Go Migration

.github/workflows/release.yml

@@ -0,0 +1,135 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version (e.g., v1.0.0)'
+        required: true
+        type: string
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - goos: linux
+            goarch: amd64
+          - goos: linux
+            goarch: arm64
+          - goos: darwin
+            goarch: amd64
+          - goos: darwin
+            goarch: arm64
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: master
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+
+      - name: Build crypt-server
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+          CGO_ENABLED: 0
+        run: |
+          go build -ldflags="-s -w -X main.Version=${{ inputs.version }}" -o crypt-server ./cmd/crypt-server
+
+      - name: Build cryptctl
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+          CGO_ENABLED: 0
+        run: |
+          go build -ldflags="-s -w -X main.Version=${{ inputs.version }}" -o cryptctl ./cmd/cryptctl
+
+      - name: Create archive
+        run: |
+          mkdir -p dist
+          cp -r web dist/
+          cp crypt-server cryptctl dist/
+          cd dist
+          zip -r ../crypt-server-${{ inputs.version }}-${{ matrix.goos }}-${{ matrix.goarch }}.zip .
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: crypt-server-${{ matrix.goos }}-${{ matrix.goarch }}
+          path: crypt-server-${{ inputs.version }}-${{ matrix.goos }}-${{ matrix.goarch }}.zip
+
+  release:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: master
+
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ inputs.version }}
+          name: ${{ inputs.version }}
+          draft: false
+          prerelease: false
+          files: artifacts/**/*.zip
+          generate_release_notes: true
+
+  docker:
+    needs: release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: master
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=${{ inputs.version }}
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/tests.yml

@@ -0,0 +1,76 @@
+name: Tests
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+
+      - name: Run unit tests
+        run: go test -v ./...
+
+  integration-sqlite:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+
+      - name: Build cryptctl
+        run: go build -o cryptctl ./cmd/cryptctl/
+
+      - name: Generate encryption key
+        run: ./cryptctl gen-key > /tmp/test_key.txt
+
+      - name: Run SQLite integration tests
+        run: ./cryptctl integration-test -db sqlite -key-file /tmp/test_key.txt
+
+  integration-postgres:
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres:15
+        env:
+          POSTGRES_USER: crypt
+          POSTGRES_PASSWORD: crypt_test_password
+          POSTGRES_DB: crypt_test
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+
+      - name: Build cryptctl
+        run: go build -o cryptctl ./cmd/cryptctl/
+
+      - name: Generate encryption key
+        run: ./cryptctl gen-key > /tmp/test_key.txt
+
+      - name: Run PostgreSQL integration tests
+        run: |
+          ./cryptctl integration-test \
+            -db postgres \
+            -db-url "postgres://crypt:crypt_test_password@localhost:5432/crypt_test?sslmode=disable" \
+            -key-file /tmp/test_key.txt

.gitignore

@@ -10,3 +10,16 @@ keyset
 *.db
 
 .vscode
+.gocache/*
+
+/cryptctl
+/crypt-server
+.field-encryption-key
+
+# SAML config (contains environment-specific paths)
+saml-config.yaml
+okta-metadata.xml
+sp.crt
+sp.key
+
+.claude/settings.local.json

AGENTS.md

@@ -0,0 +1 @@
+CLAUDE.md

CLAUDE.md

@@ -0,0 +1,5 @@
+- Always write unit tests for all code you write
+- Unit tests should use Testify
+- All user input should be protected from CSRF
+- If you are editing code that is configured by end users, either via environment variables, config file or flags, ensure that you update documentation accordingly
+- Use `go fmt` to format your code