diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..c86e9c1 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,44 @@ +name: Release +on: push +jobs: + test: + runs-on: ubuntu-18.04 + strategy: + matrix: + go: ['1.11', '1.12', '1.13'] + name: Go ${{ matrix.go }} test + steps: + - uses: actions/checkout@master + - name: Setup go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go }} + - run: go run main.go + build: + runs-on: ubuntu-18.04 + needs: test + strategy: + matrix: + go: ['1.11', '1.12', '1.13'] + name: Go ${{ matrix.go }} build + steps: + - uses: actions/checkout@master + - name: Setup go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go }} + - run: go run main.go + release: + runs-on: ubuntu-18.04 + needs: [test, build] + steps: + - name: Source checkout + uses: actions/checkout@v1 + with: + fetch-depth: 1 + - name: Release + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + npx semantic-release \ No newline at end of file diff --git a/.gitignore b/.gitignore index e413f46..f94a21c 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ **/__debug_bin .vscode +.DS_Store diff --git a/.releaserc.js b/.releaserc.js new file mode 100644 index 0000000..cf2f499 --- /dev/null +++ b/.releaserc.js @@ -0,0 +1,7 @@ +module.exports = { + branch: 'master', + plugins: [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator" + ] + }; \ No newline at end of file diff --git a/README.md b/README.md index cefa308..4d372dd 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,6 @@ # oidc + +[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)] +![Release Badge](https://github.com/caos/oidc/workflows/Release/badge.svg) + OpenID Connect SDK (client and server) for Go diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f7ecc88 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,42 @@ +# Security Policy + +At caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team. + +## Supported Versions + +After the initial Release the following version support will apply + +| Version | Supported | +| ------- | ------------------ | +| 1.x.x | :white_check_mark: (note yet available) | +| 0.x.x | :x: | + +## Reporting a vulnerability + +To file a incident, please disclose by email to security@caos.ch with the security details. + +At the moment GPG encryption is no yet supported, however you may sign your message at will. + +### When should I report a vulnerability + +* You think you discovered a ... + * ... potential security vulnerability in the SDK + * ... vulnerability in another project that this SDK bases on +* For projects with their own vulnerability reporting and disclosure process, please report it directly there + +### When should I NOT report a vulnerability + +* You need help applying security related updates +* Your issue is not security related + +## Security Vulnerability Response + +TBD + +## Public Disclosure + +All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/oidc/security/advisories) + +### Timing + +We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days. diff --git a/main.go b/main.go new file mode 100644 index 0000000..4734979 --- /dev/null +++ b/main.go @@ -0,0 +1,5 @@ +package main +import "fmt" +func main() { + fmt.Println("hello world") +} \ No newline at end of file