First commit

Author: Marcelo

.github/dependabot.yml

@@ -0,0 +1,15 @@
+---
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: daily
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily

.github/workflows/ci.yml

@@ -0,0 +1,103 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - uses: golangci/golangci-lint-action@v7
+        with:
+          version: v2.0.2
+          args: -v
+
+  build:
+    needs: lint
+    strategy:
+      matrix:
+        os: [ ubuntu-latest ]
+        goos: [ linux ]
+        goarch: [amd64, arm64, ppc64le]
+    runs-on: ${{ matrix.os }}
+    env:
+      GO111MODULE: on
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Build test for ${{ matrix.goarch }}
+        env:
+          GOARCH: ${{ matrix.goarch }}
+          GOOS: ${{ matrix.goos }}
+        run: GOARCH="${TARGET}" go build ./cmd/main.go
+
+  test-unit:
+    name: Run tests on Linux amd64
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Run tests
+        run: make test
+
+  test-e2e:
+    name: Run e2e tests
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Install bats
+        run: sudo apt install bats
+      - name: Setup registry
+        run: docker run -d --restart=always -p "5000:5000" --name "kind-registry" registry:2
+
+      - name: Get tools
+        working-directory: ./e2e
+        run: ./get_tools.sh
+
+      - name: Setup cluster
+        working-directory: ./e2e
+        run: ./setup_cluster.sh
+
+      - name: "Test: simple"
+        working-directory: ./e2e
+        run: |
+          export TERM=dumb
+          # enable ip6_tables
+          sudo modprobe ip6_tables
+          
+          ./run_all_tests.sh
+
+      - name: Upload logs
+        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        with:
+          name: kind-logs-e2e
+          path: ./e2e/artifacts/

.gitignore

@@ -0,0 +1,28 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+Dockerfile.cross
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+coverage.html
+
+# Go workspace file
+go.work
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~

.golangci.yml

@@ -0,0 +1,65 @@
+
+version: "2"
+run:
+  modules-download-mode: vendor
+linters:
+  enable:
+    - contextcheck
+    - durationcheck
+    - forbidigo
+    - ginkgolinter
+    - gocritic
+    - misspell
+    - nonamedreturns
+    - predeclared
+    - revive
+    - unconvert
+    - unparam
+    - wastedassign
+  disable:
+    - errcheck
+  settings:
+    staticcheck:
+      checks:
+        - all
+        - '-QF1008'  # nested struct reference
+        - '-ST1005'  # capitalized error strings
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - revive
+          - staticcheck
+        text: use ALL_CAPS in Go names; use CamelCase
+      - linters:
+          - revive
+        text: ' and that stutters;'
+      - path: (.+)_test\.go
+        text: 'dot-imports: should not use dot imports'
+      - path: (.+)_test\.go
+        text: "ginkgo-linter: wrong comparison assertion. Consider using (.+)BeZero(.+)"
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gci
+    - gofumpt
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/mlguerrero12)
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

Dockerfile

@@ -0,0 +1,21 @@
+FROM golang:1.24 as builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+
+COPY go.mod go.mod
+COPY go.sum go.sum
+RUN go mod download
+
+COPY cmd/main.go cmd/main.go
+COPY pkg/ pkg/
+
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o multi-networkpolicy-nftables cmd/main.go
+
+FROM fedora:42
+WORKDIR /
+
+RUN dnf install -y nftables
+COPY --from=builder /workspace/multi-networkpolicy-nftables .
+ENTRYPOINT ["/multi-networkpolicy-nftables"]