Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/main' into finding-our-audience
Browse files Browse the repository at this point in the history
  • Loading branch information
evankanderson committed Jun 5, 2024
2 parents 8b60514 + f170622 commit 6a0e0e4
Show file tree
Hide file tree
Showing 57 changed files with 2,375 additions and 514 deletions.
20 changes: 20 additions & 0 deletions .clusterfuzzlite/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Copyright 2024 Stacklok, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

FROM gcr.io/oss-fuzz-base/base-builder-go
COPY . $SRC/minder
COPY .clusterfuzzlite/build.sh $SRC/build.sh
WORKDIR minder
32 changes: 32 additions & 0 deletions .clusterfuzzlite/build.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/bin/bash -eu
# Copyright 2024 Stacklok, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

# Download dependency and let the Go package manager do all the work
printf "package main\nimport _ \"github.com/AdamKorcz/go-118-fuzz-build/testing\"\n" > ./cmd/cli/register.go
go mod tidy

# ClusterfuzzLite does not support different packages in the same directory,
# and the jq package has its tests in a _test package.
# We create a jq_test directory and move the tests there to make it work.
mkdir internal/engine/eval/jq/jq_test
mv internal/engine/eval/jq/fuzz_test.go internal/engine/eval/jq/jq_test/
compile_native_go_fuzzer github.com/stacklok/minder/internal/engine/eval/jq/jq_test FuzzJqEval FuzzJqEval
compile_native_go_fuzzer github.com/stacklok/minder/internal/engine/eval/rego FuzzRegoEval FuzzRegoEval
compile_native_go_fuzzer github.com/stacklok/minder/internal/controlplane FuzzGitHubEventParsers FuzzGitHubEventParsers
compile_native_go_fuzzer github.com/stacklok/minder/internal/engine/ingester/diff FuzzDiffParse FuzzDiffParse
compile_native_go_fuzzer github.com/stacklok/minder/internal/crypto FuzzEncryptDecrypt FuzzEncryptDecrypt
compile_native_go_fuzzer github.com/stacklok/minder/internal/auth FuzzParseAndValidate FuzzParseAndValidate
1 change: 1 addition & 0 deletions .clusterfuzzlite/project.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
language: go
30 changes: 30 additions & 0 deletions .github/workflows/cifuzz.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: ClusterFuzzLite PR fuzzing
on:
workflow_dispatch:
pull_request:
branches: [ main ]
permissions: read-all
jobs:
PR:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sanitizer: [address]
steps:
- name: Build Fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/clusterfuzzlite/actions/build_fuzzers@82652fb49e77bc29c35da1167bb286e93c6bcc05 # v1
with:
sanitizer: ${{ matrix.sanitizer }}
language: go
bad-build-check: false
- name: Run Fuzzers (${{ matrix.sanitizer }})
id: run
uses: google/clusterfuzzlite/actions/run_fuzzers@82652fb49e77bc29c35da1167bb286e93c6bcc05 # v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fuzz-seconds: 100
mode: 'code-change'
report-unreproducible-crashes: false
sanitizer: ${{ matrix.sanitizer }}
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
go-version-file: ./go.mod
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3
uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -60,7 +60,7 @@ jobs:
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality

uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3
uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

Expand All @@ -71,6 +71,6 @@ jobs:
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3
uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/releaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ jobs:
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
distribution: goreleaser
version: latest
Expand Down
2 changes: 1 addition & 1 deletion cmd/cli/app/auth/auth_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func TokenCommand(cmd *cobra.Command, _ []string) error {
cmd.Printf("Error getting token: %v\n", err)
if errors.Is(err, os.ErrNotExist) || errors.Is(err, util.ErrGettingRefreshToken) {
// wait for the token to be received
token, err := login(ctx, cmd, clientConfig, []string{}, skipBrowser)
token, err := Login(ctx, cmd, clientConfig, []string{}, skipBrowser)
if err != nil {
return err
}
Expand Down
4 changes: 2 additions & 2 deletions cmd/cli/app/auth/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -149,9 +149,9 @@ func writeError(w http.ResponseWriter, loginerr loginError) (string, error) {
return "", nil
}

// login is a helper function to handle the login process
// Login is a helper function to handle the login process
// and return the access token
func login(
func Login(
ctx context.Context,
cmd *cobra.Command,
cfg *clientconfig.Config,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,17 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
// Package offline_token provides the auth offline_token command for the minder CLI.
package offline_token

import (
"github.com/spf13/cobra"

"github.com/stacklok/minder/cmd/cli/app/auth"

Check failure on line 22 in cmd/cli/app/auth/offline_token/offline.go

View workflow job for this annotation

GitHub Actions / lint / Run golangci-lint

could not import github.com/stacklok/minder/cmd/cli/app/auth (-: # github.com/stacklok/minder/cmd/cli/app/auth
)

// OfflineTokenCmd represents the offline-token set of sub-commands
var OfflineTokenCmd = &cobra.Command{
// offlineTokenCmd represents the offline-token set of sub-commands
var offlineTokenCmd = &cobra.Command{
Use: "offline-token",
Short: "Manage offline tokens",
Long: `The minder auth offline-token command project lets you manage offline tokens
Expand All @@ -36,5 +39,5 @@ that need to authenticate to the control plane.`,
}

func init() {
AuthCmd.AddCommand(OfflineTokenCmd)
auth.AuthCmd.AddCommand(offlineTokenCmd)
}
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
// Package offline_token provides the auth offline_token command for the minder CLI.\
package offline_token

import (
"fmt"
Expand All @@ -22,6 +23,7 @@ import (
"github.com/spf13/cobra"
"github.com/spf13/viper"

"github.com/stacklok/minder/cmd/cli/app/auth"
"github.com/stacklok/minder/internal/config"
clientconfig "github.com/stacklok/minder/internal/config/client"
"github.com/stacklok/minder/internal/util/cli"
Expand Down Expand Up @@ -55,7 +57,7 @@ that need to authenticate to the control plane.`,
cmd.SilenceUsage = true

// wait for the token to be received
token, err := login(ctx, cmd, clientConfig, []string{"offline_access"}, skipBrowser)
token, err := auth.Login(ctx, cmd, clientConfig, []string{"offline_access"}, skipBrowser)
if err != nil {
return err
}
Expand All @@ -72,7 +74,7 @@ that need to authenticate to the control plane.`,
}

func init() {
OfflineTokenCmd.AddCommand(offlineTokenGetCmd)
offlineTokenCmd.AddCommand(offlineTokenGetCmd)

offlineTokenGetCmd.Flags().StringP("file", "f", "offline.token", "The file to write the offline token to")

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
// Package offline_token provides the auth offline_token command for the minder CLI.
package offline_token

import (
"fmt"
Expand Down Expand Up @@ -75,7 +76,7 @@ that need to authenticate to the control plane.`,
}

func init() {
OfflineTokenCmd.AddCommand(offlineTokenRevokeCmd)
offlineTokenCmd.AddCommand(offlineTokenRevokeCmd)

offlineTokenRevokeCmd.Flags().StringP("file", "f", "offline.token", "The file that contains the offline token")
offlineTokenRevokeCmd.Flags().StringP("token", "t", "",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
// Package offline_token provides the auth offline_token command for the minder CLI.
package offline_token

import (
"fmt"
Expand Down Expand Up @@ -86,7 +87,7 @@ that need to authenticate to the control plane.`,
}

func init() {
OfflineTokenCmd.AddCommand(offlineTokenUseCmd)
offlineTokenCmd.AddCommand(offlineTokenUseCmd)

offlineTokenUseCmd.Flags().StringP("file", "f", "offline.token", "The file that contains the offline token")
offlineTokenUseCmd.Flags().StringP("token", "t", "",
Expand Down
1 change: 1 addition & 0 deletions cmd/cli/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"github.com/stacklok/minder/cmd/cli/app"
_ "github.com/stacklok/minder/cmd/cli/app/artifact"
_ "github.com/stacklok/minder/cmd/cli/app/auth"

Check failure on line 22 in cmd/cli/main.go

View workflow job for this annotation

GitHub Actions / lint / Run golangci-lint

could not import github.com/stacklok/minder/cmd/cli/app/auth (-: # github.com/stacklok/minder/cmd/cli/app/auth
_ "github.com/stacklok/minder/cmd/cli/app/auth/offline_token"
_ "github.com/stacklok/minder/cmd/cli/app/docs"
_ "github.com/stacklok/minder/cmd/cli/app/profile"
_ "github.com/stacklok/minder/cmd/cli/app/profile/status"
Expand Down
20 changes: 20 additions & 0 deletions database/migrations/000061_rule_instance_not_null_def.down.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-- Copyright 2024 Stacklok, Inc
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.

BEGIN;

ALTER TABLE rule_instances ALTER COLUMN def DROP NOT NULL;
ALTER TABLE rule_instances ALTER COLUMN params DROP NOT NULL;

COMMIT;
20 changes: 20 additions & 0 deletions database/migrations/000061_rule_instance_not_null_def.up.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-- Copyright 2024 Stacklok, Inc
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.

BEGIN;

ALTER TABLE rule_instances ALTER COLUMN def SET NOT NULL;
ALTER TABLE rule_instances ALTER COLUMN params SET NOT NULL;

COMMIT;
Loading

0 comments on commit 6a0e0e4

Please sign in to comment.