diff --git a/.github/workflows/benchmark-gc.yml b/.github/workflows/benchmark-gc.yml index b1678b3..ea967cf 100644 --- a/.github/workflows/benchmark-gc.yml +++ b/.github/workflows/benchmark-gc.yml @@ -1,5 +1,3 @@ -# TODO: Add full length action hashes for all actions - name: Benchmark GC Performance on: @@ -18,15 +16,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: '1.25' - name: Cache Go modules - uses: actions/cache@v3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cache/go-build diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d36e2d3..462b8b2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,11 +2,11 @@ name: Go Build Multi-Platform on: push: - branches: [ "main" ] + branches: [ "main", "master" ] tags: - 'v*' pull_request: - branches: [ "main" ] + branches: [ "main", "master" ] jobs: build: @@ -27,10 +27,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: '1.25' @@ -58,7 +58,7 @@ jobs: echo "Calculated SHA256 for ${output_name}" - name: Upload Artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: reticulum-go-${{ matrix.goos }}-${{ matrix.goarch }} path: reticulum-go-${{ matrix.goos }}-${{ matrix.goarch }}* @@ -74,7 +74,7 @@ jobs: steps: - name: Download All Build Artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: path: ./release-assets @@ -82,6 +82,6 @@ jobs: run: ls -R ./release-assets - name: Create GitHub Release - uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 + uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 with: files: ./release-assets/*/* diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 93689bc..3650a88 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -4,9 +4,11 @@ on: push: branches: - main + - master pull_request: branches: - main + - master permissions: contents: read @@ -34,15 +36,15 @@ jobs: steps: - name: Checkout Source - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go 1.25 - uses: actions/setup-go@v4 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: '1.25' - name: Cache Go modules - uses: actions/cache@v3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/go/pkg/mod diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml index b887cf2..c1746ee 100644 --- a/.github/workflows/gosec.yml +++ b/.github/workflows/gosec.yml @@ -1,13 +1,18 @@ name: Run Gosec + on: push: branches: - main + - master pull_request: branches: - main + - master + permissions: contents: read + jobs: tests: runs-on: ubuntu-latest @@ -15,7 +20,7 @@ jobs: GO111MODULE: on steps: - name: Checkout Source - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Run Gosec Security Scanner uses: securego/gosec@master with: diff --git a/.github/workflows/performance-monitor.yml b/.github/workflows/performance-monitor.yml index f4691dd..1030213 100644 --- a/.github/workflows/performance-monitor.yml +++ b/.github/workflows/performance-monitor.yml @@ -2,9 +2,9 @@ name: Performance Monitor on: push: - branches: [ main ] + branches: [ main, master ] pull_request: - branches: [ main ] + branches: [ main, master ] workflow_dispatch: jobs: @@ -12,10 +12,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: '1.25' diff --git a/.github/workflows/revive.yml b/.github/workflows/revive.yml index 323376d..f08aaee 100644 --- a/.github/workflows/revive.yml +++ b/.github/workflows/revive.yml @@ -2,9 +2,9 @@ name: Go Revive Lint on: push: - branches: [ "main" ] + branches: [ "main", "master" ] pull_request: - branches: [ "main" ] + branches: [ "main", "master" ] jobs: lint: @@ -14,10 +14,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: '1.25' diff --git a/.github/workflows/tinygo.yml b/.github/workflows/tinygo.yml index 7e0e1bc..3fe0c87 100644 --- a/.github/workflows/tinygo.yml +++ b/.github/workflows/tinygo.yml @@ -30,10 +30,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go - uses: actions/setup-go@v6 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 with: go-version: '1.24' @@ -58,7 +58,7 @@ jobs: fi - name: Upload Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: ${{ matrix.name }} path: bin/${{ matrix.output }}* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 297b72c..2d8d404 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,10 +4,32 @@ Be good to each other. ## Communication -Feel free to join our seperate matrix channel for this implementation. +Feel free to join our telegram or matrix channels for this implementation. - [Matrix](https://matrix.to/#/#reticulum-go-dev:matrix.org) +- [Telegram](https://t.me/reticulum_go) ## Usage of LLMs and other Generative AI tools -We would prefer if you did not use LLMs and other generative AI tools to write critical parts of the code. They produce lots of security issues most of the time, some of which can be caught with `gosec` so please make sure to use the proper static analysis tools and best practices with these tools. \ No newline at end of file +You should not use LLMs and other generative AI tools to write critical parts of the code. They can produce lots of security issues and outdated code when used incorrectly. You are not required to report that you are using these tools. + +## Static Analysis Tools + +You are welcome to use the following tools, however there are actions in place to ensure the code is linted and checked with gosec. + +### Linting (optional) + +[Revive](https://github.com/mgechev/revive) + +```bash +revive -config revive.toml -formatter friendly ./pkg/* ./cmd/* ./internal/* +``` + +### Security (optional) + +[Gosec](https://github.com/securego/gosec) + +```bash +gosec ./... +``` + diff --git a/README.md b/README.md index a41d90c..faad68d 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,64 @@ +[![Socket Badge](https://socket.dev/api/badge/go/package/github.com/sudo-ivan/reticulum-go?version=v0.4.0)](https://socket.dev/go/package/github.com/sudo-ivan/reticulum-go) +![Multi-Platform Tests](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/go-test.yml/badge.svg) +![Gosec Scan](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/gosec.yml/badge.svg) +[![Multi-Platform Build](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/build.yml/badge.svg)](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/build.yml) +[![Revive Linter](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/revive.yml/badge.svg)](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/revive.yml) + # Reticulum-Go +A Go implementation of the [Reticulum Network Protocol](https://github.com/markqvist/Reticulum). + > [!WARNING] -> This project is still work in progress. Currently not compatible with the Python version. +> This project is currently in development and is not yet compatible with the Python reference implementation. -[![Socket Badge](https://socket.dev/api/badge/go/package/github.com/sudo-ivan/reticulum-go?version=v0.4.0)](https://socket.dev/go/package/github.com/sudo-ivan/reticulum-go) -![Go Test Multi-Platform](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/go-test.yml/badge.svg) -![Run Gosec](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/gosec.yml/badge.svg) -[![Go Build Multi-Platform](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/build.yml/badge.svg)](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/build.yml) -[![Go Revive Lint](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/revive.yml/badge.svg)](https://github.com/Sudo-Ivan/Reticulum-Go/actions/workflows/revive.yml) +## Goals -[Reticulum Network](https://github.com/markqvist/Reticulum) implementation in Go `1.25+`. +- To be fully compatible with the Python reference implementation. +- Additional privacy and security features. +- Support for a broader range of platforms and architectures old and new. -Aiming to be fully compatible with the Python version. +## Quick Start -Feel free to join our seperate [matrix](https://matrix.to/#/#reticulum-go-dev:matrix.org) channel for this implementation. +### Prerequisites -## Usage +- Go 1.24 or later -### Building +### Build -Requires Go 1.25+ - -``` -make install +```bash make build +``` + +### Run + +```bash make run ``` -### Experimental Green Tea GC +### Test -New GC as of Go 1.25. +```bash +make test +``` -See [greenteagc github issue](https://github.com/golang/go/issues/73581) for more info. +## Embedded systems and WebAssembly + +For building for WebAssembly and embedded systems, see the [tinygo branch](https://github.com/Sudo-Ivan/Reticulum-Go/tree/tinygo). Requires TinyGo 0.37.0+. + +```bash +make tinygo-build +make tinygo-wasm +``` + +### Experimental Features + +Build with experimental Green Tea GC (Go 1.25+): ```bash make build-experimental ``` -## Linter +## Official Channels -[Revive](https://github.com/mgechev/revive) - -```bash -revive -config revive.toml -formatter friendly ./pkg/* ./cmd/* ./internal/* -``` - -## Cryptographic Libraries - -- `golang.org/x/crypto` `v0.42.0` - Cryptographic primitives +- [Telegram](https://t.me/reticulum_go) +- [Matrix](https://matrix.to/#/#reticulum-go-dev:matrix.org) \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md index 9869e07..c0c7408 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,9 +2,9 @@ We use [Socket](https://socket.dev/), [Deepsource](https://deepsource.com/) and [gosec](https://github.com/securego/gosec) for this project. -## Strict Verfication of Contributors and Code Quality +## Supply Chain Security -We are strict about the quality of the code and the contributors. Please read the [CONTRIBUTING.md](CONTRIBUTING.md) file for more information. +- All actions are pinned to a commit hash. ## Cryptography Dependencies