chore: Create branch for project modifications testing

Reviewed-on: #3

.chglog/CHANGELOG.tpl.md

@@ -0,0 +1,44 @@
+{{ if .Versions -}}
+{{ if .Unreleased.CommitGroups -}}
+<a name="unreleased"></a>
+## [Unreleased]
+
+{{ range .Unreleased.CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ else }}
+_Nothing functionally significant._
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{- if .Versions }}
+[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
+{{ range .Versions -}}
+{{ if .Tag.Previous -}}
+[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
+{{ end -}}
+{{ end -}}
+{{ end -}}

.chglog/config.yml

@@ -0,0 +1,33 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://forge.cadoles.com//
+options:
+  commits:
+    filters:
+      Type:
+        - feat
+        - fix
+        - perf
+        - refactor
+        - docs
+  commit_groups:
+    title_maps:
+      feat: Features
+      fix: Bug Fixes
+      perf: Performance Improvements
+      refactor: Code Refactoring
+      docs: Documentation
+  header:
+    pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
+    pattern_maps:
+      - Type
+      - Scope
+      - Subject
+  notes:
+    keywords:
+      - BREAKING CHANGE
+  issues:
+    prefix:
+      - '#'

.gitignore

@@ -10,4 +10,6 @@ dist/
 /apps
 /server-key.json
 /.emissary-token
-/out
+/out
+.mktools/
+/CHANGELOG.md

Jenkinsfile

@@ -19,7 +19,7 @@ pipeline {
                 }
             }
         }
-        
+
         stage('Run unit tests') {
             steps {
                 script {
@@ -58,20 +58,22 @@ pipeline {
                             passwordVariable: 'GITEA_RELEASE_PASSWORD'
                         ])
                     ]) {
-                        sh 'make gitea-release'
-                    }
-                    def currentVersion = sh(returnStdout: true, script: 'make full-version').trim()
-                    if (currentVersion.endsWith('-dirty')) {
-                        unstable('Could not trigger emissary-firmware build, dirty version !')
-                    } else {
-                        build(
-                            job: "../emissary-firmware/${env.GIT_BRANCH}",
-                            parameters: [
-                                [$class: 'StringParameterValue', name: 'emissaryRelease', value: currentVersion]
-                            ],
-                            wait: false
-                        )
+                        sh """
+                        export MKT_PROJECT_VERSION_BRANCH_NAME=${env.BRANCH_NAME}
+                        make mktools
+                        make gitea-release
+                        """
                     }
+
+                    String currentVersion = sh(script: "MKT_PROJECT_VERSION_BRANCH_NAME=${env.BRANCH_NAME} make version", returnStdout: true).trim()
+
+                    build(
+                        job: "../emissary-firmware/${env.GIT_BRANCH}",
+                        parameters: [
+                            [$class: 'StringParameterValue', name: 'emissaryRelease', value: currentVersion]
+                        ],
+                        wait: false
+                    )
                 }
             }
         }

Makefile

@@ -5,12 +5,9 @@ GITCHLOG_ARGS ?=
 SHELL := /bin/bash
 
 EMISSARY_VERSION ?= 
-GIT_VERSION := $(shell git describe --always)
-DATE_VERSION := $(shell date +%Y.%-m.%-d)
-FULL_VERSION := v$(DATE_VERSION)-$(GIT_VERSION)$(if $(shell git diff --stat),-dirty,)
 
 DOCKER_IMAGE_NAME ?= bornholm/emissary
-DOCKER_IMAGE_TAG ?= $(FULL_VERSION)
+DOCKER_IMAGE_TAG ?= $(MKT_PROJECT_VERSION)
 
 GOTEST_ARGS ?= -short
 
@@ -45,7 +42,7 @@ build-emissary-%: deps ## Build executable
 		-v \
 		-ldflags "\
 			-X 'main.GitRef=$(shell git rev-parse --short HEAD)' \
-			-X 'main.ProjectVersion=$(FULL_VERSION)' \
+			-X 'main.ProjectVersion=$(MKT_PROJECT_VERSION)' \
 			-X 'main.BuildDate=$(shell date --utc --rfc-3339=seconds)' \
 		" \
 		-o ./bin/$* \
@@ -66,7 +63,7 @@ run-emissary-%: .env
 	( set -o allexport && source .env && set +o allexport && bin/$* $(EMISSARY_CMD))
 
 .PHONY: deps
-deps: .env
+deps: .env .mktools
 
 .PHONY: dump-config
 dump-config: build-emissary
@@ -74,27 +71,8 @@ dump-config: build-emissary
 	./bin/emissary config dump > tmp/config.yml
 
 .PHONY: goreleaser
-goreleaser: deps
-	( set -o allexport && source .env && set +o allexport && VERSION=$(GORELEASER_VERSION) curl -sfL https://goreleaser.com/static/run | GORELEASER_CURRENT_TAG="$(FULL_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
-
-.PHONY: start-release
-start-release:
-	if [ -z "$(EMISSARY_VERSION)" ]; then echo "You must define environment variable FAQD_VERSION"; exit 1; fi
-	
-	git flow release start $(EMISSARY_VERSION)
-
-	# Update package.json version
-	jq '.version = "$(EMISSARY_VERSION)"' package.json | sponge package.json
-	git add  package.json
-	git commit -m "chore: bump to version $(EMISSARY_VERSION)" --allow-empty
-
-	echo "Commit you additional modifications then execute 'make finish-release'"
-
-.PHONY: finish-release
-finish-release:
-	git flow release finish -m "v$(EMISSARY_VERSION)"
-	git push --all
-	git push --tags
+goreleaser: .mktools
+	( set -o allexport && source .env && set +o allexport && VERSION=$(GORELEASER_VERSION) curl -sfL https://goreleaser.com/static/run | GORELEASER_CURRENT_TAG="$(MKT_PROJECT_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
 
 install-git-hooks:
 	git config core.hooksPath .githooks
@@ -119,32 +97,28 @@ deploy-openwrt-agent:
 	scp dist/emissary-agent_linux_arm_6/emissary root@$(OPENWRT_DEVICE):/usr/bin/emissary
 	ssh root@$(OPENWRT_DEVICE) /etc/init.d/emissary-agent start
 
-gitea-release: tools/gitea-release/bin/gitea-release.sh goreleaser
+gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh goreleaser changelog
 	mkdir -p .gitea-release
 	rm -rf .gitea-release/*
 
 	cp dist/*.tar.gz .gitea-release/
 	cp dist/*.apk .gitea-release/
 	cp dist/*.deb .gitea-release/
+	cp CHANGELOG.md .gitea-release/
 
 	GITEA_RELEASE_PROJECT="emissary" \
 		GITEA_RELEASE_ORG="arcad" \
 		GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
-		GITEA_RELEASE_VERSION="$(FULL_VERSION)" \
-		GITEA_RELEASE_NAME="$(FULL_VERSION)" \
+		GITEA_RELEASE_VERSION="$(MKT_PROJECT_VERSION)" \
+		GITEA_RELEASE_NAME="$(MKT_PROJECT_VERSION)" \
 		GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
 		GITEA_RELEASE_IS_DRAFT="false" \
 		GITEA_RELEASE_BODY="" \
 		GITEA_RELEASE_ATTACHMENTS="$$(find .gitea-release/* -type f)" \
 		tools/gitea-release/bin/gitea-release.sh
 
-tools/gitea-release/bin/gitea-release.sh:
-	mkdir -p tools/gitea-release/bin
-	curl --output tools/gitea-release/bin/gitea-release.sh https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/gitea/gitea-release.sh
-	chmod +x tools/gitea-release/bin/gitea-release.sh
-
 .emissary-token:
-	$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer > .emissary-token"
+	$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer --output .emissary-token"
 
 AGENT_ID ?= 1
 
@@ -153,8 +127,8 @@ load-sample-specs:
 	cat misc/spec-samples/proxy.emissary.cadoles.com.json | ./bin/server api agent spec update -a $(AGENT_ID) --no-patch --spec-data - --spec-name proxy.emissary.cadoles.com
 	cat misc/spec-samples/mdns.emissary.cadoles.com.json | ./bin/server api agent spec update -a $(AGENT_ID) --no-patch --spec-data - --spec-name mdns.emissary.cadoles.com
 
-full-version:
-	@echo $(FULL_VERSION)
+version: .mktools
+	@echo $(MKT_PROJECT_VERSION)
 
 update-edge-lib:
 	git pull --rebase
@@ -163,4 +137,18 @@ update-edge-lib:
 	$(MAKE) test
 	git add go.mod go.sum
 	git commit -m "feat: update arcad/edge dependency"
-	git push
+	git push
+
+.PHONY: changelog
+changelog: .mktools
+	$(MAKE) MKT_GIT_CHGLOG_ARGS='--next-tag $(MKT_PROJECT_VERSION) --tag-filter-pattern $(MKT_PROJECT_VERSION_CHANNEL) --output CHANGELOG.md' mkt-changelog
+
+.PHONY: mktools
+mktools:
+	rm -rf .mktools
+	curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL)
+
+.mktools:
+	$(MAKE) mktools
+
+-include .mktools/*.mk

doc/README.md

@@ -24,3 +24,7 @@ See:
 
 - [`misc/packaging/common/config-agent.yml`](../misc/packaging/common/config-agent.yml)
 - [`misc/packaging/common/config-server.yml`](../misc/packaging/common/config-server.yml)
+
+### Other projects
+
+- [`emissary-firmware`](https://forge.cadoles.com/arcad/emissary-firmware) - Preconfigured OpenWRT firmwares with an agent

doc/tutorials/fr/first-steps.md

@@ -36,7 +36,7 @@
     ```bash
     sudo nmap -sP 192.168.0.*   # À modifier par le préfixe correspondant à votre réseau local
     ```
-    
+
     Une entrée équivalente à la suivante devrait être affichée:
 
     ```bash
@@ -80,9 +80,11 @@
 5. Créer un jeton d'administration:
 
     ```shell
-    sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami) > .emissary-token
+    sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami)
     ```
 
+    > **Note** Le jeton sera stocké dans le répertoire `$HOME/.config/emissary`.
+
 6. Vérifier l'authentification sur l'API:
 
     ```shell

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/alecthomas/participle/v2 v2.0.0-beta.5
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
+	github.com/antonmedv/expr v1.12.7
 	github.com/brutella/dnssd v1.2.6
 	github.com/btcsuite/btcd/btcutil v1.1.3
 	github.com/davecgh/go-spew v1.1.1
@@ -33,7 +34,6 @@ require (
 require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
-	github.com/antonmedv/expr v1.12.7 // indirect
 	github.com/barnybug/go-cast v0.0.0-20201201064555-a87ccbc26692 // indirect
 	github.com/dop251/goja_nodejs v0.0.0-20230320130059-dcf93ba651dd // indirect
 	github.com/gabriel-vasile/mimetype v1.4.1 // indirect

internal/command/api/flag/flag.go

@@ -2,7 +2,6 @@ package flag
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"strings"
 
@@ -12,6 +11,11 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
+const (
+	AuthTokenDefaultHomePath  = "$HOME/.config/emissary/auth-token"
+	AuthTokenDefaultLocalPath = ".emissary-token"
+)
+
 func ComposeFlags(flags ...cli.Flag) []cli.Flag {
 	baseFlags := []cli.Flag{
 		&cli.StringFlag{
@@ -37,10 +41,10 @@ func ComposeFlags(flags ...cli.Flag) []cli.Flag {
 			Aliases: []string{"t"},
 			Usage:   "use `TOKEN` as authentication token",
 		},
-		&cli.StringFlag{
+		&cli.StringSliceFlag{
 			Name:      "token-file",
 			Usage:     "use `TOKEN_FILE` as file containing the authentication token",
-			Value:     ".emissary-token",
+			Value:     cli.NewStringSlice(AuthTokenDefaultLocalPath, AuthTokenDefaultHomePath),
 			TakesFile: true,
 		},
 	}
@@ -55,14 +59,14 @@ type BaseFlags struct {
 	Format     format.Format
 	OutputMode format.OutputMode
 	Token      string
-	TokenFile  string
+	TokenFiles []string
 }
 
 func GetBaseFlags(ctx *cli.Context) *BaseFlags {
 	serverURL := ctx.String("server")
 	rawFormat := ctx.String("format")
 	rawOutputMode := ctx.String("output-mode")
-	tokenFile := ctx.String("token-file")
+	tokenFiles := ctx.StringSlice("token-file")
 	token := ctx.String("token")
 
 	return &BaseFlags{
@@ -70,7 +74,7 @@ func GetBaseFlags(ctx *cli.Context) *BaseFlags {
 		Format:     format.Format(rawFormat),
 		OutputMode: format.OutputMode(rawOutputMode),
 		Token:      token,
-		TokenFile:  tokenFile,
+		TokenFiles: tokenFiles,
 	}
 }
 
@@ -79,18 +83,20 @@ func GetToken(flags *BaseFlags) (string, error) {
 		return flags.Token, nil
 	}
 
-	if flags.TokenFile == "" {
-		return "", nil
+	for _, tokenFile := range flags.TokenFiles {
+		tokenFile = os.ExpandEnv(tokenFile)
+
+		rawToken, err := os.ReadFile(tokenFile)
+		if err != nil && !errors.Is(err, os.ErrNotExist) {
+			return "", errors.WithStack(err)
+		}
+
+		if rawToken == nil {
+			continue
+		}
+
+		return strings.TrimSpace(string(rawToken)), nil
 	}
 
-	rawToken, err := ioutil.ReadFile(flags.TokenFile)
-	if err != nil && !errors.Is(err, os.ErrNotExist) {
-		return "", errors.WithStack(err)
-	}
-
-	if rawToken == nil {
-		return "", nil
-	}
-
-	return strings.TrimSpace(string(rawToken)), nil
+	return "", nil
 }

internal/command/server/auth/create_token.go

@@ -2,8 +2,11 @@ package auth
 
 import (
 	"fmt"
+	"os"
+	"path/filepath"
 
 	"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
+	"forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
 	"forge.cadoles.com/Cadoles/emissary/internal/command/common"
 	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
 	"github.com/lithammer/shortuuid/v4"
@@ -26,6 +29,13 @@ func CreateTokenCommand() *cli.Command {
 				Usage: "associate `SUBJECT` to the token",
 				Value: fmt.Sprintf("user-%s", shortuuid.New()),
 			},
+			&cli.StringFlag{
+				Name:      "output",
+				Aliases:   []string{"o"},
+				TakesFile: true,
+				Usage:     "output token to `OUTPUT` (or '-' to print to stdout)",
+				Value:     flag.AuthTokenDefaultHomePath,
+			},
 		},
 		Action: func(ctx *cli.Context) error {
 			conf, err := common.LoadConfig(ctx)
@@ -35,6 +45,7 @@ func CreateTokenCommand() *cli.Command {
 
 			subject := ctx.String("subject")
 			role := ctx.String("role")
+			output := ctx.String("output")
 
 			localAuth := conf.Server.Auth.Local
 			if localAuth == nil {
@@ -51,7 +62,23 @@ func CreateTokenCommand() *cli.Command {
 				return errors.WithStack(err)
 			}
 
-			fmt.Println(token)
+			output = os.ExpandEnv(output)
+
+			if output == "-" {
+				fmt.Println(token)
+			} else {
+				outputDirectory := filepath.Dir(output)
+
+				if err := os.MkdirAll(outputDirectory, os.FileMode(0o700)); err != nil {
+					return errors.WithStack(err)
+				}
+
+				if err := os.WriteFile(output, []byte(token), os.FileMode(0o600)); err != nil {
+					return errors.WithStack(err)
+				}
+
+				fmt.Printf("Token written to '%s'.\n", output)
+			}
 
 			return nil
 		},

misc/packaging/common/config-agent.yml

@@ -1,26 +1,55 @@
+# Emissary agent configuration
+
+# Logger configuration
 logger:
+  # Logging verbosity
+  # DEBUG: 0
+  # INFO: 1
+  # WARN: 2
+  # ERROR: 3
+  # CRITICAL: 4
   level: 1
+  # Logging format
+  # Possible values: human, json
   format: human
+
+# Agent configuration
 agent:
+  # Emissary server URL
   serverUrl: http://127.0.0.1:3000
+  # Agent private key path
   privateKeyPath: /var/lib/emissary/agent-key.json
-  reconciliationInterval: 5
+  # Agent reconciliation interval (in seconds)
+  reconciliationInterval: 30
+
+  # Controllers configuration
   controllers:
+    # Persistence controller configuration
     persistence:
       enabled: true
       stateFile: /var/lib/emissary/state.json
+
+    # Spec controller configuration
     spec:
       enabled: true
+    
+    # Proxy controller configuration
     proxy:
       enabled: true
+
+    # UCI controller configuration
     uci:
       enabled: true
       binPath: uci
       configBackupFile: /var/lib/emissary/uci-backup.conf
+    
+    # App controller configuration
     app:
       enabled: true
       dataDir: /var/lib/emissary/apps/data
       downloadDir: /var/lib/emissary/apps/bundles
+    
+    # Sysupgrade controller configuration
     sysupgrade:
       enabled: true
       sysupgradeCommand:
@@ -33,6 +62,8 @@ agent:
         - sh
         - -c
         - source /etc/openwrt_release && echo "$DISTRIB_ID-$DISTRIB_RELEASE-$DISTRIB_REVISION"
+  
+  # Collectors configuration
   collectors:
     - name: uname
       command: uname

misc/packaging/common/config-server.yml

@@ -1,13 +1,38 @@
+# Emissary server configuration
+
+# Logger configuration
 logger:
+  # Logging verbosity
+  # DEBUG: 0
+  # INFO: 1
+  # WARN: 2
+  # ERROR: 3
+  # CRITICAL: 4
   level: 1
+  # Logging format
+  # Possible values: human, json
   format: human
+
+# Server configuration
 server:
+  # HTTP server configuration
   http:
+    # Listening address (0.0.0.0 to listen on all interfaces)
     host: 0.0.0.0
+    # Listening port
     port: 3000
+  
+  # Database configuration
   database:
+    # Database driver
+    # Possible values: sqlite
     driver: sqlite
+    # Database DSN
+    # sqlite: see https://github.com/mattn/go-sqlite3#connection-string
     dsn: sqlite:///var/lib/emissary/data.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000
+  
+  # CORS configuration
+  # See https://developer.mozilla.org/en/docs/Glossary/CORS
   cors:
     allowedOrigins: []
     allowCredentials: true
@@ -22,12 +47,25 @@ server:
       - Content-Type
       - Authorization
       - Sentry-Trace
-  debug: false
+  
+  # Auth configuration
   auth:
+    # Local authentication configuration
     local:
       privateKeyPath: /var/lib/emissary/server-key.json
-    roleExtractionRules:
-      - "jwt.role != nil ? str(jwt.role) : ''"
+    
+    # Remote authentication configuration
+    # Disabled by default
     remote: ~
       # jwksUrl: https://my-server/.well-known/jwks.json
-    
+
+    # Role extraction rules
+    # Permit to derivate user's role 
+    # from the received JWT.
+    #
+    # The first rule returning a non empty
+    # string will define the role of the user.
+    #
+    # The role should be 'reader' or 'writer'.
+    roleExtractionRules:
+      - "jwt.role != nil ? str(jwt.role) : ''"