feat: kube walrus

Signed-off-by: thxCode <[email protected]>

.commitsar.yml

@@ -0,0 +1,5 @@
+commits:
+  disabled: false
+  strict: false
+  limit: 100
+  all: false

.dockerignore

@@ -0,0 +1,29 @@
+# Files
+.DS_Store
+*.lock
+*.test
+*.out
+*.swp
+*.swo
+# *.db
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.log
+
+# Dirs
+/.idea
+/.vscode
+/.kube
+/.terraform
+/.vagrant
+/.bundle
+/.cache
+/.docker
+/.entc
+# /.sbin
+# /.dist
+/log
+/certs

.gitattributes

@@ -3,4 +3,3 @@
 **/*.pb.go linguist-generated=true
 **/go.sum linguist-generated=true
 **/zz_generated.*.go linguist-generated=true
-clients linguist-generated=true

.github/ISSUE_TEMPLATE/1_bug_report.md

@@ -0,0 +1,26 @@
+---
+name: Bug report
+about: Create a bug report to help us improve
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+<!-- A clear and concise description of what the bug is. -->
+
+**Steps to reproduce**
+1. Go to '...'
+
+**Result**
+<!-- What happened. -->
+
+**Expected behavior**
+<!-- What you expected to happen. -->
+
+**Environment**
+- Walrus version:
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/2_enhancement.md

@@ -0,0 +1,20 @@
+---
+name: Enhancement request
+about: Issues that improve or augment existing functionality
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**Is your enhancement related to a problem? Please describe.**
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+**Describe the solution you'd like**
+<!-- A clear and concise description of what you want to happen. -->
+
+**Describe alternatives you've considered**
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
+
+**Additional context**
+<!-- Add any other context or screenshots about the feature request here. -->

.github/ISSUE_TEMPLATE/3_question.md

@@ -0,0 +1,10 @@
+---
+name: Question
+about: Question about Walrus
+title: ''
+labels: 'question'
+assignees: ''
+
+---
+
+

.github/ISSUE_TEMPLATE/4_doc.md

@@ -0,0 +1,12 @@
+---
+name: Documentation update
+about: Request to make a documentation update
+title: ''
+labels: 'documentation'
+assignees: ''
+---
+
+**Is your doc request related to a problem? Please describe or add related issue ID.**
+
+**Describe the update you'd like**
+<!-- A clear and concise description of what you want to happen. -->

.github/ISSUE_TEMPLATE/5_other.md

@@ -0,0 +1,7 @@
+---
+name: Other
+about: Anything else
+title: ''
+labels: ''
+assignees: ''
+---

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,9 @@
+<!-- IMPORTANT: Please do not create a Pull Request without creating an issue first. -->
+**Problem:**
+<!-- Explain the problem you are aiming to resolve in this PR. -->
+
+**Solution:**
+<!-- Example: When "Adding a function to do X", explain why it is necessary to have a way to do X. -->
+
+**Related Issue:**
+

.github/workflows/ci.yml

@@ -0,0 +1,199 @@
+name: CI
+
+permissions:
+  contents: read
+  pull-requests: read
+  actions: read
+
+env:
+  REPO: "sealio"
+  VERSION: "${{ github.ref_name }}"
+  PARALLELIZE: "false"
+  GO_VERSION: "1.21.7"
+
+defaults:
+  run:
+    shell: bash
+
+on:
+  workflow_dispatch: { }
+  push:
+    tags:
+      - "v*.*.*"
+    branches:
+      - "main"
+    paths-ignore:
+      - "docs/**"
+      - "**.md"
+      - "**.mdx"
+      - "**.png"
+      - "**.jpg"
+  pull_request:
+    branches:
+      - "main"
+    paths-ignore:
+      - "docs/**"
+      - "**.md"
+      - "**.mdx"
+      - "**.png"
+      - "**.jpg"
+
+jobs:
+  build:
+    timeout-minutes: 60
+    runs-on: ubuntu-22.04
+    steps:
+      # Clean up unused tools to have more disk space in the GitHub hosted runner.
+      - name: Free disk space
+        run:
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # checkout the whole histories for commitsar,
+          # currently commitsar needs full git objects to work correctly.
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Setup Go
+        timeout-minutes: 15
+        uses: actions/setup-go@v5
+        with:
+          go-version: "${{ env.GO_VERSION }}"
+          cache-dependency-path: |
+            **/go.sum
+      - name: Setup Toolbox
+        timeout-minutes: 5
+        uses: actions/cache@v3
+        with:
+          # restore/save service binaries, e.g. goimports, golangci-lint, commitsar.
+          key: toolbox-${{ runner.os }}
+          path: |
+            ${{ github.workspace }}/.sbin
+      - name: Build
+        run: make ci
+        env:
+          LINT_DIRTY: "true"
+          PACKAGE_BUILD: "false"
+          WALRUS_TELEMETRY_API_KEY: "${{ github.event_name != 'pull_request' && secrets.CI_TELEMETRY_API_KEY || '' }}"
+      - name: Archive Publish Result
+        uses: actions/cache/save@v3
+        with:
+          # save package resources, e.g. go build result, downloaded UI, entrypoint script.
+          key: archive-${{ runner.os }}-${{ github.sha }}
+          path: |
+            ${{ github.workspace }}/.dist/package
+
+  publish:
+    needs:
+      - build
+    permissions:
+      contents: write
+      actions: read
+      id-token: write
+    timeout-minutes: 60
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+          persist-credentials: false
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:qemu-v7.0.0
+          platforms: "arm64"
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.CI_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.CI_DOCKERHUB_PASSWORD }}
+      - name: Unarchive Publish Result
+        timeout-minutes: 5
+        uses: actions/cache/restore@v3
+        with:
+          # restore package resources, e.g. go build result, downloaded UI, entrypoint script.
+          key: archive-${{ runner.os }}-${{ github.sha }}
+          path: |
+            ${{ github.workspace }}/.dist/package
+      - name: Get Metadata
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REPO }}/${{ matrix.target }}
+      - name: Package
+        uses: docker/build-push-action@v5
+        id: package
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          file: .dist/package/${{ matrix.target }}/${{ matrix.task }}/image/Dockerfile
+          context: .dist/package/${{ matrix.target }}/${{ matrix.task }}/
+          platforms: "linux/amd64,linux/arm64"
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          # configure build cache,
+          # ref to https://github.com/moby/buildkit/tree/v0.11.5#registry-push-image-and-cache-separately.
+          cache-from: |
+            type=registry,ref=${{ env.REPO }}/build-cache:${{ matrix.target }}-${{ matrix.task }}
+          cache-to: |
+            ${{ github.event_name != 'pull_request' && format('type=registry,mode=max,oci-mediatypes=false,compression=gzip,ref={0}/build-cache:{1}-{2},ignore-error=true', env.REPO, matrix.target, matrix.task) || '' }}
+          build-args: |
+            SERVE_UI_INDEX=${{ startsWith(github.ref, 'refs/tags/') && 'file:///var/lib/walrus/ui' || 'https://walrus-ui-1303613262.cos.ap-guangzhou.myqcloud.com/latest/index.html' }}
+      - name: Setup Cosign
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: sigstore/[email protected]
+        with:
+          cosign-release: v2.0.0
+      - name: Prove
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          set -euo pipefail
+
+          # login
+          cosign login "docker.io" -u "${DOCKERHUB_USERNAME}" -p "${DOCKERHUB_PASSWORD}"
+
+          # prove
+          curl -o slsa-generator --retry 3 --retry-all-errors --retry-delay 3 -sSfL \
+            "https://github.com/slsa-framework/slsa-github-generator/releases/download/${SLSA_GITHUB_GENERATOR_VERSION}/${SLSA_GITHUB_GENERATOR}"
+          chmod a+x slsa-generator
+          predicate_name="predicate.json"
+          ./slsa-generator generate --predicate="${predicate_name}"
+          cosign attest --predicate="${predicate_name}" \
+            --type slsaprovenance \
+            --yes \
+            "${UNTRUSTED_IMAGE}@${UNTRUSTED_DIGEST}"
+        env:
+          COSIGN_EXPERIMENTAL: "1"
+          SLSA_GITHUB_GENERATOR: "slsa-generator-container-linux-amd64"
+          SLSA_GITHUB_GENERATOR_VERSION: "v1.5.0"
+          GITHUB_CONTEXT: "${{ toJSON(github) }}"
+          UNTRUSTED_IMAGE: "${{ env.REPO }}/${{ matrix.target }}"
+          UNTRUSTED_DIGEST: "${{ steps.package.outputs.digest }}"
+          DOCKERHUB_USERNAME: "${{ secrets.CI_DOCKERHUB_USERNAME }}"
+          DOCKERHUB_PASSWORD: "${{ secrets.CI_DOCKERHUB_PASSWORD }}"
+        continue-on-error: true
+      # FIXME(thxCode): remove this step after we adjust the walrus-catalog CI.
+      - name: Upload Assets(CLI)
+        uses: TencentCloud/cos-action@b0aa648235fb35a1bdd6a77f529eb0ac4c2f1c25
+        if: ${{ github.event_name != 'pull_request' }}
+        with:
+          secret_id: ${{ secrets.CI_TECENTCOS_SECRET_ID }}
+          secret_key: ${{ secrets.CI_TECENTCOS_SECRET_KEY }}
+          cos_bucket: ${{ secrets.COS_BUCKET }}
+          cos_region: ${{ secrets.COS_REGION }}
+          local_path: .dist/package/${{ matrix.target }}/${{ matrix.task }}/release
+          remote_path: releases/${{ steps.metadata.outputs.version == 'main' && 'latest' || steps.metadata.outputs.version }}
+          accelerate: true
+          clean: false
+      - name: Release Assets
+        uses: softprops/action-gh-release@v1
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        with:
+          fail_on_unmatched_files: true
+          tag_name: ${{ steps.metadata.outputs.version }}
+          prerelease: ${{ contains(github.ref, 'rc') }}
+          files: .dist/package/${{ matrix.target }}/${{ matrix.task }}/release/*