commit 666a0b379a813611abee9b6b4eb3b12116254833
Author: Markus Pesch <markus.pesch@cryptic.systems>
Date:   Fri Dec 20 11:47:34 2024 +0100

    Initial Commit

diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..b53e68c
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,12 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = false
+
+[Makefile]
+indent_style = tab
\ No newline at end of file
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..1863f48
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+Makefile eol=lf txt
\ No newline at end of file
diff --git a/.github/workflows/build-merge-request.yaml b/.github/workflows/build-merge-request.yaml
new file mode 100644
index 0000000..5a33b46
--- /dev/null
+++ b/.github/workflows/build-merge-request.yaml
@@ -0,0 +1,27 @@
+name: build-merge-request
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ "master" ]
+
+env:
+  REGISTRY_PULL_HOST: ${{ secrets.REGISTRY_PULL_HOST }}
+
+jobs:
+  build:
+    env:
+      SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
+    # Skip the job if the CI was triggered by a pull request that was merged,
+    # because the CI was already running for the pull request.
+    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-pull_request-workflow-when-a-pull-request-merges
+    if: github.event.pull_request.merged == false
+    runs-on:
+    - podman
+    steps:
+    - uses: dedalus-cis4u/with-standard-setup@v2.0.1
+    - name: Run build
+      run: |
+        make container-run/build/build-settings.rpm \
+          BUILD_IMAGE_REGISTRY_HOST=${REGISTRY_PULL_HOST}
\ No newline at end of file
diff --git a/.github/workflows/push-tagged.yaml b/.github/workflows/push-tagged.yaml
new file mode 100644
index 0000000..161b9b0
--- /dev/null
+++ b/.github/workflows/push-tagged.yaml
@@ -0,0 +1,24 @@
+name: push-tagged
+
+on:
+  push:
+    tags:
+    - "*"
+
+env:
+  REGISTRY_PULL_HOST: ${{ secrets.REGISTRY_PULL_HOST }}
+
+jobs:
+  push-tagged:
+    env:
+      SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
+    if: github.repository == 'dedalus-cis4u/build-settings-rpm'
+    runs-on:
+    - podman
+    steps:
+    - uses: dedalus-cis4u/with-standard-setup@v2.0.1
+    - name: Run build
+      run: |
+        make container-run/deploy/build-settings.rpm \
+          BUILD_IMAGE_REGISTRY_HOST=${REGISTRY_PULL_HOST} \
+          VERSION=${GITHUB_REF_NAME}
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..233ae87
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+pkg
+src/prometheus-x509-certificate-exporter
+*.rpm
+**/*.iml
+**/*.idea
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..66cfce6
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,52 @@
+# VERSION / RELEASE
+# If no version is specified as a parameter of make, the last git hash
+# value is taken.
+EPOCH=0
+VERSION?=3.18.0
+RELEASE=0
+ARCH=x86_64
+
+# RPM_PACKAGE_NAME
+# Defines the name of the rpm package. This name is required to install the rpm package with an rpm package manager like
+# dnf, rpm or yum.
+RPM_PACKAGE_NAME=prometheus-x509-certificate-exporter
+RPM_FILE_NAME_SHORT=${RPM_PACKAGE_NAME}.rpm
+RPM_FILE_NAME_FULL:=${RPM_PACKAGE_NAME}-${EPOCH}-${VERSION}-${RELEASE}.${ARCH}.rpm
+
+root_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+# BUILD
+# ==============================================================================
+PHONY:=${RPM_FILE_NAME_SHORT}
+${RPM_FILE_NAME_SHORT}: ${RPM_FILE_NAME_FULL}
+
+${RPM_FILE_NAME_FULL}: clean
+
+	git clone https://github.com/enix/x509-certificate-exporter.git ./src/${RPM_PACKAGE_NAME}
+	go build -C ./src/${RPM_PACKAGE_NAME}/cmd/x509-certificate-exporter/ -o ${RPM_PACKAGE_NAME}
+
+	install -D --mode 0644 "${root_dir}/src/systemd.service" "${root_dir}/pkg/usr/lib/systemd/system/${RPM_PACKAGE_NAME}.service"
+	install -D --mode 0755 --target-directory "${root_dir}/pkg/usr/bin" "${root_dir}/src/${RPM_PACKAGE_NAME}/cmd/x509-certificate-exporter/${RPM_PACKAGE_NAME}"
+	install -D --mode 0600 /dev/null "${root_dir}/pkg/etc/conf.d/${RPM_PACKAGE_NAME}"
+	install -D --mode 0755 --target-directory "${root_dir}/pkg/usr/share/licenses/${RPM_PACKAGE_NAME}" "${root_dir}/src/${RPM_PACKAGE_NAME}/LICENSE"
+
+	rpm-builder \
+		--dir pkg/:/ \
+		--epoch ${EPOCH} \
+		--version ${VERSION} \
+		--release ${RELEASE} \
+		--arch ${ARCH} \
+		--out ${RPM_FILE_NAME_FULL} \
+			${RPM_PACKAGE_NAME}
+
+# # CLEAN
+# # ==============================================================================
+clean:
+	- rm --force --recursive ./pkg ./src/${RPM_PACKAGE_NAME}
+	- rm --force ${RPM_FILE_NAME_FULL}
+
+# PHONY
+# ==============================================================================
+# Declare the contents of the PHONY variable as phony. We keep that information
+# in a variable so we can use it in if_changed.
+.PHONY: ${PHONY}
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..52da238
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# README
\ No newline at end of file
diff --git a/src/systemd.service b/src/systemd.service
new file mode 100644
index 0000000..761d0ec
--- /dev/null
+++ b/src/systemd.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Prometheus exporter for x509 certificate metrics
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+EnvironmentFile=-/etc/conf.d/prometheus-x509-certificate-exporter
+ExecStart=/usr/bin/prometheus-x509-certificate-exporter $EXTRA_ARGS
+ExecReload=/bin/kill -HUP $MAINPID
+User=root
+Group=root
+Restart=on-failure
+RestartSec=5s
+
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file