RootShell-coder
diff --git a/Diff for: ‎.github/dependabot.yml
+11 b/Diff for: ‎.github/dependabot.yml
+11
diff --git a/Diff for: ‎.github/workflows/ci.yml
+27 b/Diff for: ‎.github/workflows/ci.yml
+27
diff --git a/Diff for: ‎.github/workflows/code-scan-cron.yml
+9 b/Diff for: ‎.github/workflows/code-scan-cron.yml
+9
diff --git a/Diff for: ‎.github/workflows/codeql-analysis.yml
-72 b/Diff for: ‎.github/workflows/codeql-analysis.yml
-72
diff --git a/Diff for: ‎.github/workflows/release.yml
+5-33 b/Diff for: ‎.github/workflows/release.yml
+5-33
diff --git a/Diff for: ‎.github/workflows/test.yml
-49 b/Diff for: ‎.github/workflows/test.yml
-49
diff --git a/Diff for: ‎.gitignore
+4 b/Diff for: ‎.gitignore
+4
diff --git a/Diff for: ‎.gitleaksignore
+18 b/Diff for: ‎.gitleaksignore
+18
diff --git a/Diff for: ‎.golangci.yml
-74 b/Diff for: ‎.golangci.yml
-74
diff --git a/Diff for: ‎CHANGELOG.md
+4 b/Diff for: ‎CHANGELOG.md
+4
diff --git a/Diff for: ‎Makefile
+12-11 b/Diff for: ‎Makefile
+12-11
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  push:
+    tags-ignore:
+    - 'v*'
+    branches:
+    - "master"
+  pull_request:
+  workflow_call:
+    secrets:
+      GITLEAKS_LICENSE_KEY:
+        required: true
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  ci:
+    uses: smallstep/workflows/.github/workflows/goCI.yml@main
+    with:
+      os-dependencies: "libpcsclite-dev"
+      run-gitleaks: true
+      run-codeql: true
+    secrets:
+      GITLEAKS_LICENSE_KEY: ${{ secrets.GITLEAKS_LICENSE_KEY }}
@@ -0,0 +1,9 @@
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  code-scan:
+    uses: smallstep/workflows/.github/workflows/code-scan.yml@main
+    secrets:
+      GITLEAKS_LICENSE_KEY: ${{ secrets.GITLEAKS_LICENSE_KEY }}
@@ -7,41 +7,13 @@ on:
     - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 
 jobs:
-  test:
-    name: Lint, Test, Build
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-        go: [ '1.18', '1.19' ]
-    outputs:
-      is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go }}
-      -
-        name: Install Deps
-        id: install-deps
-        run: sudo apt-get -y install libpcsclite-dev
-      -
-        name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
-        with:
-          version: ${{ secrets.GOLANGCI_LINT_VERSION }}
-          args: --timeout=30m
-      -
-        name: Test, Build
-        id: lint_test_build
-        run: V=1 make ci
+  ci:
+    uses: smallstep/certificates/.github/workflows/ci.yml@main
+    secrets: inherit
 
   create_release:
     name: Create Release
-    needs: test
+    needs: ci
     runs-on: ubuntu-20.04
     outputs:
       debversion: ${{ steps.extract-tag.outputs.DEB_VERSION }}
@@ -132,7 +104,7 @@ jobs:
   build_upload_docker:
     name: Build & Upload Docker Images
     runs-on: ubuntu-20.04
-    needs: test
+    needs: ci
     steps:
       -
         name: Checkout
 
@@ -6,6 +6,10 @@
 *.so
 *.dylib
 
+# Go Workspaces
+go.work
+go.work.sum
+
 # Test binary, build with `go test -c`
 *.test
 
 
@@ -0,0 +1,18 @@
+deac15327f5605a1a963e50818760a95cee9d882:docs/kms.md:generic-api-key:85
+deac15327f5605a1a963e50818760a95cee9d882:docs/kms.md:generic-api-key:107
+deac15327f5605a1a963e50818760a95cee9d882:docs/kms.md:generic-api-key:108
+deac15327f5605a1a963e50818760a95cee9d882:docs/kms.md:generic-api-key:129
+deac15327f5605a1a963e50818760a95cee9d882:docs/kms.md:generic-api-key:131
+deac15327f5605a1a963e50818760a95cee9d882:docs/kms.md:generic-api-key:136
+deac15327f5605a1a963e50818760a95cee9d882:docs/kms.md:generic-api-key:138
+7c9ab9814fb676cb3c125c3dac4893271f1b7ae5:README.md:generic-api-key:282
+fb7140444ac8f1fa1245a80e49d17e206f7435f3:docs/provisioners.md:generic-api-key:110
+e4de7f07e82118b3f926716666b620db058fa9f7:docs/revocation.md:generic-api-key:73
+e4de7f07e82118b3f926716666b620db058fa9f7:docs/revocation.md:generic-api-key:113
+e4de7f07e82118b3f926716666b620db058fa9f7:docs/revocation.md:generic-api-key:151
+8b2de42e9cf6ce99f53a5049881e1d6077d5d66e:docs/docker.md:generic-api-key:152
+3939e855264117e81531df777a642ea953d325a7:autocert/init/ca/intermediate_ca_key:private-key:1
+e72f08703753facfa05f2d8c68f9f6a3745824b8:README.md:generic-api-key:244
+e70a5dae7de0b6ca40a0393c09c28872d4cfa071:autocert/README.md:generic-api-key:365
+e70a5dae7de0b6ca40a0393c09c28872d4cfa071:autocert/README.md:generic-api-key:366
+c284a2c0ab1c571a46443104be38c873ef0c7c6d:config.json:generic-api-key:10
@@ -16,6 +16,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ---
 
 ## [Unreleased]
+### Added
+- Added support for ACME device-attest-01 challenge.
+- Added name constraints evaluation and enforcement when issuing or renewing
+  X.509 certificates.
 
 ## [0.22.1] - 2022-08-31
 ### Fixed
 
@@ -28,8 +28,9 @@ ci: testcgo build
 #########################################
 
 bootstra%:
-	# Using a released version of golangci-lint to take into account custom replacements in their go.mod
-	$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v1.42.0
+	$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $$(go env GOPATH)/bin latest
+	$Q go install golang.org/x/vuln/cmd/govulncheck@latest
+	$Q go install gotest.tools/gotestsum@latest
 
 .PHONY: bootstra%
 
@@ -132,17 +133,18 @@ generate:
 # Test
 #########################################
 test:
-	$Q $(GOFLAGS) go test -short -coverprofile=coverage.out ./...
+	$Q $(GOFLAGS) gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
+
 
 testcgo:
-	$Q go test -short -coverprofile=coverage.out ./...
+	$Q gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
 
 .PHONY: test testcgo
 
 integrate: integration
 
 integration: bin/$(BINNAME)
-	$Q $(GOFLAGS) go test -tags=integration ./integration/...
+	$Q $(GOFLAGS) gotestsum -- -tags=integration ./integration/...
 
 .PHONY: integrate integration
 
@@ -151,15 +153,14 @@ integration: bin/$(BINNAME)
 #########################################
 
 fmt:
-	$Q gofmt -l -s -w $(SRC)
+	$Q goimports -l -w $(SRC)
 
+lint: SHELL:=/bin/bash
 lint:
-	$Q golangci-lint run --timeout=30m
-
-lintcgo:
-	$Q LOG_LEVEL=error golangci-lint run --timeout=30m
+	$Q LOG_LEVEL=error golangci-lint run --config <(curl -s https://raw.githubusercontent.com/smallstep/workflows/master/.golangci.yml) --timeout=30m
+	$Q govulncheck ./...
 
-.PHONY: fmt lint lintcgo
+.PHONY: fmt lint
 
 #########################################
 # Install