DevLabFoundry · dnitsch · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: 'gomod'
+    directory: '/'
+    schedule:
+      interval: weekly
+      day: monday
+      timezone: Europe/London
+    open-pull-requests-limit: 50
+    assignees:
+      - dnitsch
+      - elvenspellmaker
+    rebase-strategy: disabled
+    groups:
+      low-risk:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,91 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: write
+  statuses: write
+  checks: write
+  pull-requests: write
+
+jobs:
+  set-version:
+    name: Set Version
+    runs-on: ubuntu-latest
+    container:
+      image: mcr.microsoft.com/dotnet/sdk:10.0
+    outputs:
+      semVer: ${{ steps.gitversion.outputs.semVer }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: install deps
+        run: |
+          apt-get update && apt-get install -y jq git
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          git config user.email ${{ github.actor }}-ci@gha.org
+          git config user.name ${{ github.actor }}
+      - name: Install GitVersion
+        uses: gittools/actions/gitversion/setup@v4.1.0
+        with:
+          versionSpec: "6.x"
+      - name: Set SemVer Version
+        uses: gittools/actions/gitversion/execute@v4.1.0
+        id: gitversion
+
+      - name: echo VERSIONS
+        run: |
+          echo "REVISION  -> $GITHUB_SHA"
+          echo "VERSION -> $GITVERSION_SEMVER"
+
+  test:
+    runs-on: ubuntu-latest
+    name: Run Tests
+    needs: set-version
+    env:
+      SEMVER: ${{ needs.set-version.outputs.semVer }}
+      GIT_TAG: ${{ needs.set-version.outputs.semVer }}
+      GOVCS: false
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Install Eirctl
+        uses: ensono/actions/eirctl-setup@v0.3.1
+
+      - name: Run Lint
+        run: |
+          eirctl run pipeline lints
+      - name: Run Tests
+        run: |
+          eirctl run pipeline gha:unit:test
+
+      - name: Publish Junit style Test Report
+        uses: mikepenz/action-junit-report@v4
+        if: always() # always run even if the previous step fails
+        with:
+          report_paths: "**/.coverage/report-junit.xml"
+
+      - name: Code Coverage Report
+        uses: irongut/CodeCoverageSummary@v1.3.0
+        with:
+          filename: "**/.coverage/report-cobertura.xml"
+          badge: true
+          fail_below_min: false
+          format: markdown
+          hide_branch_rate: false
+          hide_complexity: true
+          indicators: true
+          output: both
+          thresholds: "60 80"
+
+      - name: Add Coverage PR Comment
+        uses: marocchino/sticky-pull-request-comment@v2
+        if: github.event_name == 'pull_request'
+        with:
+          recreate: true
+          path: code-coverage-results.md
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,77 @@
+name: release
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+    branches:
+      - master
+
+permissions:
+  contents: write
+
+jobs:
+  set-version:
+    name: Set Version
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.head_branch == 'master' && github.event.workflow_run.conclusion == 'success' }}
+    container:
+      image: mcr.microsoft.com/dotnet/sdk:10.0
+    outputs:
+      semVer: ${{ steps.gitversion.outputs.semVer }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: install deps
+        run: |
+          apt-get update && apt-get install -y jq git
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          git config user.email ${{ github.actor }}-ci@gha.org
+          git config user.name ${{ github.actor }}
+      - name: Install GitVersion
+        uses: gittools/actions/gitversion/setup@v4.1.0
+        with:
+          versionSpec: "6.x"
+      - name: Set SemVer Version
+        uses: gittools/actions/gitversion/execute@v4.1.0
+        id: gitversion
+        with:
+          overrideConfig: |
+            next-version=3.0.0
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs: set-version
+    env:
+      SEMVER: ${{ needs.set-version.outputs.semVer }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Install Eirctl
+        uses: ensono/actions/eirctl-setup@v0.3.1
+
+      - name: build binary
+        run: |
+          VERSION=${SEMVER} REVISION=$GITHUB_SHA eirctl run pipeline build:bin
+
+      - name: Release binary
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: v${{ needs.set-version.outputs.semVer }}
+          # TODO: add additional info to the release
+          generate_release_notes: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          files: ./dist/*
+          prerelease: true
+
+      - name: release library
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          git config user.email ${{ github.actor }}-ci@gha.org
+          git config user.name ${{ github.actor }}
+          VERSION=${SEMVER} REVISION=$GITHUB_SHA eirctl run tag
diff --git a/.gitignore b/.gitignore
@@ -30,3 +30,11 @@ go.work.sum
 # Editor/IDE
 # .idea/
 # .vscode/
+
+# Added ignores
+.eirctl
+.deps
+.configmanager
+dist/
+local/
+.coverage/
diff --git a/README.md b/README.md
@@ -0,0 +1,7 @@
+# AWS ParameterStore Plugin
+
+This is the `awsparamstr` implementation plugin built using the go-plugin architecture from hashicorp, it is used by the [ConfigManager](https://github.com/DevLabFoundry/configmanager) service.
+
+## Token Prefix
+
+This plugin uses the `AWSPARAMSTR` token prefix.
diff --git a/eirctl.yaml b/eirctl.yaml
@@ -0,0 +1,108 @@
+output: prefixed
+debug: false
+
+import:
+  - https://raw.githubusercontent.com/Ensono/eirctl/refs/tags/0.9.17/shared/build/go/eirctl.yaml
+  - https://raw.githubusercontent.com/Ensono/eirctl/refs/tags/0.9.17/shared/security/eirctl.yaml
+
+contexts:
+  bash:
+    container:
+      name: mirror.gcr.io/bash:5.0.18-alpine3.22
+
+  go1xalpine:
+    container:
+      name: mirror.gcr.io/golang:1.26-alpine
+    envfile:
+      exclude:
+        - GO
+        - CXX
+        - CGO
+
+pipelines:
+  unit:test:
+    - pipeline: test:unit
+      env:
+        ROOT_PKG_NAME: github.com/DevLabFoundry/configmanager-plugin-awsparamstr
+
+  gha:unit:test:
+    - pipeline: unit:test
+    - task: sonar:coverage:prep
+      depends_on: unit:test
+
+  code:coverage:
+    - pipeline: unit:test
+    - task: show_coverage
+      depends_on: unit:test
+
+  build:bin:
+    - task: clean
+    - task: go:build:plugin
+      env:
+        PLUGIN: awsparamstr
+      depends_on: clean
+
+  scan:plugins:
+    - task: trivy:file:system:sbom
+
+tasks:
+  go:build:plugin:
+    context: go1xalpine
+    command:
+      - |
+        mkdir -p .deps
+        unset GOTOOLCHAIN
+        ldflags="-s -w -X \"main.Version=${VERSION}\" -X \"main.Revision=${REVISION}\" -extldflags -static"
+        export GOPATH=/eirctl/.deps GOOS=${BUILD_GOOS} GOARCH=${BUILD_GOARCH} CGO_ENABLED=0 
+        go build -mod=readonly -buildvcs=false -ldflags="$ldflags" \
+        -o dist/$PLUGIN-${BUILD_GOOS}-${BUILD_GOARCH}${BUILD_SUFFIX} main.go
+        echo "---"
+        echo "Built: $PLUGIN-${BUILD_GOOS}-${BUILD_GOARCH}${BUILD_SUFFIX}"
+    reset_context: true
+    variations:
+      - BUILD_GOOS: darwin
+        BUILD_GOARCH: amd64
+        BUILD_SUFFIX: ""
+      - BUILD_GOOS: darwin
+        BUILD_GOARCH: arm64
+        BUILD_SUFFIX: ""
+      - BUILD_GOOS: linux
+        BUILD_GOARCH: amd64
+        BUILD_SUFFIX: ""
+      - BUILD_GOOS: linux
+        BUILD_GOARCH: arm64
+        BUILD_SUFFIX: ""
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: amd64
+        BUILD_SUFFIX: ".exe"
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: arm64
+        BUILD_SUFFIX: ".exe"
+      - BUILD_GOOS: windows
+        BUILD_GOARCH: "386"
+        BUILD_SUFFIX: ".exe"
+    required:
+      env:
+        - PLUGIN
+
+  sonar:coverage:prep:
+    context: bash
+    command:
+      - |
+        sed -i 's|github.com/DevLabFoundry/configmanager/v3/||g' .coverage/out
+        echo "Coverage file first 20 lines after conversion:"
+        head -20 .coverage/out
+        echo "Coverage file line count:"
+        wc -l .coverage/out
+
+  tag:
+    description: |
+      Usage `eirctl tag GIT_TAG=2111dsfsdfa REVISION=as2342432`
+
+    command: |
+      git tag -a ${VERSION} -m "ci tag release" ${REVISION}
+      git push origin ${VERSION}
+    required:
+      env:
+        - VERSION
+        - REVISION
diff --git a/go.mod b/go.mod
@@ -0,0 +1,44 @@
+module github.com/DevLabFoundry/configmanager-plugin-awsparamstr
+
+go 1.26
+
+toolchain go1.26.2
+
+require (
+	github.com/DevLabFoundry/configmanager/v3 v3.0.1-0.20260410185733-4b8db7d72c69
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.68.4
+	github.com/hashicorp/go-hclog v1.6.3
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.14 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 // indirect
+	github.com/aws/aws-sdk-go-v2/service/signin v1.0.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 // indirect
+	github.com/fatih/color v1.19.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/hashicorp/yamux v0.1.2 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/oklog/run v1.2.0 // indirect
+	golang.org/x/net v0.52.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/text v0.35.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d // indirect
+	google.golang.org/grpc v1.80.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2 v1.41.5
+	github.com/aws/aws-sdk-go-v2/config v1.32.14
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect
+	github.com/aws/smithy-go v1.24.3 // indirect
+	github.com/hashicorp/go-plugin v1.7.0
+)