feat: init alauda-v1.1.0 branch

.github/workflows/alauda-auto-tag.yaml

@@ -0,0 +1,87 @@
+name: Auto Tag for Alauda
+
+on:
+  push:
+    branches:
+      - 'alauda-v*'
+
+permissions:
+  contents: write  # create tags and releases
+  packages: write  # upload packages
+
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # fetch all tags
+
+      - name: Set up Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Extract version and tag prefix
+        id: extract
+        run: |
+          BRANCH_NAME="${GITHUB_REF#refs/heads/}"
+          echo "Branch: $BRANCH_NAME"
+
+          PREFIX="${BRANCH_NAME%%-*}"  # alauda
+          BASE_VERSION="${BRANCH_NAME#${PREFIX}-}"  # v0.62.1
+
+          VERSION_NO_V="${BASE_VERSION#v}"              # 0.62.1
+          MAJOR=$(echo "$VERSION_NO_V" | cut -d. -f1)
+          MINOR=$(echo "$VERSION_NO_V" | cut -d. -f2)
+          PATCH=$(echo "$VERSION_NO_V" | cut -d. -f3)
+
+          echo "MAJOR: $MAJOR, MINOR: $MINOR, PATCH: $PATCH"
+
+          # PATCH + 1
+          NEXT_PATCH=$((PATCH + 1))
+          echo "NEXT_PATCH=$NEXT_PATCH"
+
+          NEXT_VERSION="v${MAJOR}.${MINOR}.${NEXT_PATCH}"   # v0.62.2
+          echo "NEXT_VERSION=$NEXT_VERSION"
+
+          TAG_PREFIX="${NEXT_VERSION}-${PREFIX}"  # v0.62.2-alauda
+          echo "TAG_PREFIX=$TAG_PREFIX"
+
+          echo "prefix=$PREFIX" >> $GITHUB_OUTPUT
+          echo "base_version=$BASE_VERSION" >> $GITHUB_OUTPUT
+          echo "tag_prefix=$TAG_PREFIX" >> $GITHUB_OUTPUT
+
+      - name: Find latest tag with this prefix
+        id: latest
+        run: |
+          TAG_PREFIX="${{ steps.extract.outputs.tag_prefix }}"
+          echo "Looking for tags with prefix: $TAG_PREFIX"
+
+          EXISTING_TAGS=$(git tag --list "${TAG_PREFIX}-*" | sort -V)
+          echo "Existing tags: $EXISTING_TAGS"
+
+          MAX_INDEX=-1
+          for tag in $EXISTING_TAGS; do
+            NUM=${tag##*-}
+            if [[ "$NUM" =~ ^[0-9]+$ && "$NUM" -gt "$MAX_INDEX" ]]; then
+              MAX_INDEX=$NUM
+            fi
+          done
+
+          NEW_INDEX=$((MAX_INDEX + 1))
+          NEW_TAG="${TAG_PREFIX}-${NEW_INDEX}"
+
+          echo "new_tag=$NEW_TAG" >> $GITHUB_OUTPUT
+
+      - name: Create and push new tag
+        run: |
+          NEW_TAG="${{ steps.latest.outputs.new_tag }}"
+          git tag "$NEW_TAG"
+          git push origin "$NEW_TAG"
+
+  release-alauda:
+    name: Release Alauda
+    needs: [tag]
+    uses: ./.github/workflows/reusable-release-alauda.yaml

.github/workflows/build.yaml

@@ -2,9 +2,9 @@ name: Build
 
 on:
   pull_request:
-    branches: ['main']
+    branches: ['main', 'alauda-v*']
   push:
-    branches: [ main ]
+    branches: ['main', 'alauda-v*']
   schedule:
     - cron: '0 0 * * *'
 

.github/workflows/release-alauda.yaml

@@ -0,0 +1,16 @@
+name: Release Alauda
+
+on:
+  push:
+    tags:
+      - "v*-alauda-*"
+  workflow_dispatch:
+
+permissions:
+  contents: write  # create releases
+  packages: write  # upload packages
+
+jobs:
+  release-alauda:
+    name: Release Alauda
+    uses: ./.github/workflows/reusable-release-alauda.yaml

.github/workflows/reusable-release-alauda.yaml

@@ -0,0 +1,33 @@
+name: Release Alauda
+
+on:
+  workflow_call:
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  release:
+    name: alauda-release
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: false
+
+      - name: Set up GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: v2.1.0
+          args: release -f=.goreleaser-alauda.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/scan-alauda.yaml

@@ -0,0 +1,34 @@
+name: Scan vulnerabilities for Alauda
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Scan Go vulnerabilities
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/[email protected]
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: "image/git-init/go.mod"
+          cache: false
+
+      - name: Set up GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: v2.1.0
+          args: release --snapshot -f=.goreleaser-alauda.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'rootfs'
+          scan-ref: 'dist/git-init_linux_amd64_v1/alauda-git-init'
+          exit-code: 1

DEVELOPMENT.md

@@ -0,0 +1,65 @@
+# Git alauda Branch Development Guide
+
+## Background
+
+Previously, git was used as a general-purpose CLI in multiple plugins, each needing to fix git's own vulnerabilities independently.
+
+To avoid duplicate work, we forked the current repository from [git](https://github.com/tektoncd-catalog/git-clone.git) and maintain it through the `alauda-vx.xx.xx` branch.
+
+We use [renovate](https://gitlab-ce.alauda.cn/devops/tech-research/renovate/-/blob/main/docs/quick-start/0002-quick-start.md) to automatically fix vulnerabilities in corresponding versions.
+
+## Repository Structure
+
+Based on the original code, the following content has been added:
+
+- [alauda-auto-tag.yaml](./.github/workflows/alauda-auto-tag.yaml): Automatically tags and triggers goreleaser when a PR is merged into the `alauda-vx.xx.xx` branch
+- [release-alauda.yaml](./.github/workflows/release-alauda.yaml): Supports tag updates or manual triggering of goreleaser (this pipeline is not triggered when tags are automatically created in actions, as actions are designed not to recursively trigger multiple actions)
+- [reusable-release-alauda.yaml](./.github/workflows/reusable-release-alauda.yaml): Executes goreleaser to create releases
+- [scan-alauda.yaml](.github/workflows/scan-alauda.yaml): Performs trivy vulnerability scans (`rootfs` scans go binary)
+- [.goreleaser-alauda.yml](image/git-init/.goreleaser-alauda.yml): Configuration file for releasing alauda versions
+
+## Special Modifications
+
+1. [.goreleaser-alauda.yml](image/git-init/.goreleaser-alauda.yml) is located in the build directory `image/git-init`
+2. The trigger condition for [build.yaml](.github/workflows/build.yaml) has been added with the `alauda-v*` branch
+
+## Pipelines
+
+### Triggered When Submitting a PR
+
+- [build.yaml](.github/workflows/build.yaml): Official testing pipeline, including unit tests, integration tests, etc.
+
+### Triggered When Merging into the alauda-vx.xx.xx Branch
+
+- [alauda-auto-tag.yaml](.github/workflows/alauda-auto-tag.yaml): Automatically tags and triggers goreleaser
+- [reusable-release-alauda.yaml](.github/workflows/reusable-release-alauda.yaml): Executes goreleaser to create releases (triggered by `alauda-auto-tag.yaml`)
+
+### Scheduled or Manual Triggering
+
+- [scan-alauda.yaml](.github/workflows/scan-alauda.yaml): Performs trivy vulnerability scans (`rootfs` scans go binary)
+
+### Others
+
+Other officially maintained pipelines have not been modified, and some irrelevant pipelines have been disabled on the Action page.
+
+## Renovate Vulnerability Fixing Mechanism
+
+The renovate configuration file is [renovate.json](https://github.com/AlaudaDevops/trivy/blob/main/renovate.json)
+
+1. renovate detects vulnerabilities in branches and submits PRs for fixes
+2. PRs automatically run tests
+3. After all tests pass, renovate automatically merges the PR
+4. After the branch is updated, an action automatically tags (e.g., v0.62.1-alauda-0, both patch version and the last digit will increment)
+5. goreleaser automatically publishes releases based on tags
+
+## Maintenance Plan
+
+When upgrading to a new version, follow these steps:
+
+1. Create an alauda branch from the corresponding tag, for example, the `v0.62.1` tag corresponds to the `alauda-v0.62.1` branch
+2. Cherry-pick previous alauda branch changes to the new branch and push
+
+Renovate automatic fixing mechanism:
+1. After renovate submits a PR, pipelines will automatically run; if all tests pass, the PR will be automatically merged
+2. After merging into the `alauda-v0.62.1` branch, goreleaser will automatically create a `v0.62.2-alauda-0` release (note: not `v0.62.1-alauda-0`, because upgrading the version allows renovate to recognize it)
+3. renovate configured in other plugins will automatically fetch artifacts from releases based on configuration

image/git-init/.goreleaser-alauda.yml

@@ -0,0 +1,64 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines below are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 2
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+
+builds:
+  - id: git-init
+    env:
+      - CGO_ENABLED=0
+      - GODEBUG="http2server=0"
+      - GOFLAGS=-buildvcs=false
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    ldflags:
+      - -w -s -X knative.dev/pkg/changeset.rev={{.Version}}
+    flags:
+      - -trimpath
+    tags:
+      - disable_gcp
+    main: ./image/git-init
+    binary: alauda-git-init
+
+archives:
+  - id: archive
+    format: tar.gz
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    format_overrides:
+      - goos: windows
+        format: zip
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+
+release:
+  footer: >-
+
+    ---
+
+    This release is intended for use only as part of the Alauda product suite. 
+    It is not recommended for use by individuals or teams outside of Alauda. 
+    Any consequences arising from its use are the sole responsibility of the user.