initial commit

Author: kuannie1

.editorconfig

@@ -0,0 +1,21 @@
+
+# EditorConfig https://EditorConfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[Makefile]
+indent_style = tab
+
+[*.yml]
+indent_style = space
+indent_size = 2
+
+[*.tf]
+indent_stype = space
+indent_size = 2

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @chanzuckerberg/czi-shared-infra

.gitignore

@@ -0,0 +1,6 @@
+coverage.txt
+bin/
+dist/
+.vscode
+.env
+.envrc

.goreleaser.prerelease.yml

@@ -0,0 +1,36 @@
+before:
+  hooks:
+    - make clean
+
+builds:
+  - binary: aws-oidc
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - darwin
+      - linux
+    goarch:
+      - amd64
+    ldflags:
+      - "-w -s -X github.com/chanzuckerberg/aws-oidc/pkg/util.GitSha={{.Commit}} -X github.com/chanzuckerberg/aws-oidc/pkg/util.Version={{.Version}} -X github.com/chanzuckerberg/aws-oidc/pkg/util.Dirty=false -X github.com/chanzuckerberg/aws-oidc/pkg/util.Release=true"
+
+dockers:
+  - dockerfile: Dockerfile
+    image_templates:
+      - docker.pkg.github.com/chanzuckerberg/aws-oidc/aws-oidc:{{.ShortCommit}}
+    extra_files:
+      - cmd
+      - pkg
+      - go.mod
+      - go.sum
+      - main.go
+
+archives:
+  - files:
+      - none*
+
+release:
+  prerelease: true
+
+env_files:
+  github_token: ~/.config/goreleaser/github_token

.goreleaser.yml

@@ -0,0 +1,44 @@
+before:
+  hooks:
+    - make clean
+
+builds:
+  - binary: aws-oidc
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - darwin
+      - linux
+    goarch:
+      - amd64
+    ldflags:
+      - "-w -s -X github.com/chanzuckerberg/aws-oidc/pkg/util.GitSha={{.Commit}} -X github.com/chanzuckerberg/aws-oidc/pkg/util.Version={{.Version}} -X github.com/chanzuckerberg/aws-oidc/pkg/util.Dirty=false -X github.com/chanzuckerberg/aws-oidc/pkg/util.Release=true"
+
+dockers:
+  - dockerfile: Dockerfile
+    image_templates:
+      - docker.pkg.github.com/chanzuckerberg/aws-oidc/aws-oidc:v{{.Version}}
+    extra_files:
+      - cmd
+      - pkg
+      - go.mod
+      - go.sum
+      - main.go
+
+archives:
+  - files:
+      - none*
+
+release:
+  prerelease: false
+
+brews:
+  - description: "A command line utility tool to help generate AWS STS credentials from an OIDC application."
+    github:
+      owner: chanzuckerberg
+      name: homebrew-tap
+    homepage: "https://github.com/chanzuckerberg/aws-oidc"
+    test: system "#{bin}/aws-oidc version"
+
+env_files:
+  github_token: ~/.config/goreleaser/github_token

.reviewdog.yml

@@ -0,0 +1,8 @@
+runner:
+  golangci:
+    cmd: ./bin/golangci-lint run --out-format=line-number
+    errorformat:
+      - '%E%f:%l:%c: %m'
+      - '%E%f:%l: %m'
+      - '%C%.%#'
+    level: warning

.travis.yml

@@ -0,0 +1,25 @@
+dist: bionic
+language: go
+go:
+  - '1.14.1'
+os:
+  - linux
+env:
+  - GO111MODULE=on
+install:
+  - make setup
+jobs:
+  include:
+    - name: check-mod
+      stage: test
+      script: make check-mod
+    - name: lint
+      stage: test
+      script:
+        - make lint-ci
+    - name: test
+      stage: test
+      script:
+        - make test
+      after_success:
+        - bash <(curl -s https://codecov.io/bash)

Dockerfile

@@ -0,0 +1,30 @@
+# First stage: build the executable
+FROM golang:1.14 AS builder
+
+# Enable Go modules
+ENV GO111MODULE=on CGO_ENABLED=0 GOOS=linux
+
+# Set the Current Working Directory inside the container
+WORKDIR /app
+
+# Copy the source from the current directory to the Working Directory inside the container
+COPY cmd cmd
+COPY go.mod go.sum main.go ./
+COPY pkg pkg
+
+# Build the Go app
+RUN go build -o aws-oidc .
+
+# Final stage: the running container
+FROM alpine:latest AS final
+
+# Install SSL root certificates
+RUN apk update && apk --no-cache add ca-certificates curl
+
+COPY --from=builder /app/aws-oidc /bin/aws-oidc
+
+ADD https://github.com/segmentio/chamber/releases/download/v2.7.5/chamber-v2.7.5-linux-amd64 /bin/chamber
+RUN chmod +x /bin/chamber
+
+
+CMD ["aws-oidc"]

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019-2020 Chan Zuckerberg Initiative, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,83 @@
+SHA=$(shell git rev-parse --short HEAD)
+VERSION=$(shell cat VERSION)
+DIRTY=false
+GO_PACKAGE=$(shell go list)
+LDFLAGS=-ldflags "-w -s -X $(GO_PACKAGE)/pkg/util.GitSha=${SHA} -X $(GO_PACKAGE)/pkg/util.Version=${VERSION} -X $(GO_PACKAGE)/pkg/util.Dirty=${DIRTY}"
+export GO111MODULE=on
+
+clean: ## clean the repo
+	rm aws-oidc 2>/dev/null || true
+	go clean
+	go clean -testcache
+	rm -rf dist 2>/dev/null || true
+	rm coverage.out 2>/dev/null || true
+	if [ -e /tmp/aws-oidc.lock ]; then \
+        rm /tmp/aws-oidc.lock; \
+    fi \
+
+setup: # setup development dependencies
+	export GO111MODULE=on
+	curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh
+	curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh| sh -s -- v0.9.14
+	curl -sfL https://raw.githubusercontent.com/chanzuckerberg/bff/master/download.sh | sh
+.PHONY: setup
+
+install:
+	go install
+.PHONY: install
+
+test:
+	go test -coverprofile=coverage.txt -covermode=atomic ./...
+.PHONY: test
+
+test-all:
+	go test -v -coverprofile=coverage.txt -covermode=atomic ./... -tags=integration
+.PHONY: test-all
+
+test-coverage:  ## run the test with proper coverage reporting
+	go test  -coverprofile=coverage.out -covermode=atomic ./...
+	go tool cover -html=coverage.out
+.PHONY: test-coverage
+
+test-coverage-integration:  ## run the test with proper coverage reporting
+	go test -coverprofile=coverage.out -covermode=atomic ./... -tags=integration
+	go tool cover -html=coverage.out
+.PHONY: test-coverage-all
+
+deps:
+	go get -u ./...
+	go mod tidy
+.PHONY: deps
+
+lint:
+	golangci-lint run -E whitespace --exclude-use-default
+.PHONY: lint
+
+lint-ci: ## run the fast go linters
+	./bin/reviewdog -conf .reviewdog.yml  -reporter=github-pr-review
+.PHONY: lint-ci
+
+release: ## run a release
+	bff bump
+	git push
+	goreleaser release --rm-dist
+.PHONY: release
+
+release-prerelease: ## release to github as a 'pre-release'
+	go build ${LDFLAGS} .
+	commit=`git rev-parse --short HEAD`; \
+	version=`cat VERSION`; \
+	git tag v"$$version"+"$$commit"; \
+	git push
+	git push --tags
+	goreleaser release -f .goreleaser.prerelease.yml --debug --rm-dist
+.PHONY: release-prelease
+
+fmt:
+	goimports -w -d $$(find . -type f -name '*.go' -not -path "./vendor/*")
+.PHONY: fmt
+
+check-mod:
+	go mod tidy
+	git diff --exit-code -- go.mod go.sum
+.PHONY: check-mod