(chore): Admission controller for pod validation (#27)

* (chore): Admission controller for pod validation

Signed-off-by: Shubham Chaudhary <[email protected]>

* add the self managed certs

Signed-off-by: Shubham Chaudhary <[email protected]>

---------

Signed-off-by: Shubham Chaudhary <[email protected]>

Author: ispeakc0de

.circleci/config.yml

@@ -0,0 +1,79 @@
+name: build-pipeline
+on:
+  pull_request:
+    branches: [master]
+    types: [opened, synchronize, reopened]
+
+jobs:
+  pre-checks:
+    runs-on: ubuntu-latest
+    steps:
+      # Install golang
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.20.0
+
+      # Checkout to the latest commit
+      # On specific directory/path
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: gofmt check
+        run: make gofmt-check
+
+      - name: golangci-lint
+        uses: reviewdog/action-golangci-lint@v2
+
+      - name: unused-package check
+        run: make unused-package-check
+
+  trivy:
+    needs: pre-checks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -f build/Dockerfile -t docker.io/litmuschaos/admission-controller:${{ github.sha }} . --build-arg TARGETPLATFORM=linux/amd64
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/litmuschaos/admission-controller:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+  gitleaks-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Run GitLeaks
+        run: |
+          wget https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz && \
+          tar -zxvf gitleaks_8.18.2_linux_x64.tar.gz && \
+          sudo mv gitleaks /usr/local/bin && gitleaks detect --source . -v
+
+  image-build:
+    runs-on: ubuntu-latest
+    needs: pre-checks
+    steps:
+      # Checkout to the latest commit
+      # On specific directory/path
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Build Docker Image
+        env:
+          DOCKER_REPO: litmuschaos
+          DOCKER_IMAGE: admission-controller
+          DOCKER_TAG: ci
+        run: |
+          make build-amd64

.github/workflows/build.yml

@@ -0,0 +1,62 @@
+name: push-pipeline
+on:
+  push:
+    branches:
+      - master
+    tags-ignore:
+      - '**'
+
+jobs:
+  pre-checks:
+    runs-on: ubuntu-latest
+    steps:
+      # Install golang
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.20.0
+
+      # Checkout to the latest commit
+      # On specific directory/path
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: gofmt check
+        run: make gofmt-check
+
+      - name: golangci-lint
+        uses: reviewdog/action-golangci-lint@v2
+
+      - name: unused-package check
+        run: make unused-package-check
+
+  image-build:
+    runs-on: ubuntu-latest
+    needs: pre-checks
+    steps:
+      # Checkout to the latest commit
+      # On specific directory/path
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: latest
+
+      - name: login to GitHub Container Registry
+        run: echo ${{ secrets.DPASS }} | docker login -u ${{ secrets.DNAME }} --password-stdin
+
+      - name: Build & Push Docker Image
+        env:
+          DOCKER_REPO: ${{ secrets.DOCKER_REPO }}
+          DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }}
+          DOCKER_TAG: ci
+          DNAME: ${{ secrets.DNAME }}
+          DPASS: ${{ secrets.DPASS }}
+        run: make push-admission-controller

.github/workflows/push.yml

@@ -0,0 +1,75 @@
+name: release-pipeline
+on:
+  create:
+    tags:
+      - '**'
+
+jobs:
+  pre-checks:
+    runs-on: ubuntu-latest
+    steps:
+      # Install golang
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.20.0
+
+      # Checkout to the latest commit
+      # On specific directory/path
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: gofmt check
+        run: make gofmt-check
+
+      - name: golangci-lint
+        uses: reviewdog/action-golangci-lint@v2
+
+      - name: unused-package check
+        run: make unused-package-check
+
+  image-build:
+    runs-on: ubuntu-latest
+    needs: pre-checks
+    steps:
+      # Checkout to the latest commit
+      # On specific directory/path
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: latest
+
+      - name: login to GitHub Container Registry
+        run: echo ${{ secrets.DPASS }} | docker login -u ${{ secrets.DNAME }} --password-stdin
+
+      - name: Set Tag
+        run: |
+          TAG="${GITHUB_REF#refs/*/}"
+          echo "TAG=${TAG}" >> $GITHUB_ENV
+          echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV
+
+      - name: Build & Push Docker Image with version tag
+        env:
+          DOCKER_REPO: ${{ secrets.DOCKER_REPO }}
+          DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }}
+          DOCKER_TAG: ${RELEASE_TAG}
+          DNAME: ${{ secrets.DNAME }}
+          DPASS: ${{ secrets.DPASS }}
+        run: make push-admission-controller
+
+      - name: Build & Push Docker Image with latest
+        env:
+          DOCKER_REPO: ${{ secrets.DOCKER_REPO }}
+          DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }}
+          DOCKER_TAG: latest
+          DNAME: ${{ secrets.DNAME }}
+          DPASS: ${{ secrets.DPASS }}
+        run: make push-admission-controller

.github/workflows/release.yml

@@ -1,3 +1,7 @@
-/bin/
-/.idea/
+build/_output
+*.swp
+*.orig
 coverage.txt
+
+*.vscode/
+*.idea/