Merge pull request #18 from vimeo/github-actions

GitHub Actions

.github/workflows/docker-hub.yml

@@ -0,0 +1,18 @@
+name: DockerHub
+on: [release]
+jobs:
+  build:
+    name: Build and Push to DockerHub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Build and push Docker images
+        uses: docker/[email protected]
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          repository: vimeo/pentagon
+          tag_with_ref: true
+          push: ${{ startsWith(github.ref, 'refs/tags/') }}

.github/workflows/go.yml

@@ -0,0 +1,43 @@
+name: Go
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macOS-latest, ubuntu-latest]
+        goversion: [1.13, 1.14]
+    steps:
+      - name: Set up Go ${{matrix.goversion}} on ${{matrix.os}}
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{matrix.goversion}}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v1
+
+      - name: gofmt
+        run: |
+          [[ -z  $(gofmt -l $(find . -name '*.go') ) ]]
+
+      - name: Get dependencies
+        env:
+          GO111MODULE: on
+        run: go mod download
+
+      - name: Vet
+        env:
+          GO111MODULE: on
+        run: go vet -mod=readonly ./...
+
+      - name: Test
+        env:
+          GO111MODULE: on
+        run: go test -mod=readonly -count 2 ./...
+
+      - name: Race Test
+        env:
+          GO111MODULE: on
+        run: go test -race -mod=readonly -count 2 ./...

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.12-alpine as builder
+FROM golang:1.14.6-alpine as builder
 
 RUN apk add --no-cache ca-certificates libc-dev git make gcc
 RUN adduser -D pentagon

README.md

@@ -1,4 +1,5 @@
-[![Build Status](https://travis-ci.org/vimeo/pentagon.svg?branch=master)](https://travis-ci.org/vimeo/pentagon) [![GoDoc](https://godoc.org/github.com/vimeo/pentagon?status.svg)](https://godoc.org/github.com/vimeo/pentagon) [![Go Report Card](https://goreportcard.com/badge/github.com/vimeo/pentagon)](https://goreportcard.com/report/github.com/vimeo/pentagon) 
+![Go](https://github.com/vimeo/pentagon/workflows/Go/badge.svg)
+[![GoDoc](https://godoc.org/github.com/vimeo/pentagon?status.svg)](https://godoc.org/github.com/vimeo/pentagon) [![Go Report Card](https://goreportcard.com/badge/github.com/vimeo/pentagon)](https://goreportcard.com/report/github.com/vimeo/pentagon) 
 
 # Pentagon
 Pentagon is a small application designed to run as a Kubernetes CronJob to periodically copy secrets stored in [Vault](https://www.vaultproject.io) into equivalent [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/), keeping them synchronized.  Naturally, this should be used with care as "standard" Kubernetes Secrets are simply obfuscated as base64-encoded strings.  However, one can and should use more secure methods of securing secrets including Google's [KMS](https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets) and restricting roles and service accounts appropriately.

config.go

@@ -55,7 +55,7 @@ func (c *Config) SetDefaults() {
 			c.Mappings[i].VaultEngineType = c.Vault.DefaultEngineType
 		}
 		if m.SecretType == "" {
-			m.SecretType = corev1.SecretTypeOpaque
+			c.Mappings[i].SecretType = corev1.SecretTypeOpaque
 		}
 	}
 }

go.mod

@@ -1,6 +1,6 @@
 module github.com/vimeo/pentagon
 
-go 1.12
+go 1.14
 
 require (
 	cloud.google.com/go v0.26.0