Release 1.0.0 (#2)

Signed-off-by: Cristiano Colangelo <cristiano.colangelo@bluewin.ch>

Author: Cristiano Colangelo

.github/workflows/codeql-analysis.yaml

@@ -0,0 +1,56 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore: [ 'website/**', '.github/workflows/**', 'charts/**', '!.github/workflows/codeql-analysis.yaml', 'README.md']
+  pull_request:
+    branches: [ main ]
+    paths-ignore: [ 'website/**', '.github/workflows/**', 'charts/**', '!.github/workflows/codeql-analysis.yaml', 'README.md' ]
+
+jobs:
+  codeql_analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+      
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/docker.yaml

@@ -0,0 +1,59 @@
+name: "Docker image"
+on:
+  push:
+    branches: [ main ]
+    paths-ignore: [ 'website/**', '.github/workflows/**', 'charts/**', '!.github/workflows/docker.yaml', 'README.md' ]
+  release:
+    types: [ published ]
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: bedag/kubernetes-dbaas
+          flavor: latest=false
+          tags: |
+            latest
+            type=semver,pattern={{major}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  security-scan:
+    name: "Trivy vulnerability scanner"
+    needs: push_to_registry
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/bedag/kubernetes-dbaas:latest'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/docs.yaml

@@ -0,0 +1,74 @@
+name: Website build & deploy
+
+on:
+  pull_request:
+    branches: [main]
+    paths: [ 'website/**', '.github/workflows/docs.yaml' ]
+  push:
+    branches: [main]
+    paths: [ 'website/**', '.github/workflows/docs.yaml' ]
+
+jobs:
+  checks:
+    name: Pull request checks
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v1
+        with:
+          node-version: '12.x'
+      - name: Test Build
+        run: |
+          if [ -e yarn.lock ]; then
+            yarn install --frozen-lockfile
+          elif [ -e package-lock.json ]; then
+            npm ci
+          else
+            npm i
+          fi
+          npm run build
+  gh-release:
+    name: GitHub pages release
+    if: github.event_name != 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v1
+        with:
+          node-version: '12.x'
+      - uses: webfactory/ssh-agent@v0.5.3
+        with:
+          ssh-private-key: ${{ secrets.BOT_SSH_PRIVATE_KEY }}
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v3
+        with:
+          gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.BOT_GPG_PRIVATE_KEY_PASSPHRASE }}
+          git-user-signingkey: true
+          git-commit-gpgsign: true
+      - name: Retrieve short commit SHA
+        run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV
+      - name: Release to GitHub Pages
+        env:
+          USE_SSH: true
+          GIT_USER: kubernetesdbaasbot
+        run: |
+          git config --global user.email "kubernetesdbaasbot@gmail.com"
+          git config --global user.name "kubernetesdbaasbot"
+          mkdir ../temp
+          cd website/
+          npm ci
+          npm run build
+          mv build/* ../../temp
+          cd ..
+          git fetch
+          git switch gh-pages
+          rm -rf *
+          mv ../temp/* .
+          if [[ $(git diff) ]]; then # avoid error exit code if repo is up-to-date
+            git add .
+            git commit -m "Deploy website - based on ${SHORT_SHA}"
+            git push
+          fi

.github/workflows/go.yaml

@@ -0,0 +1,139 @@
+name: "Test Suite"
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore: [ 'website/**', 'charts/**', '.github/workflows/**', '!.github/workflows/go.yaml', 'README.md' ]
+  pull_request:
+    branches: [ main ]
+    paths-ignore: [ 'website/**', 'charts/**', '.github/workflows/**', '!.github/workflows/go.yaml', 'README.md' ]
+
+jobs:
+  run_test_suite:
+    name: "Build & Test"
+    runs-on: ubuntu-latest
+
+    env:
+      POSTGRES_HOST: localhost
+      POSTGRES_PASSWORD: stronG!Password
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PORT: 5432
+      SQLSERVER_HOST: localhost
+      SQLSERVER_PASSWORD: stronG!Password
+      SQLSERVER_USER: sa
+      SQLSERVER_DB: master
+      SQLSERVER_PORT: 1433
+      MARIADB_HOST: 127.0.0.1
+      MARIADB_PASSWORD: stronG!Password
+      MARIADB_USER: root
+      MARIADB_DB: mysql
+      MARIADB_PORT: 3306
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+      sqlserver:
+        image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu
+        env:
+          ACCEPT_EULA: Y
+          SA_PASSWORD: ${{ env.SQLSERVER_PASSWORD }}
+          DB_USER: ${{ env.SQLSERVER_USER }}
+        ports:
+          - 1433:1433
+        options: >-
+          --health-cmd "/opt/mssql-tools/bin/sqlcmd -U $DB_USER -P $SA_PASSWORD -Q 'select 1' -b -o /dev/null"
+          --health-interval 60s
+          --health-timeout 30s
+          --health-start-period 20s
+          --health-retries 3
+      mariadb:
+        image: mariadb:10.4
+        env:
+          MARIADB_ROOT_PASSWORD: ${{ env.MARIADB_PASSWORD }}
+        options: >-
+          --health-cmd "mysqladmin ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 10
+          --health-start-period 20s
+        ports:
+          - 3306:3306
+          
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+      - name: Mod
+        run: go mod tidy
+      - name: Install Ginkgo executable
+        run: go install github.com/onsi/ginkgo/ginkgo@v1.16.4
+      - name: Install Envtest binaries
+        run: |
+          curl -sSLo envtest-bins.tar.gz "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.19.2-$(go env GOOS)-$(go env GOARCH).tar.gz"
+          mkdir -p /opt/kubebuilder/testbin
+          tar -C /opt/kubebuilder/testbin --strip-components=2 -zvxf envtest-bins.tar.gz
+      - name: Prepare Postgres instance for testing
+        env:
+          # Postgres reads the password using a PGPASSWORD env variable
+          PGPASSWORD: ${{ env.POSTGRES_PASSWORD }}
+        run: |
+          for f in ${{ github.workspace }}/testdata/procedures/postgresql/*.sql
+          do
+            echo "loading $f into postgresql"
+            psql -h ${{ env.POSTGRES_HOST }} -p ${{ env.POSTGRES_PORT }} -d ${{ env.POSTGRES_DB }} -U ${{ env.POSTGRES_USER }} < "$f"
+          done
+      - name: Prepare SQLServer instance for testing
+        run: |
+          for f in ${{ github.workspace }}/testdata/procedures/sqlserver/*.sql
+          do
+            echo "loading $f into sqlserver"
+            /opt/mssql-tools/bin/sqlcmd -S 'tcp:${{ env.SQLSERVER_HOST }},${{ env.SQLSERVER_PORT }}' -U ${{ env.SQLSERVER_USER }} -P ${{ env.SQLSERVER_PASSWORD }} -d ${{ env.SQLSERVER_DB }} -i "$f"
+          done
+      - name: Prepare MariaDB instance for testing
+        run: |
+          for f in ${{ github.workspace }}/testdata/procedures/mariadb/*.sql
+          do
+            echo "loading $f into mariadb"
+            mysql -h ${{ env.MARIADB_HOST }} -P ${{ env.MARIADB_PORT }} -u ${{ env.MARIADB_USER }} --password=${{ env.MARIADB_PASSWORD }} -D ${{ env.MARIADB_DB }} < "$f"
+          done
+      - name: Test
+        env:
+          KUBEBUILDER_ASSETS: /opt/kubebuilder/testbin
+          TEST_CONFIG_PATH: ${{ github.workspace }}/testdata/config_testing_ci.yaml
+          POSTGRES_DSN: postgres://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.POSTGRES_HOST }}:${{ env.POSTGRES_PORT }}/${{ env.POSTGRES_DB }}
+          SQLSERVER_DSN: sqlserver://${{ env.SQLSERVER_USER }}:${{ env.SQLSERVER_PASSWORD }}@${{ env.SQLSERVER_HOST }}:${{ env.SQLSERVER_PORT }}/${{ env.SQLSERVER_DB }}
+          MARIADB_DSN: mariadb://${{ env.MARIADB_USER }}:${{ env.MARIADB_PASSWORD }}@${{ env.MARIADB_HOST }}:${{ env.MARIADB_PORT }}/${{ env.MARIADB_DB }}
+        run: ginkgo -r -race -trace -cover -coverprofile=coverage.out -outputdir=testdata/coverage
+      - name: Generate coverage report
+        run: go tool cover -html=testdata/coverage/coverage.out -o testdata/coverage/coverage_report.html
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v3
+        with:
+          gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.BOT_GPG_PRIVATE_KEY_PASSPHRASE }}
+          git-user-signingkey: true
+          git-commit-gpgsign: true
+      - name: Pull latest changes
+        run: git pull
+      - name: Push coverage report
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_user_name: kubernetesdbaasbot
+          commit_user_email: kubernetesdbaasbot@gmail.com
+          commit_message: Update code coverage
+          file_pattern: testdata/coverage/coverage_report.html
+          

.github/workflows/helm.yaml

@@ -0,0 +1,34 @@
+name: Helm Chart linter
+
+on:
+  pull_request:
+    branches: [main]
+    paths: [ 'charts/kubernetes-dbaas/**', '.github/workflows/helm.yaml' ]
+  push:
+    branches: [main]
+    paths: [ 'charts/kubernetes-dbaas/**', '.github/workflows/helm.yaml' ]
+
+jobs:
+  checks:
+    name: Helm Chart linter
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.1.0
+
+      - name: Run chart-testing (lint)
+        run: ct lint --all

.gitignore

@@ -26,8 +26,11 @@ testbin/*
 
 # don't push your config publicly
 config.yaml
-configtest.yaml
+config_testing.yaml
 
 # dbeaver stuff
 .dbeaver/
 .project
+
+# values used for local deployment
+myvalues.yaml