Merge branch 'main' into dependabot/go_modules/k8s.io/apiserver-0.29.1

Author: eddycharly

.github/workflows/codeql._yaml

@@ -0,0 +1,44 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+# name: CodeQL
+
+# permissions: {}
+
+# on:
+#   pull_request:
+#     branches:
+#       - main
+#   push:
+#     branches:
+#       - main
+
+# concurrency:
+#   group: ${{ github.workflow }}-${{ github.ref }}
+#   cancel-in-progress: true
+
+# jobs:
+#   required:
+#     runs-on: ubuntu-latest
+#     permissions:
+#       security-events: write
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+#         with:
+#           fetch-depth: 0
+#       - name: Run Trivy vulnerability scanner in repo mode
+#         uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
+#         with:
+#           scan-type: fs
+#           ignore-unfixed: false
+#           format: sarif
+#           output: trivy-results.sarif
+#           severity: CRITICAL,HIGH,MEDIUM
+#           scanners: vuln,secret
+#           exit-code: '0'
+#           vuln-type: os,library
+#       - name: Upload Trivy scan results to GitHub Security tab
+#         uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
+#         with:
+#           sarif_file: trivy-results.sarif
+#           category: code

.github/workflows/codeql.yaml

@@ -0,0 +1,49 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+# name: Tests
+
+# permissions: {}
+
+# on:
+#   pull_request:
+#     branches:
+#     - main
+#   push:
+#     branches:
+#     - main
+
+# concurrency:
+#   group: ${{ github.workflow }}-${{ github.ref }}
+#   cancel-in-progress: true
+
+# jobs:
+#   unit-tests:
+#     runs-on: ubuntu-latest
+#     steps:
+#     - name: Checkout
+#       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+#     - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+#       with:
+#         go-version-file: go.mod
+#         cache-dependency-path: go.sum
+#     # - name: Create test cluster
+#     #   run: |
+#     #     set -e
+#     #     make kind-cluster
+#     - name: Run tests
+#       run: |
+#         set -e
+#         make tests
+#     - name: Upload Report to Codecov
+#       uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+#       with:
+#         file: ./coverage.out
+#         fail_ci_if_error: true
+#         verbose: true
+
+#   required:
+#     needs:
+#     - unit-tests
+#     runs-on: ubuntu-latest
+#     steps:
+#     - run: echo "Required jobs success!"

.github/workflows/tests._yaml

@@ -0,0 +1,49 @@
+linters:
+  enable:
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - containedctx
+    - decorder
+    - dogsled
+    - durationcheck
+    - errcheck
+    - errname
+    - exportloopref
+    - gci
+    # - gochecknoinits
+    - gofmt
+    - gofumpt
+    - goimports
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - grouper
+    - importas
+    - ineffassign
+    - makezero
+    - misspell
+    - noctx
+    - nolintlint
+    - nosprintfhostport
+    # - paralleltest
+    - staticcheck
+    - tenv
+    - thelper
+    - tparallel
+    - typecheck
+    - unconvert
+    - unused
+    - wastedassign
+    - whitespace
+
+run:
+  timeout: 15m
+  skip-files:
+    - ".+\\.generated.go"
+
+output:
+  format: colored-line-number
+  sort-results: true

.golangci.yml

@@ -0,0 +1,91 @@
+before:
+  hooks:
+    - go mod tidy
+
+builds:
+  - id: policy-reports
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    binary: policy-reports
+    flags:
+      - -trimpath
+    # ldflags:
+    #   - -s -w -X github.com/kyverno/policy-reports/pkg/version.BuildVersion={{ .Version }}
+
+kos:
+  - build: policy-reports
+    repository: ghcr.io/kyverno/policy-reports
+    tags:
+      - '{{.Tag}}'
+      - '{{ if not .Prerelease }}latest{{ end }}' 
+    bare: true
+    preserve_import_paths: false
+    sbom: none
+    platforms:
+      - all
+
+signs:
+  - cmd: cosign
+    certificate: '${artifact}.pem'
+    args:
+      - sign-blob
+      - --output-certificate=${certificate}
+      - --output-signature=${signature}
+      - ${artifact}
+      - --yes
+    artifacts: all
+    output: true
+
+docker_signs:
+  - cmd: cosign
+    artifacts: all
+    output: true
+    args:
+      - sign
+      - ${artifact}
+      - --yes
+
+# brews:
+#   - homepage: https://kyverno.github.io/policy-reports
+#     description: Declarative Kubernetes end-to-end testing.
+#     repository:
+#       owner: kyverno
+#       name: policy-reports
+#       branch: brew-{{.Version}}
+#       pull_request:
+#         enabled: true
+#         base:
+#           owner: kyverno
+#           name: policy-reports
+#           branch: main
+
+archives:
+  - name_template: '{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}'
+
+checksum:
+  name_template: checksums.txt
+
+source:
+  enabled: true
+
+sboms:
+  - artifacts: archive
+  - id: source
+    artifacts: source
+
+snapshot:
+  name_template: '{{ incpatch .Version }}-next'
+
+release:
+  prerelease: auto
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'

.goreleaser.yaml

@@ -14,7 +14,7 @@ COPY . ./
 # ARG ARCH
 # ARG GIT_COMMIT
 # ARG GIT_TAG
-RUN GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags="-w -s" -o policy-reports ./cmd/main.go
+RUN GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags="-w -s" -o policy-reports ./main.go
 
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /