Added release process

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: ci
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go 1.17
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Verify go.mod is sane
+        run: go mod tidy && git diff --no-patch --exit-code
+
+      - name: Install dependencies
+        run: go mod download
+
+      - name: Build
+        run: make build
+
+      - name: Test
+        run: make test

.github/workflows/release.yml

@@ -0,0 +1,32 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write # needed to write releases
+  id-token: write # needed for keyless signing
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.17.x
+
+      - uses: sigstore/cosign-installer@v2.0.0 # installs cosign
+      - uses: anchore/sbom-action/download-syft@v0.6.0 # installs syft
+
+      - uses: actions/checkout@v2
+
+      - uses: goreleaser/goreleaser-action@v2
+        with:
+          install-only: true
+
+      - name: release
+        run: make release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1 +1,3 @@
 vault
+dist
+bin

.golangci.yml

@@ -0,0 +1,33 @@
+linters:
+  enable:
+    - asciicheck
+    - deadcode
+    - depguard
+    - errcheck
+    - errorlint
+    - gofmt
+    - goimports
+    - gosec
+    - gocritic
+    - importas
+    - prealloc
+    - revive
+    - misspell
+    - stylecheck
+    - tparallel
+    - unconvert
+    - unparam
+    - whitespace
+output:
+  uniq-by-line: false
+issues:
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - errcheck
+        - gosec
+  max-issues-per-linter: 0
+  max-same-issues: 0
+run:
+  issues-exit-code: 1
+  timeout: 10m

.goreleaser.yml

@@ -0,0 +1,85 @@
+project_name: vault-plugin-secrets-quay
+
+env:
+  - GO111MODULE=on
+  - COSIGN_EXPERIMENTAL=true
+
+# Prevents parallel builds from stepping on each others toes downloading modules
+before:
+  hooks:
+    - go mod tidy
+
+gomod:
+  proxy: false
+
+builds:
+  - binary: vault-plugin-secrets-quay-{{ .Os }}-{{ .Arch }}
+    no_unique_dist_dir: true
+    main: ./cmd/vault-plugin-secrets-quay
+    flags:
+      - -trimpath
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+      - arm
+      - s390x
+      - ppc64le
+    goarm:
+      - "7"
+    ignore:
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: s390x
+      - goos: windows
+        goarch: ppc64le
+    ldflags:
+      - "{{ .Env.LDFLAGS }}"
+    env:
+      - CGO_ENABLED=0
+
+signs:
+  # Keyless
+  - id: vault-plugin-secrets-quay-keyless
+    signature: "${artifact}.sig"
+    certificate: "${artifact}.pem"
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    cmd: cosign
+    args:
+      - sign-blob
+      - "--output-certificate=${certificate}"
+      - "--output-signature=${signature}"
+      - "${artifact}"
+    artifacts: binary
+    output: true
+
+archives:
+  - format: binary
+    name_template: "{{ .Binary }}"
+    allow_different_binary_count: true
+
+sboms:
+  - artifacts: binary
+
+checksum:
+  name_template: "checksums.txt"
+
+snapshot:
+  name_template: SNAPSHOT-{{ .ShortCommit }}
+
+release:
+  prerelease: auto
+  draft: false
+  github:
+    owner: sabre1041
+    name: vault-plugin-secrets-quay
+  footer: |
+    ### Thanks for all contributors!