Add workflows

Author: leocomelli

.github/workflows/build.yml

@@ -0,0 +1,32 @@
+name: Build
+
+on:
+  - push
+  - pull_request
+
+jobs:
+  test-build:
+    name: Test & Build
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Set up Go 1.17
+      uses: actions/setup-go@v2
+      with:
+        go-version: '1.17.1'
+
+    - name: Set GOPATH and PATH
+      run: |
+        echo "GOPATH=$(dirname $GITHUB_WORKSPACE)" >> $GITHUB_ENV
+        echo "$(dirname $GITHUB_WORKSPACE)/bin" >> $GITHUB_PATH
+      shell: bash
+
+    - name: Check out code
+      uses: actions/checkout@v2
+
+    - name: Update build dependencies
+      run: make setup
+
+    - name: Build
+      run: make bin
+

.github/workflows/release.yml

@@ -0,0 +1,51 @@
+name: Release
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  build:
+    name: Create Release
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Set up Go 1.17
+      uses: actions/setup-go@v2
+      with:
+        go-version: '1.17.1'
+
+    - name: Set GOPATH and PATH
+      run: |
+        echo "GOPATH=$(dirname $GITHUB_WORKSPACE)" >> $GITHUB_ENV
+        echo "$(dirname $GITHUB_WORKSPACE)/bin" >> $GITHUB_PATH
+      shell: bash
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Generate releases
+      run: make releases
+
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+      with:
+        tag_name: ${{ github.ref }}
+        release_name: ${{ github.ref }}
+        draft: false
+        prerelease: false
+
+    - name: GitHub Release
+      uses: softprops/action-gh-release@v1
+      if: success()
+      with:
+        draft: true
+        files: |
+          dist/vault-backup_darwin-amd64
+          dist/vault-backup_linux-amd64
+          dist/vault-backup_windows-amd64
+        name: ${{ github.ref }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}

.gitignore

@@ -1,2 +1,3 @@
 vault-backup
 vault.backup*
+dist/

Makefile

@@ -0,0 +1,27 @@
+#!/usr/bin/make
+
+.DEFAULT_GOAL := all
+PLATFORMS := linux/amd64 darwin/amd64 windows/amd64
+
+temp = $(subst /, ,$@)
+os = $(word 1, $(temp))
+arch = $(word 2, $(temp))
+
+.PHONY: setup
+setup:
+	@go mod download
+
+.PHONY: bin
+bin:
+	go build -o ./dist/vault-backup
+
+.PHONY: releases
+releases: $(PLATFORMS)
+
+$(PLATFORMS):
+	GOOS=$(os) GOARCH=$(arch) go build -o 'dist/vault-backup_$(os)-$(arch)'
+
+.PHONY: all
+all:
+	@make -s bin
+

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/hashicorp/vault/api v1.3.0
 	github.com/imdario/mergo v0.3.12
 	github.com/pkg/errors v0.9.1
-	gopkg.in/yaml.v2 v2.3.0
+	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (

go.sum

@@ -327,8 +327,9 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

main.go

@@ -18,6 +18,7 @@ import (
 
 type fnEncode func(interface{}) string
 
+// VaultBackup is all ths information required to make a backup
 type VaultBackup struct {
 	client   *vault.Client
 	paths    []string
@@ -36,6 +37,7 @@ var encode = map[string]fnEncode{
 	},
 }
 
+// NewBackup creates a new backup
 func NewBackup() (*VaultBackup, error) {
 	config := vault.DefaultConfig()
 
@@ -56,7 +58,7 @@ func (b *VaultBackup) store(src map[string]string) error {
 	return nil
 }
 
-func (b *VaultBackup) walk(parent string, paths []string) error {
+func (b *VaultBackup) walk(parent string, paths []string) {
 	for _, p := range paths {
 		if p != "" {
 			p = fmt.Sprintf("%s%s", parent, p)
@@ -70,7 +72,9 @@ func (b *VaultBackup) walk(parent string, paths []string) error {
 				log.Printf("[ERROR] unable to read secret '%s' (%v). \n", p, err)
 			}
 
-			b.store(secrets)
+			if err := b.store(secrets); err != nil {
+				log.Printf("[ERROR] unabled to merge the secrets (%v)", err)
+			}
 
 			continue
 		}
@@ -91,8 +95,6 @@ func (b *VaultBackup) walk(parent string, paths []string) error {
 			b.walk(p, keys)
 		}
 	}
-
-	return nil
 }
 
 func (b *VaultBackup) read(path string) (map[string]string, error) {
@@ -153,7 +155,7 @@ func (b *VaultBackup) write() error {
 		return err
 	}
 
-	return os.WriteFile(b.filename, out, 0644)
+	return os.WriteFile(b.filename, out, 0600)
 }
 
 func main() {
@@ -184,9 +186,7 @@ func main() {
 		client.encode = "base64"
 	}
 
-	if err := client.walk("", client.paths); err != nil {
-		log.Fatal(err)
-	}
+	client.walk("", client.paths)
 
 	if err = client.write(); err != nil {
 		log.Fatal(err)