The "read-all" permission has been removed from the CodeQL workflow. Instead, the workflow now includes a specific read permission for contents, ensuring a more precise and secure access level.
The previous autobuild process has been disabled in the Github actions workflow. A new step for Go installation and manual building of the application using Go has been implemented, providing enhanced control and flexibility over the project's build process.
The previous autobuild process has been disabled in the Github actions workflow. A new step for Go installation and manual building of the application using Go has been implemented, providing enhanced control and flexibility over the project's build process.
The Github actions autobuild functionality has been commented out and replaced with manual building using Go. This customized build command ensures better flexibility and control over the build process.
This commit adds "read-all" permissions to golangci-lint, codecov, and sonarqube workflow files. This change ensures that all necessary activities are allowed during the workflow processes.
The commit adds SPDX-FileCopyrightText and SPDX-License-Identifier headers at the top of codeql.yml, specifying a CC0-1.0 license for Winni Neessen's 2022 copyright. It also grants read-all permissions, ensuring all needed activities are allowed in the file's workflow.
SPDX-FileCopyrightText and SPDX-License-Identifier license headers have been added to the top of the scorecard.yml file. The headers pertain to the 2022 copyright of Winni Neessen and define the license to be CC0-1.0.
The version number has been corrected to 1.1.0 from 1.0.1. This change was made in both the README.md file and the apg.go file. This update reflects the new algorithm for binary secrets introduction in version 1.1.0 instead of version 1.0.1.
A new test case named "Pronounce_Mixed" has been added to the file spelling_test.go. This new case helps validate the behavior of the function when dealing with mixed syllables. More specifically, it deals with a situation where a number and a pronounceable syllable are combined, enhancing the overall robustness of the spelling tests.
The test for HasBeenPwned function in hibp_test.go has been updated to handle errors more effectively. Instead of failing the test directly upon encountering an error, it now logs the error and terminates the current subtest. This improves the test's resilience and makes debugging easier.
This commit refactors the way the 'length' variable is initialized in the generateBinary function of the Generator struct in random.go. Notably, it makes use of Go's type inference feature to eliminate the need to explicitly declare the variable type.
This commit updates the password generator to now include a binary mode. This mode produces a 256 bits long fully binary secret which can be used for AES-256 encryption. New flags `-bh` (print hex representation) and `-bn` (new line after secret) have been added for this mode. The version has also been updated to 1.0.1 recognizing this new addition.
This commit introduces a new "Examples" section in the README.md to illustrate usage, ranging from website login password, PIN generation, to phone verification. In addition, it includes a new file under the example-code directory for a PIN generator using apg-go.
This commit rectifies a couple of typographic errors in the README.md file. Notably, there was a typo 'abondoning' which has been corrected to 'abandoning' and, it tidies up punctuation within the sentences. The main focus was to ensure readability and clarity of the documentation.
Corrected all the occurrences of the word 'pronouncable' to correct spelling 'pronounceable' across the README file. Also fixed a small typo 'apt-go', replaced it with the correct term 'apg-go'. The changes ensure correct spelling and consistent terminology in the README document.
The README file has been updated with thorough installation instructions. Changes range from introducing binary and package releases, including their verification using GPG signature, to refactoring the source code installation steps. Additionally, instructions for specific platforms like FreeBSD, Arch Linux, Debian/Redhat/Alpine, etc., have been improved for clarity.
The repetitive code used for password character counting in different scenarios has been consolidated into a single function, matchesMinimumAmount(). This extraction simplifies the main function and makes the code more maintainable, while maintaining the functionality of checking whether the password meets certain character count criteria.
The error message within the test case had a typographical error. The word "length" was incorrectly spelled as "lenght". This has been fixed to enhance the readability of the code.
A new unit test has been added to verify GetCharRangeFromConfig() function. The test ensures that the function properly excludes configured characters from the generated range.
The version number in several instances in the README file and apg.go has been modified from v2.0.0 to v1.0.0. This more accurately reflects the version where the changes were implemented and ensures consistency across all documentation.
Updated the "Winni Neessen" Software signing key contact details in the README file for better readability and neatness. This conveys the same information but in a more compressed, comprehensible manner.
Updated the README file to document new features added in the codebase: codecov badge, pre-built package usage, fixed-length password flag usage, coinflip mode, and the minimum required characters. The goreleaser configuration (`.goreleaser.yaml`) was cleaned up, removing unnecessary sections for docker usage. This clarifies how to execute certain functionalities and makes the goreleaser configuration easier to read and maintain.
A codecov.yml configuration file has been added to specify the coverage target and other codecov settings. The CI pipeline has also been streamlined to directly generate the coverage profile without using grep for filtering ignored code paths. This makes it easier to understand and maintain the testing and coverage reporting process.
The codecov workflow in the CI pipeline has been adjusted to produce more accurate coverage profiles. Previously covered but now-ignored code has been removed from the coverage profile by filtering out desired patterns with 'grep'.
Set file permission during Docker copy action
The Dockerfile has been updated to set the file permission to 555 during the copy action for '/builddir/apg-go'. This change ensures that the appropriate user permissions are set right from when the image is built.
The identifiers include the FileCopyrightText for the years 2021-2024 attributed to Winni Neessen, and the License to be under MIT. This addition brings the file into compliance with licensing standards.
Added a new workflow in '.github/workflows/codecov.yml' that runs on all three OS: Ubuntu, MacOS, and Windows with '1.22' version of Go. This workflow performs a test coverage check and then uploads the coverage data to Codecov. The workflow is activated on every 'push' or 'pull request' to the 'main' branch.
Created a new file "main.go" to add a simple password generator script using the apg library. This piece of code generates a random password with a fixed length of 15 characters including special characters, numeric, lower and uppercase letters.
Project URLs have been changed in several files from "src.neessen.cloud/wneessen/apg-go" to "github.com/wneessen/apg-go". In addition, Dockerfile has been significantly refactored. It now includes steps for tidy and verify of Go modules and builds a statically linked binary. Several metadata files have been added with copyright information.
The .goreleaser.yaml configuration been updated to remove the redundant output line under docker_signs. This change simplifies the configuration without changing the functionality of Docker image signing. The password for the Docker registry is still sourced from the 'COSIGN_PWD' environment variable.
The .goreleaser.yaml configuration has been updated to include Docker image signing. This is accomplished by utilizing 'docker_signs' and specifying 'artifacts: all', allowing to process and authenticate all output Docker images. The user's password for the Docker registry is taken from the environment variable 'COSIGN_PWD'.
The Dockerfile has been streamlined to remove unnecessary steps and over-complications. Previously the setup involved building in a separate stage and copying files over, which has now been simplified to just copying the necessary executable to the scratch container and specifying the entry point.