-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from theopenlane/init-2
init: part 2, things build but tests and some requests fail
- Loading branch information
Showing
1,185 changed files
with
917,464 additions
and
6,486 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| project_name: core | ||
| builds: | ||
| - env: | ||
| - GO111MODULE=on | ||
| - CGO_ENABLED=0 | ||
| flags: | ||
| - -trimpath | ||
| - -tags=netgo | ||
| ldflags: | ||
| - "-X main.Version={{ .Env.VERSION }}" | ||
| - "-X main.Commit={{ .Env.COMMIT }}" | ||
| - "-X main.CommitDate={{ .Env.COMMIT_DATE }}" | ||
| - "-X main.TreeState={{ .Env.TREE_STATE }}" | ||
| - "-X github.com/theopenlane/core/internal/constants.CLIVersion={{ .Env.VERSION }}" | ||
| goos: | ||
| - linux | ||
| - windows | ||
| - darwin | ||
| goarch: | ||
| - amd64 | ||
| - arm64 | ||
| overrides: | ||
| - goos: darwin | ||
| goarch: arm64 | ||
| env: | ||
| - CGO_ENABLED=1 | ||
| - goos: darwin | ||
| goarch: amd64 | ||
| goamd64: v1 | ||
| env: | ||
| - CGO_ENABLED=1 | ||
| main: ./cmd/cli | ||
| archives: | ||
| - format: tar.gz # we can use binary, but it seems there's an issue where goreleaser skips the sboms | ||
| name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" | ||
| format_overrides: | ||
| - goos: windows | ||
| format: zip | ||
| brews: | ||
| - homepage: 'https://github.com/theopenlane/core' | ||
| description: 'core is the client CLI for interacting with the OL Core Server' | ||
| directory: Formula | ||
| license: 'Apache-2.0' | ||
| commit_author: | ||
| name: bender-core | ||
| email: [email protected] | ||
| repository: | ||
| owner: theopenlane | ||
| name: homebrew-tap | ||
| token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}" | ||
| test: | | ||
| system "#{bin}/core --help" | ||
| source: | ||
| enabled: true | ||
| changelog: | ||
| sort: asc | ||
| use: github | ||
| sboms: | ||
| - artifacts: archive | ||
| release: | ||
| # If set to auto, will mark the release as not ready for production | ||
| # in case there is an indicator for this in the tag e.g. v1.0.0-rc1 | ||
| prerelease: auto | ||
| github: | ||
| owner: theopenlane | ||
| name: core | ||
| # This section defines how and which artifacts we want to sign for the release. | ||
| signs: | ||
| - cmd: cosign | ||
| args: | ||
| - "sign-blob" | ||
| - "--output-signature=${signature}" | ||
| - "${artifact}" | ||
| - "--yes" # needed on cosign >= 2.0.0 | ||
| artifacts: archive | ||
| output: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,101 @@ | ||
| <div align="center"> | ||
|
|
||
| [](https://goreportcard.com/report/github.com/theopenlane/core) | ||
| [](https://buildkite.com/theopenlane/core) | ||
| [](https://pkg.go.dev/github.com/theopenlane/core) | ||
| [](https://opensource.org/licenses/Apache-2.0) | ||
|
|
||
| </div> | ||
|
|
||
| This repository houses the core server and orchestration elements which are at the heart of the [OpenLane](https://theopenlane.io) cloud service. We have no plans to ever gate / silo elements of the code that may fall under our "enterprise licensing" (or any other commercial license we offer) and intend to keep the code Apache 2.0 licensed and free for use, forever. Given that, if you find value in anything we're doing here, our cloud services, or use this software yourself (for any purpose) - don't be afraid to become a contributor! If you have any questions please reach out to `[email protected]`. | ||
|
|
||
| ## Features | ||
|
|
||
| At it's core, this repo is a collection of services built on top of an entity framework which allows us to: | ||
| - Model database schemas as graph structures | ||
| - Define schemas as programmatic go code | ||
| - Execute complex database queries and graph traversals easily | ||
| - Extend and customize using templates and code generation utilities | ||
| - Type-safe resolvers and GraphQL schema stitching | ||
| - Code generated audit / history tables for defined schemas | ||
|
|
||
| On top of this powerful core we also have an incredible amount of pluggable, extensible services: | ||
| - Authentication: we today support password, OAuth2 / Social login providers (Github, Google), Passkeys as well as standard OIDC Discovery flows | ||
| - Multi-factor: built-in 2FA mechanisms, TOTP | ||
| - Authorization: extensible and flexible permissions constructs via openFGA based on Google Zanzibar | ||
| - Session Management: built-in session management with JWKS key validation, encrypted cookies and sessions | ||
| - Robust Middleware: cache control, CORS, Rate Limiting, transaction rollbacks, and more | ||
| - Queuing and Scheduling: Task management and scheduling with Marionette | ||
| - External Storage Providers: store data in AWS S3, Google GCS, or locally | ||
| - External Database Providers: Leverage Turso, or other PostgreSQL / SQLite compatible vendors and libraries | ||
| - Data Isolation and Management: Hierarchal organizations and granular permissions controls | ||
|
|
||
| ## Development | ||
|
|
||
| Developing against this repo involves a few mandatory tools; please read up on these and familiarize yourself if you're interested in making additions or changes! | ||
|
|
||
| 1. [ent](https://entgo.io/) - insane entity mapping tool, definitely not an ORM but kind of an ORM (handles our relational data storage, mappings, codegen processes) | ||
| 1. [atlas](https://atlasgo.io/) - Schema generation and migrations (can be disabled in lieu of migrations on disk) | ||
| 1. [goose](https://github.com/pressly/goose) - Secondary database migration utility we also use for seeding data | ||
| 1. [gqlgen](https://gqlgen.com/) - Code generation + GraphQL server building from from `ent` schema definitions | ||
| 1. [gqlgenc](https://github.com/Yamashou/gqlgenc) - Client building utilities with GraphQL | ||
| 1. [openfga](https://openfga.dev/) - Flexible authorization/permission engine inspired by Google Zanzibar | ||
| 1. [echo](https://echo.labstack.com/) - High performance, extensible, minimalist Go web framework | ||
| 1. [koanf](https://github.com/knadh/koanf) - Configuration management library which parses command line arguments, Go structs + creates our main configuration files | ||
|
|
||
| We also leverage many secondary technologies in use, including (but not limited to!): | ||
|
|
||
| 1. [taskfile](https://taskfile.dev/usage/) - So much better than Make zomg | ||
| 1. [redis](https://redis.io/) - in-memory datastore used for sessions, caching | ||
| 1. databases: | ||
| * [postgres](https://www.postgresql.org/) | ||
| * [libsql](https://turso.tech/libsql) | ||
| * [sqlite](https://www.sqlite.org/) | ||
| 1. [golangci-lint](https://github.com/golangci/golangci-lint) - an annoyingly opinionated linter | ||
| 1. [buildkite](https://buildkite.com/theopenlane) - our CI system of choice (with github actions providing some intermediary support) | ||
|
|
||
| Lastly we're already ourselves using (and plan to support our customers usage in our cloud service) these third party integrations: | ||
|
|
||
| 1. [turso/libsql](https://github.com/tursodatabase/libsql) - Turso is an edge-hosted, distributed database that's based on libSQL , an open-source and open-contribution fork of SQLite | ||
| 1. [posthog](https://posthog.com/) - Product analytics | ||
| 1. [sendgrid](https://sendgrid.com/en-us) - Transactional email send provider | ||
|
|
||
| All of these components are bundled into our respective Docker images; for additional information / instructions, see the [contributing guide](.github/CONTRIBUTING.md) in this repository. We're constantly adding and changing things, but have tried to list all the great open source tools and projects we rely on; if you see your project (or one you use) in here and wish to list it, feel free to open a PR! | ||
|
|
||
| ## Dependencies | ||
|
|
||
| The vast majority of behaviors of the system can be turned on or off by updating the configuration parameters found in `config`; in some instances, we've made features or integrations with third party systems which are "always on", but we're happy to receive PR's wrapping those dependencies if you are interested in running the software without them! | ||
|
|
||
| ### Installing Dependencies | ||
|
|
||
| Setup [Taskfile](https://taskfile.dev/installation/) by following the instructions and using one of the various convenient package managers or installation scripts. After installation, you can then simply run `task install` to load the associated dependencies. Nearly everything in this repository assumes you already have a local golang environment setup so this is not included. Please see the associated documentation. | ||
|
|
||
| ### Updating Configuration Settings | ||
|
|
||
| See the [README](/config/README.md) in the `config` directory. | ||
|
|
||
| ## Deploying | ||
|
|
||
| The only "supported" method of deploying today is locally, but we have a WIP Helm chart which can be found [here](https://github.com/theopenlane/helm-charts) | ||
|
|
||
| ## Contributing | ||
|
|
||
| Please read the [contributing](.github/CONTRIBUTING.md) guide as well as the [Developer Certificate of Origin](https://developercertificate.org/). You will be required to sign all commits to the The OpenLane project, so if you're unfamiliar with how to set that up, see [github's documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification). | ||
|
|
||
| ## Licensing | ||
|
|
||
| This repository contains `core` which is open source software under [Apache 2.0](LICENSE). The OpenLane is a product produced from this open source software exclusively by The Open Lane, Inc. This product is produced under our published commercial terms (which are subject to change), and any logos or trademarks in this repository or the broader [theopenlane](https://github.com/theopenlane) organization are not covered under the Apache License. | ||
|
|
||
| Others are allowed to make their own distribution of this software or include this software in other commercial offerings, but cannot use any of the The OpenLane logos, trademarks, cloud services, etc. | ||
|
|
||
| ## Security | ||
|
|
||
| We take the security of our software products and services seriously, including all of the open source code repositories managed through our Github Organizations, such as [theopenlane](https://github.com/theopenlane). If you believe you have found a security vulnerability in any of our repositories, please report it to us through coordinated disclosure. | ||
|
|
||
| **Please do NOT report security vulnerabilities through public github issues, discussions, or pull requests!** | ||
|
|
||
| Instead, please send an email to `[email protected]` with as much information as possible to best help us understand and resolve the issues. See the security policy attached to this repository for more details. | ||
|
|
||
| ## Questions? | ||
|
|
||
| You can email us at `[email protected]`, open a github issue in this repository, or reach out to [matoszz](https://github.com/matoszz) directly. |
Oops, something went wrong.