Added blog link in the README

* Added azure pipeline template

Signed-off-by: iamabhishek-dubey <abhishekbhardwaj510@gmail.com>

.azure-pipelines/pipeline.yml

@@ -7,190 +7,17 @@ pr:
     include:
     - master
 
-variables:
-  - group: RuntimeVariables
-  
-stages:
-- stage: precheck
-  jobs:
-    - job: govet
-      dependsOn: []
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - task: GoTool@0
-          displayName: "Installing Golang"
-          inputs:
-            version: '1.16'
-        - task: Go@0
-          displayName: "Executing go vet"
-          inputs:
-            command: 'custom'
-            customCommand: 'vet'
+resources:
+  repositories:
+  - repository: golang-template
+    type: github
+    name: opstree/azure-devops-template
+    endpoint: OT-CONTAINER-KIT
 
-- stage: code_quality
-  dependsOn: ["precheck"]
-  jobs:
-    - job: golang_ci_lint
-      dependsOn: []
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - task: GoTool@0
-          displayName: "Installing Golang"
-          inputs:
-            version: '1.16'
-        - script: |
-            curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.40.0
-            ./bin/golangci-lint run --timeout 5m0s ./...
-          displayName: "Executing golang-ci lint"
-
-- stage: dockerfile_lint
-  dependsOn: ["precheck"]
-  jobs:
-    - job: dockerfile_lint
-      dependsOn: []
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - script: scripts/dockerfile-linter.sh
-          displayName: "Executing dockerlinter"
-
-- stage: build
-  dependsOn: ["code_quality"]
-  jobs:
-    - job: linux_amd64
-      dependsOn: []
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - task: GoTool@0
-          displayName: "Installing Golang"
-          inputs:
-            version: '1.16'
-        - task: Go@0
-          displayName: "Executing go build"
-          inputs:
-            command: 'build'
-            arguments: '-o $(Agent.BuildDirectory)/k8s-vault-webhook'
-        - task: ArchiveFiles@2
-          displayName: 'Archiving go binary'
-          inputs:
-            rootFolderOrFile: '$(Agent.BuildDirectory)/k8s-vault-webhook'
-            includeRootFolder: true
-            archiveType: 'zip'
-            archiveFile: '$(Build.ArtifactStagingDirectory)/compiled/k8s-vault-webhook-linux-amd64.zip'
-            replaceExistingArchive: true
-        - task: PublishBuildArtifacts@1
-          inputs:
-            PathtoPublish: '$(Build.ArtifactStagingDirectory)/compiled'
-            ArtifactName: 'drop'
-            publishLocation: 'Container'
-
-- stage: build_image
-  dependsOn: ["dockerfile_lint"]
-  jobs:
-    - job: linux_amd64
-      dependsOn: []
-      steps:
-      - task: Docker@2
-        displayName: "Building docker image"
-        inputs:
-          command: 'build'
-          Dockerfile: '**/Dockerfile'
-          tags: '$(Build.BuildId)'
-
-- stage: release_binaries
-  dependsOn: ["build", "build_image"]
-  jobs:
-    - job: goreleaser
-      dependsOn: []  
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - script: scripts/goreleaser.sh
-          displayName: "Releasing go binaries"
-          env:
-            GITHUB_TOKEN: $(GithubToken)
-      condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
-
-- stage: release_quay
-  dependsOn: ["build", "build_image"]
-  jobs:
-    - job: quay
-      dependsOn: []  
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - task: Docker@2
-          displayName: "Publish quay image"
-          inputs:
-            containerRegistry: 'QuayServiceConnection'
-            repository: 'opstree/k8s-vault-webhook'
-            command: 'buildAndPush'
-            Dockerfile: '**/Dockerfile'
-            tags: |
-              latest
-              $(Build.SourceBranchName)
-      condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
-
-- stage: release_github_image
-  dependsOn: ["build", "build_image"]
-  jobs:
-    - job: github
-      dependsOn: []  
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - task: Docker@2
-          displayName: "Publish github image"
-          inputs:
-            containerRegistry: 'GithubServiceConnection'
-            repository: 'ot-container-kit/k8s-vault-webhook/k8s-vault-webhook'
-            command: 'buildAndPush'
-            Dockerfile: '**/Dockerfile'
-            tags: |
-              latest
-              $(Build.SourceBranchName)
-      condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
-
-- stage: verify
-  dependsOn: ["release_binaries", "release_quay", "release_github_image"]
-  jobs:
-    - job: verfiy
-      dependsOn: []  
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - task: DownloadBuildArtifacts@0
-          displayName: "Downloading the artifact"
-          inputs:
-            buildType: 'current'
-            downloadType: 'single'
-            artifactName: 'drop'
-            downloadPath: '$(System.ArtifactsDirectory)'
-        - task: ExtractFiles@1
-          displayName: "Extracting files"
-          inputs:
-            archiveFilePatterns: '$(System.ArtifactsDirectory)/drop/k8s-vault-webhook-linux-amd64.zip'
-            destinationFolder: '$(Agent.BuildDirectory)'
-            cleanDestinationFolder: false
-            overwriteExistingFiles: true
-        - script: |
-            $(Agent.BuildDirectory)/k8s-vault-webhook --help || true
-          displayName: "Executing k8s-vault-webhook"
-
-- stage: docs
-  dependsOn: ["release_binaries", "release_quay", "release_github_image"]
-  jobs:
-    - job: build
-      dependsOn: []  
-      pool:
-        vmImage: "ubuntu-18.04"
-      steps:
-        - task: NodeTool@0
-          displayName: "Installing NodeJS"
-          inputs:
-            versionSpec: '>=8.6'
-        - script: scripts/build-docs.sh
-          displayName: "Building documentation"
+extends:
+  template: golang-ci.yaml@golang-template
+  parameters:
+    ApplicationName: k8s-vault-webhook
+    QuayImageName: opstree/k8s-vault-webhook
+    GithubImageName: ot-container-kit/k8s-vault-webhook/k8s-vault-webhook
+    BuildDocs: true

README.md

@@ -3,8 +3,8 @@
 </div>
 
 <p align="center">
-  <a href="https://dev.azure.com/abhishekbhardwaj510/DevOps/_build?definitionId=4&_a=summary">
-    <img src="https://dev.azure.com/abhishekbhardwaj510/DevOps/_apis/build/status/k8s-vault-webhook/k8s-vault-webhook?branchName=master" alt="Azure Pipelines">
+  <a href="https://dev.azure.com/opstreedevops/DevOps/_build?definitionId=4">
+    <img src="https://dev.azure.com/opstreedevops/DevOps/_apis/build/status/k8s-vault-webhook/k8s-vault-webhook?branchName=master" alt="Azure Pipelines">
   </a>
   <a href="https://goreportcard.com/report/github.com/OT-CONTAINER-KIT/k8s-vault-webhook">
     <img src="https://goreportcard.com/badge/github.com/OT-CONTAINER-KIT/k8s-vault-webhook" alt="GoReportCard">
@@ -28,6 +28,8 @@ The motive of creating this project is to provide a dynamic secret injection to
 
 Documentation is available here:- https://ot-container-kit.github.io/k8s-vault-webhook/
 
+Blog Link:- https://blog.opstree.com/2021/09/14/introducing-kubernetes-vault-web-hook/
+
 The secret managers which are currently supported:-
 
 - **[Hashicorp Vault](https://www.vaultproject.io/)**
@@ -35,6 +37,8 @@ The secret managers which are currently supported:-
 - **[Azure Key Vault](https://azure.microsoft.com/en-in/services/key-vault/)**
 - **[GCP Secret Manager](https://cloud.google.com/secret-manager)**
 
+This project is based on secret-consumer-webhook. Please check out the source code at https://github.com/innovia/secrets-consumer-webhook.
+
 ### Supported Features
 
 - Authentication to Hashicorp vault using Kubernetes service-account

scripts/gofmt.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+gofmt_files=$(go fmt ./... | wc -l)
+
+if [[ ${gofmt_files} > 0 ]]
+then
+    echo "Please format golang files using:- go fmt ./..."
+    exit 1
+else
+    echo "All files are formated using gofmt"
+fi

scripts/gosec.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+install_gosec() {
+    curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s latest
+}
+
+execute_gosec() {
+    ./bin/gosec -fmt=junit-xml -out=./bin/results.xml ./... || true
+}
+
+main() {
+    install_gosec
+    execute_gosec
+}
+
+main

scripts/trivy-scan.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+install_trivy() {
+    sudo apt-get install wget apt-transport-https gnupg lsb-release -y
+    wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+    echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+    sudo apt-get update
+    sudo apt-get install trivy -y
+}
+
+execute_trivy() {
+    trivy image --input ${IMAGE_PATH}
+}
+
+main() {
+    install_trivy
+    execute_trivy
+}
+
+main