13,7 @@ find "." -type f -name 'zarf.yaml' | while read -r yaml_file; do
   if [[ "$dir" == *src/test/* ]] && [ "$LINT_SRC_TEST" != true ]; then
       continue
   fi
-  echo "Running 'zarf prepare lint' in directory: $dir"
-  $ZARF_BIN prepare lint "$dir"
+  echo "Running 'zarf dev lint' in directory: $dir"
+  $ZARF_BIN dev lint "$dir"
   echo "---"
 done
@@ -1,8 +1,8 @@
 ignoreGeneratedHeader = false
 severity = "warning"
 confidence = 0.8
-errorCode = 0
-warningCode = 0
+errorCode = 1
+warningCode = 1
 formatter = "stylish"
 
 [rule.blank-imports]

@@ -82,6 +82,16 @@
         "https:\\/\\/github.com\\/(?<depName>[\\w\\/\\-\\.\\+\\%]+?)\\/releases\\/download\\/(?<currentValue>[\\w\\/\\-\\.\\+\\%]+?)\\/"
       ],
       "datasourceTemplate": "github-releases"
+    },
+    {
+      "fileMatch": [
+        "\\.*\\.ya?ml$"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=github-tags depName=anchore/grype versioning=semver\n\\s*VERSION: (?<currentValue>v[\\d.]+)"
+      ],
+      "datasourceTemplate": "github-tags",
+      "depNameTemplate": "anchore/grype"
     }
   ]
 }
@@ -7,7 +7,7 @@ import remarkGemoji from "remark-gemoji";
 // https://astro.build/config
 export default defineConfig({
   redirects: {
-    '/docs/zarf-overview': '/'
+    "/docs/zarf-overview": "/",
   },
   markdown: {
     remarkPlugins: [remarkGemoji],
@@ -37,7 +37,10 @@ export default defineConfig({
         src: "./src/assets/zarf-logo-header.svg",
         replacesTitle: true,
       },
-      customCss: ["./src/styles/custom.css"],
+      customCss: [
+        "./src/styles/custom.css",
+        "@fontsource/source-code-pro/400.css",
+      ],
       lastUpdated: true,
       sidebar: [
         {

@@ -17,6 +17,7 @@
   "dependencies": {
     "@astrojs/check": "^0.5.10",
     "@astrojs/starlight": "^0.21.2",
+    "@fontsource/source-code-pro": "^5.0.17",
     "astro": "^4.5.12",
     "mermaid": "^10.9.0",
     "rehype-autolink-headings": "^7.1.0",