StackVista · viliakov · Oct 17, 2025 · Oct 15, 2025 · Oct 16, 2025
diff --git a/.github/actions/quay/action.yml b/.github/actions/quay/action.yml
@@ -0,0 +1,60 @@
+name: 'Run command in Quay image'
+description: 'Run a command in a quay.io container'
+inputs:
+  image:
+    description: 'Image'
+    required: true
+  options:
+    description: 'Options for the container'
+    required: false
+  run:
+    description: 'Args for the container entrypoint'
+    required: false
+  entrypoint:
+    description: 'Container entrypoint to use'
+    required: false
+runs:
+  using: 'composite'
+  steps:
+    - name: Log in to the Container registry
+      uses: docker/login-action@v3
+      with:
+        registry: quay.io
+        username: ${{ env.QUAY_USER }}
+        password: ${{ env.QUAY_PASSWORD }}
+    - name: Run command
+      shell: bash
+      run: |
+        export ENTRYPOINT='${{ inputs.entrypoint }}'
+        export COMMAND='${{ inputs.run }}'
+        export COMMAND_PREFIX=''
+
+        # Prep for a shell script.
+        if [[ $ENTRYPOINT == '' ]]; then
+           ENTRYPOINT='sh'
+           COMMAND_PREFIX='-c'
+           COMMAND=$(echo "$COMMAND" | sed -r '/^\s*$/d')
+           COMMAND=${COMMAND//$'\n'/ ; }
+        fi
+
+        # Strip newlines in options.
+        export OPTIONS='${{ inputs.options }}'
+        OPTIONS=${OPTIONS//$'\n'/ }
+
+        # Sanitize the image name.
+        export IMAGE='${{ inputs.image }}'
+        IMAGE=${IMAGE//$'\n'/}
+
+        # Prep the workspace.
+        export WORKSPACE='${{ github.workspace }}'
+        WORKSPACE=${WORKSPACE//$'\n'/}
+
+        # Prep volumes.
+        export VOLUMES="-v /var/run/docker.sock:/var/run/docker.sock -v $WORKSPACE:/workspace"
+
+        # Run the command in docker.
+        if [[ $COMMAND == *\;* ]]; then
+          docker run $VOLUMES $OPTIONS --entrypoint=$ENTRYPOINT $IMAGE $COMMAND_PREFIX "$COMMAND"
+        else
+          docker run $VOLUMES $OPTIONS --entrypoint=$ENTRYPOINT $IMAGE $COMMAND_PREFIX $COMMAND
+        fi
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,166 @@
+name: CI
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+
+  # Allows to run this via the Actions tab
+  workflow_dispatch:
+
+env:
+  REGISTRY: quay.io
+
+jobs:
+  lint:
+    permissions:
+      # Required: allow read access to the content for analysis.
+      contents: read
+      # Optional: allow read access to pull request. Use with `only-new-issues` option.
+      pull-requests: read
+      # Optional: Allow write access to checks to allow the action to annotate code in the PR.
+      checks: write
+    name: Linter
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.x"
+          cache: false
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v8
+        with:
+          # Require: The version of golangci-lint to use.
+          # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version.
+          # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit.
+          version: v2.5.0
+
+  check-license:
+    name: License scan
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    env:
+      REPORT_FILE: gl-license-scanning-report.json
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.x"
+      - name: License scanning
+        run: |
+          go install github.com/google/go-licenses@latest
+          go-licenses check . --disallowed_types=forbidden,restricted
+      - name: Generate license report
+        run: |
+          go-licenses report . > licenses.csv
+      - name: Save license scan report
+        uses: actions/upload-artifact@v4
+        with:
+          name: license_scanning
+          path: licenses.csv
+
+  check-go-releaser:
+    name: Go releaser check
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.x"
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          # 'latest', 'nightly', or a semver
+          version: v1.25.1
+          args: check
+
+  test:
+    name: Tests
+    needs:
+      - lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.x"
+      - name: Run tests
+        run: go test -v ./...
+
+  publish:
+    name: Publish the release
+    if: ${{ github.ref_type == 'tag' }}
+    needs:
+      - test
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    env:
+      TAG: ${{ github.ref_name }}
+      S3_BUCKET: "s3://cli-dl.stackstate.com/stackstate-backup-cli/"
+      QUAY_USER: ${{ secrets.QUAY_USER }}
+      QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.x"
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Go releaser publish
+        uses: goreleaser/goreleaser-action@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          # 'latest', 'nightly', or a semver
+          version: v1.25.1
+          args: release
+      - name: Write latest version to file
+        run: mkdir -p dist && echo "${{ env.TAG }}" > dist/LATEST_VERSION
+
+      - name: Authenticate with AWS
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+      - name: Publish latest version to S3
+        run: |
+          echo "aws s3 cp dist/LATEST_VERSION ${{ env.S3_BUCKET }}"
+          aws s3 cp dist/LATEST_VERSION ${{ env.S3_BUCKET }}
+
+      - name: Publish installers to S3
+        run: |
+          echo "aws s3 cp scripts/publish/installers/ ${{ env.S3_BUCKET }} --recursive"
+          aws s3 cp scripts/publish/installers/ ${{ env.S3_BUCKET }} --recursive
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,25 @@
+bin/
+dist/
+.idea/
+sts-backup
+stackstate-backup-cli
+
+sts-toolbox.yaml
+values.yaml
+
+.vscode/launch.json
+
+__debug_bin
+
+pkged.go
+vendor/
+result
+
+*.swp
+
+.go/
+.gocache/
+release-notes.md
+release-notes.json
+
+.localdev/
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,79 @@
+version: "2"
+run:
+  concurrency: 4
+  issues-exit-code: 1
+  tests: true
+linters:
+  default: none
+  enable:
+    - copyloopvar
+    - dogsled
+    - dupl
+    - errcheck
+    - exhaustive
+    - funlen
+    - goconst
+    - gocritic
+    - gocyclo
+    - goprintffuncname
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - mnd
+    - nakedret
+    - noctx
+    - nolintlint
+    - rowserrcheck
+    - staticcheck
+    - unconvert
+    - unparam
+    - unused
+    - whitespace
+    - gosec
+    - bodyclose
+    - depguard
+    - revive
+  settings:
+    depguard:
+      rules:
+        main:
+          list-mode: lax
+          allow:
+            - $gostd
+            - github.com/stackvista
+    funlen:
+      lines: 100
+      statements: 60
+    lll:
+      line-length: 250
+    mnd:
+      checks:
+        - argument
+        - case
+        - condition
+        - return
+    nolintlint:
+      require-specific: true
+      allow-unused: true
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$