initial commit of fides controller codebase and branding 🌅

.github/workflows/release.yml

@@ -76,7 +76,7 @@ jobs:
       - name: push docker images (for branches)
         if: github.ref == 'refs/heads/main' || github.event.pull_request.base.ref == 'main'
         run: |
-          docker images --format "{{.Repository}}:{{.Tag}}" | grep "ekristen/go-project-template" | xargs -L1 docker push
+          docker images --format "{{.Repository}}:{{.Tag}}" | grep "ekristen/fides-controller" | xargs -L1 docker push
       - name: upload artifacts
         if: github.event.pull_request.base.ref == 'main'
         uses: actions/upload-artifact@v3

.goreleaser.yml

@@ -1,10 +1,10 @@
 release:
   github:
     owner: ekristen
-    name: go-project-template
+    name: fides
   prerelease: auto
 builds:
-  - id: go-project-template
+  - id: fides
     goos:
       - linux
       - darwin
@@ -19,24 +19,24 @@ builds:
       - -X '{{ .ModulePath }}/pkg/common.VERSION={{ .Tag }}'
       - -X '{{ .ModulePath }}/pkg/common.COMMIT={{ .Commit }}'
 archives:
-  - id: go-project-template
+  - id: fides
     builds:
-      - go-project-template
+      - fides
     name_template: "{{ .ProjectName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ .Arm }}"
     format_overrides:
       - goos: windows
         format: zip
 dockers:
-  - id: go-project-template
+  - id: fides
     ids:
-      - go-project-template
+      - fides
     use: buildx
     goos: linux
     goarch: amd64
     dockerfile: Dockerfile
     image_templates:
-      - ghcr.io/ekristen/go-project-template:v{{ .Version }}
-      - ghcr.io/ekristen/go-project-template:{{ replace .Branch "/" "-" }}-{{ .ShortCommit }}-{{ .Timestamp }}
+      - ghcr.io/ekristen/fides:v{{ .Version }}
+      - ghcr.io/ekristen/fides:{{ replace .Branch "/" "-" }}-{{ .ShortCommit }}-{{ .Timestamp }}
     build_flag_templates:
       - "--target=goreleaser"
       - "--pull"
@@ -51,23 +51,11 @@ signs:
     stdin: "{{ .Env.COSIGN_PASSWORD }}"
     args: ["sign-blob", "--yes", "--tlog-upload=false", "--key=cosign.key", "--output-signature=${signature}", "${artifact}"]
     artifacts: all
-  #- ids:
-  #    - template
-  #  cmd: cosign
-  #  signature: "${artifact}.sig"
-  #  certificate: "${artifact}.pem"
-  #  args: ["sign-blob", "--yes", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-certificate=${certificate}", "--output-signature=${signature}", "${artifact}"]
-  #  artifacts: all
 docker_signs:
   - ids: # Sign With Password
-      - go-project-template
+      - fides
     artifacts: all
     stdin: "{{ .Env.COSIGN_PASSWORD }}"
-  #- ids:
-  #    - template
-  #  artifacts: all
-  #  cmd: cosign
-  #  args: ["sign", "--yes", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-certificate=${certificate}", "--output-signature=${signature}", "${artifact}"]
 checksum:
   name_template: "checksums.txt"
 snapshot:

Dockerfile

@@ -2,20 +2,22 @@
 
 FROM debian:bullseye-slim as base
 RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
-RUN useradd -r -u 999 -d /home/go-project-template go-project-template
+RUN useradd -r -u 999 -d /home/fides fides
 
 FROM ghcr.io/acorn-io/images-mirror/golang:1.21 AS build
 COPY / /src
 WORKDIR /src
 RUN \
   --mount=type=cache,target=/go/pkg \
   --mount=type=cache,target=/root/.cache/go-build \
-  go build -o bin/go-project-template main.go
+  go build -o bin/fides main.go
 
 FROM base AS goreleaser
-COPY go-project-template /usr/local/bin/go-project-template
-USER go-project-template
+COPY fides /usr/local/bin/fides
+USER fides
 
 FROM base
-COPY --from=build /src/bin/go-project-template /usr/local/bin/go-project-template
-USER go-project-template
+ENTRYPOINT ["/usr/local/bin/fides"]
+CMD ["controller"]
+COPY --from=build /src/bin/fides /usr/local/bin/fides
+USER fides

README.md

@@ -1,86 +1,18 @@
-# Go Project Template
+# Fides
 
-This is an opinionated go project template to use as a starting point for new projects.
+Fides is the Greek Goddess of Trust. 
 
-## Features
+[Check out Fides on the web](https://fides.ekristen.dev)
 
-- Builds with [GoReleaser](https://goreleaser.com)
-  - Automated with GitHub Actions
-  - Signed with Cosign (providing you generate a private key)
-- Linting with [golangci-lint](https://golangci-lint.run/)
-  - Automated with GitHub Actions
-- Builds with Docker
-  - While designed to use goreleaser, you can still just run `docker build`
-- Opinionated Layout
-  - Never use `internal/` folder 
-  - Everything is under `pkg/` folder
-- Automatic Dependency Management with [Renovate](https://github.com/renovatebot/renovate)
-- Automatic Releases with [Release Drafter](https://github.com/release-drafter/release-drafter)
-- Documentation with Material for MkDocs
-- API Server Example
-  - Uses Gorilla Mux (yes it's been archived, still the best option)
-- Stubbed out Go Tests
-  - They are not comprehensive
+## Overview
 
-### Opinionated Decisions
+Fides is currently a SaaS solution that provides a simple way to make unmanaged and non-public kubernetes
+clusters more useful with AWS and potentially other cloud providers.
 
-- Uses `init` functions for registering commands globally.
-  - This allows for multiple `main` package files to be written and include different commands.
-  - Allows the command code to remain isolated from each other and a simple import to include the command.
+It's initial focus is on making it easy to expose the Service Account OIDC information from a cluster non-managed or
+even a private non-public cluster. This allows you to use the Service Account Tokens to authenticate to AWS roles.
 
-## Building
+This code repository serves as the bug tracker for the Fides project. Fides is currently in Alpha as a SaaS project.
+What code is and can be open sourced is here. The rest is in a private repository, if it makes sense to open source
+more I will.
 
-The following will build binaries in snapshot order.
-
-```console
-goreleaser --clean --snapshot
-```
-
-## Configure
-
-1. Rename Repository
-2. Generate Cosign Keys
-3. Update `.goreleaser.yml`, search/replace go-project-template with new project name, adjust GitHub owner
-4. Update `main.go`,
-5. Update `go.mod`, rename go project (using IDE is best so renames happen across all files)
-
-### Signing
-
-1. Create a password
-   - Recommend exporting in environment as `COSIGN_PASSWORD` using something like [direnv](http://direnv.net)
-2. Generate cosign keys `cosign generate-key-pair`
-3. Create GitHub Action Secrets
-   - `COSIGN_KEY` -> populate with cosign.key value
-   - `COSIGN_PASSWORD` -> populate with password from step 1
-
-### Releases
-
-In order for Release Drafter and GoReleaser to work properly you have to create a PAT to run Release Drafter
-so it's actions against the repository can trigger other workflows. Unfortunately there is no way to trigger 
-a workflow from a workflow if both are run by the automatically generated GitHub Actions secret.
-
-1. Create PAT that has write contents permissions to the repository
-2. Create GitHub Action Secret
-   - `RELEASE_DRAFTER_SECRET` -> populated with PAT from step 1
-3. Done
-
-## Documentation
-
-The project is built to have the documentation right alongside the code in the `docs/` directory leveraging Mkdocs Material.
-
-In the root of the project exists mkdocs.yml which drives the configuration for the documentation.
-
-This README.md is currently copied to `docs/index.md` and the documentation is automatically published to the GitHub
-pages location for this repository using a GitHub Action workflow. It does not use the `gh-pages` branch.
-
-### Running Locally
-
-```console
-make docs-serve
-```
-
-OR (if you have docker)
-
-```console
-docker run --rm -it -p 8000:8000 -v ${PWD}:/docs squidfunk/mkdocs-material
-```

cosign.pub

@@ -1,4 +1,4 @@
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESLcBYyo9DKPEq23UYkXOG7RRqhwn
-/boYGgxL7bRUwLSd7tTTimzNrU9RwQNvaCEhPZDSk7cXLuxvbvOUIyVCyQ==
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENkS9PGp5A7DqPQ6podoUozG9KtwC
+WxUFXtKE9JVKo/8Rqs4i6ekhhaYiJs4pHJ7PEj2WLSIAjr4yZLkLNgH/rw==
 -----END PUBLIC KEY-----