Skip to content

Commit

Permalink
Merge branch 'main' into env-obfuscate
Browse files Browse the repository at this point in the history
  • Loading branch information
matglas committed Nov 15, 2024
2 parents 05edea4 + d0a27fb commit 9a9c340
Show file tree
Hide file tree
Showing 17 changed files with 272 additions and 212 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,15 @@ jobs:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: 1.21.x
go-version: 1.23.x
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -68,7 +68,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -81,6 +81,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
with:
category: "/language:${{matrix.language}}"
4 changes: 2 additions & 2 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ jobs:
egress-policy: audit

- name: 'Checkout Repository'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: 'Dependency Review'
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
2 changes: 1 addition & 1 deletion .github/workflows/fossa.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
steps:
- if: ${{ env.FOSSA_API_KEY != '' }}
name: "Checkout Code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- if: ${{ env.FOSSA_API_KEY != '' }}
name: "Run FOSSA Scan"
uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # v1.4.0
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/golangci-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ jobs:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
args: --timeout=3m
12 changes: 6 additions & 6 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,15 +94,15 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: 1.21.x
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
go-version: 1.23.x
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/go/pkg/mod
Expand All @@ -119,10 +119,10 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Install Cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0

- name: Install syft
uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
uses: anchore/sbom-action/download-syft@251a468eed47e5082b105c3ba6ee500c0e65a764 # v0.17.6

- name: Download GoReleaser
run: go install github.com/goreleaser/goreleaser@v1.23.0
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false

Expand All @@ -67,14 +67,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # tag=v4.4.0
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # tag=v4.4.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # tag=v3.26.7
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # tag=v3.27.0
with:
sarif_file: results.sarif
6 changes: 3 additions & 3 deletions .github/workflows/verify-docgen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: "1.21.x"
go-version: "1.23.x"
- run: ./docgen/verify.sh
6 changes: 3 additions & 3 deletions .github/workflows/verify-licence.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ jobs:
name: license boilerplate check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: "1.21.x"
go-version: "1.23.x"
- name: Install addlicense
run: go install github.com/google/addlicense@v1.1.1
- name: Check license headers
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/witness.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ jobs:
contents: read
id-token: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: 1.21.x
go-version: 1.23.x

- if: ${{ inputs.artifact-download != '' }}
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
Expand All @@ -80,7 +80,7 @@ jobs:
run: ${{ inputs.command }}

- if: ${{ inputs.artifact-upload-path != '' && inputs.artifact-upload-name != ''}}
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: ${{ inputs.artifact-upload-name }}
path: ${{ inputs.artifact-upload-path }}
3 changes: 3 additions & 0 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,12 @@ source:
enabled: true
signs:
- cmd: cosign
certificate: '${artifact}.pem'
signature: '${artifact}.sig'
args:
- "sign-blob"
- "--output-signature=${signature}"
- '--output-certificate=${certificate}'
- "${artifact}"
- "--yes" # needed on cosign 2.0.0+
artifacts: all
Expand Down
5 changes: 4 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,12 @@ BUILDFLAGS := -trimpath
clean: ## Clean the binary directory
rm -rf $(BINDIR)

build:
build: ## Build the binary
CGO_ENABLED=0 go build $(BUILDFLAGS) -o $(BINDIR)/$(BINNAME) ./main.go

build-goreleaser: ## Build the binary using goreleaser
goreleaser build --snapshot --clean

vet: ## Run go vet
go vet ./...

Expand Down
42 changes: 41 additions & 1 deletion cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ package cmd
import (
"fmt"
"os"
"runtime"
"runtime/pprof"

"github.com/in-toto/go-witness/log"
_ "github.com/in-toto/go-witness/signer/kms/aws"
Expand All @@ -25,7 +27,10 @@ import (
"github.com/spf13/cobra"
)

var ro = &options.RootOptions{}
var (
ro = &options.RootOptions{}
cpuProfileFile *os.File
)

func New() *cobra.Command {
cmd := &cobra.Command{
Expand All @@ -46,6 +51,7 @@ func New() *cobra.Command {
cmd.AddCommand(versionCmd())
cmd.AddCommand(AttestorsCmd())
cobra.OnInitialize(func() { preRoot(cmd, ro, logger) })
cobra.OnFinalize((func() { postRoot(ro, logger) }))
return cmd
}

Expand All @@ -64,6 +70,40 @@ func preRoot(cmd *cobra.Command, ro *options.RootOptions, logger *logrusLogger)
if err := initConfig(cmd, ro); err != nil {
logger.l.Fatal(err)
}

var err error
if len(ro.CpuProfileFile) > 0 {
cpuProfileFile, err = os.Create(ro.CpuProfileFile)
if err != nil {
logger.l.Fatalf("could not create CPU profile: %v", err)
}

if err = pprof.StartCPUProfile(cpuProfileFile); err != nil {
logger.l.Fatalf("could not start CPU profile: %v", err)
}
}
}

func postRoot(ro *options.RootOptions, logger *logrusLogger) {
if cpuProfileFile != nil {
pprof.StopCPUProfile()
if err := cpuProfileFile.Close(); err != nil {
logger.l.Fatalf("could not close cpu profile file: %v", err)
}
}

if len(ro.MemProfileFile) > 0 {
memProfileFile, err := os.Create(ro.MemProfileFile)
if err != nil {
logger.l.Fatalf("could not create memory profile file: %v", err)
}

defer memProfileFile.Close()
runtime.GC()
if err := pprof.WriteHeapProfile(memProfileFile); err != nil {
logger.l.Fatalf("could not write memory profile: %v", err)
}
}
}

func loadOutfile(outFilePath string) (*os.File, error) {
Expand Down
6 changes: 3 additions & 3 deletions docs-website/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -4713,9 +4713,9 @@ http-parser-js@>=0.5.1:
integrity sha512-SGeBX54F94Wgu5RH3X5jsDtf4eHyRogWX1XGT3b4HuW3tQPM4AaBzoUji/4AAJNXCEOWZ5O0DgZmJw1947gD5Q==

http-proxy-middleware@^2.0.3:
version "2.0.6"
resolved "https://registry.yarnpkg.com/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz#e1a4dd6979572c7ab5a4e4b55095d1f32a74963f"
integrity sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw==
version "2.0.7"
resolved "https://registry.yarnpkg.com/http-proxy-middleware/-/http-proxy-middleware-2.0.7.tgz#915f236d92ae98ef48278a95dedf17e991936ec6"
integrity sha512-fgVY8AV7qU7z/MmXJ/rxwbrtQH4jBQ9m7kp3llF0liB7glmFeVZFBepQb32T3y8n8k2+AEYuMPCpinYW+/CuRA==
dependencies:
"@types/http-proxy" "^1.17.8"
http-proxy "^1.18.1"
Expand Down
30 changes: 20 additions & 10 deletions docs/commands.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@ Get information about all the available attestors in Witness
### Options inherited from parent commands

```
-c, --config string Path to the witness config file (default ".witness.yaml")
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
-c, --config string Path to the witness config file (default ".witness.yaml")
--debug-cpu-profile-file string Path to store the CPU profile. Profiling will be enabled if this is non-empty
--debug-mem-profile-file string Path to store the Memory profile. Profiling will be enabled if this is non-empty
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
```

### SEE ALSO
Expand Down Expand Up @@ -88,8 +90,10 @@ witness run [cmd] [flags]
### Options inherited from parent commands

```
-c, --config string Path to the witness config file (default ".witness.yaml")
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
-c, --config string Path to the witness config file (default ".witness.yaml")
--debug-cpu-profile-file string Path to store the CPU profile. Profiling will be enabled if this is non-empty
--debug-mem-profile-file string Path to store the Memory profile. Profiling will be enabled if this is non-empty
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
```

### SEE ALSO
Expand Down Expand Up @@ -148,8 +152,10 @@ witness sign [file] [flags]
### Options inherited from parent commands

```
-c, --config string Path to the witness config file (default ".witness.yaml")
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
-c, --config string Path to the witness config file (default ".witness.yaml")
--debug-cpu-profile-file string Path to store the CPU profile. Profiling will be enabled if this is non-empty
--debug-mem-profile-file string Path to store the Memory profile. Profiling will be enabled if this is non-empty
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
```

### SEE ALSO
Expand Down Expand Up @@ -208,8 +214,10 @@ witness verify [flags]
### Options inherited from parent commands

```
-c, --config string Path to the witness config file (default ".witness.yaml")
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
-c, --config string Path to the witness config file (default ".witness.yaml")
--debug-cpu-profile-file string Path to store the CPU profile. Profiling will be enabled if this is non-empty
--debug-mem-profile-file string Path to store the Memory profile. Profiling will be enabled if this is non-empty
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
```

### SEE ALSO
Expand Down Expand Up @@ -237,8 +245,10 @@ witness version [flags]
### Options inherited from parent commands

```
-c, --config string Path to the witness config file (default ".witness.yaml")
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
-c, --config string Path to the witness config file (default ".witness.yaml")
--debug-cpu-profile-file string Path to store the CPU profile. Profiling will be enabled if this is non-empty
--debug-mem-profile-file string Path to store the Memory profile. Profiling will be enabled if this is non-empty
-l, --log-level string Level of logging to output (debug, info, warn, error) (default "info")
```

### SEE ALSO
Expand Down
Loading

0 comments on commit 9a9c340

Please sign in to comment.