Merge pull request 'fix: (issues/12) Create multi-stage CI / CD pipeline' (#13) from issues/12 into main

Reviewed-on: #13

.dockerignore

@@ -0,0 +1,86 @@
+# ---> Go
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+bin/
+tfenv/
+vendor/
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+
+# Ignore various IDE
+.idea
+*.iml
+*.ipr
+.vscode
+debug
+
+# Ignore various temporary files
+*.swp
+*.tmp
+*.bak
+*.log
+*.pid
+
+# Ignore various Drone CI support files
+.drone.secrets
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Ignore  Terraform lock files as they are managed by terraform init
+.terraform.lock*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+*tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+

.drone.yml

@@ -1,16 +1,11 @@
 ---
 kind: pipeline
 type: docker
-name: build amd64
+name: validation
 
 platform:
   arch: amd64
 
-# trigger:
-#   branch:
-#     exclude:
-#       - main
-
 clone:
   depth: 1
 
@@ -20,32 +15,59 @@ volumes:
       path: /run/docker.sock
 
 steps:
-  - name: Build ${DRONE_REPO} Container Image On amd64
-    image: plugins/docker
+  - name: Notify Datadog That We Are Starting
+    image: masci/drone-datadog
+    settings:
+      api_key:
+        from_secret: Datadog
+      events:
+        - title: "Begin Build: ${DRONE_REPO}"
+          text: "Build ${DRONE_BUILD_NUMBER}(${DRONE_COMMIT_LINK})"
+          alert_type: "info"
+
+  - name: Validate code base and dependencies
+    image: dragonheim/golang:1.16.4
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
     environment:
-      GOOS: linux
-      GOARCH: amd64
-    settings:
-      auto_tag: false
-      daemon_off: true
-      debug: false
-      dockerfile: docker/Dockerfile
-      dry_run: true
-      experimental: true
-      mirror: "https://registry.dragonheim.net/"
-      pull_image: false
-      purge: true
-      repo: ${DRONE_REPO}
-      # target: development
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_auth
+      TRIVY_QUIET: true
+      TRIVY_LIGHT: true
+      TRIVY_FORMAT: table
+      TRIVY_IGNORE_UNFIXED: true
+      TRIVY_NO_PROGRESS: true
+    commands:
+      ### Populate temporary container with tools / files we will need for building and testing
+      - apk add --no-cache zeromq-dev zeromq
+      # - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.2
 
-  - name: Send Status To Datadog
+      ### Format the go code. Go does not care about it, but it helps to ensure everything is formated the same.
+      - go fmt ./...
+
+      ### Perform a basic lint of the code, we do this after formatting, just in case there are edge cases with the formatting.
+      - go vet ./...
+
+      ### Run a security check and warn us about lower level vulnerabilities
+      - trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .
+
+      ### Re-run the scan, but this time looking for higher level vulnerabilities that we want to block for.
+      - trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .
+
+      ### Perform unit tests
+      # - @TODO I really don't know how to do unit tests.  Will need to figure this out eventually.
+
+      ### Build test container.
+      # - docker buildx build --platform linux/arm/v7,linux/amd64,linux/arm64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} -f docker/Dockerfile .
+      - docker buildx build --platform linux/amd64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} -f docker/Dockerfile .
+
+      ### Run a security check and warn us about lower level vulnerabilities
+      - trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH ${DRONE_REPO}:${DRONE_COMMIT}
+
+      ### Re-run the scan, but this time looking for critical vulnerabilities that we want to block for.
+      - trivy image --skip-update --exit-code 1 --severity CRITICAL ${DRONE_REPO}:${DRONE_COMMIT}
+
+
+  - name: Notify Datadog That We Have Completed
     image: masci/drone-datadog
     settings:
       api_key:
@@ -54,66 +76,6 @@ steps:
         - title: "Build failure on amd64"
           text: "Build ${DRONE_BUILD_NUMBER}"
           alert_type: "error"
-    when:
-      status:
-        - failure
-
----
-kind: pipeline
-type: docker
-name: build arm
-
-platform:
-  arch: arm
-
-# trigger:
-#   branch:
-#     exclude:
-#       - main
-
-clone:
-  depth: 1
-
-volumes:
-  - name: dockersock
-    host:
-      path: /run/docker.sock
-
-steps:
-  - name: Build ${DRONE_REPO} Container Image On arm
-    image: plugins/docker
-    volumes:
-      - name: dockersock
-        path: /var/run/docker.sock
-    environment:
-      GOOS: linux
-      GOARCH: arm
-    settings:
-      auto_tag: false
-      daemon_off: true
-      debug: false
-      dockerfile: docker/Dockerfile
-      dry_run: true
-      experimental: true
-      mirror: "https://registry.dragonheim.net/"
-      pull_image: false
-      purge: true
-      repo: ${DRONE_REPO}
-      # target: development
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_auth
-
-  - name: Send Status To Datadog
-    image: dragonheim/drone-datadog
-    settings:
-      api_key:
-        from_secret: Datadog
-      events:
-        - title: "Build failure on arm"
-          text: "Build ${DRONE_BUILD_NUMBER}"
-          alert_type: "error"
     when:
       status:
         - failure

.gitignore

@@ -43,3 +43,40 @@ debug
 # Ignore various Drone CI support files
 .drone.secrets
 
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Ignore  Terraform lock files as they are managed by terraform init
+.terraform.lock*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

.trivyignore

@@ -0,0 +1,3 @@
+# No impact in our project
+CVE-2020-29652
+CVE-2020-9283

gagent/main.go

@@ -14,10 +14,10 @@ import (
 
 	docopt "github.com/aviddiviner/docopt-go"
 	hclsimple "github.com/hashicorp/hcl/v2/hclsimple"
-	"github.com/hashicorp/hcl/v2/hclwrite"
-	"github.com/hashicorp/logutils"
+	hclwrite "github.com/hashicorp/hcl/v2/hclwrite"
+	logutils "github.com/hashicorp/logutils"
 	uuid "github.com/nu7hatch/gouuid"
-	"github.com/zclconf/go-cty/cty"
+	cty "github.com/zclconf/go-cty/cty"
 )
 
 const VERSION = "0.0.1"

go.mod

@@ -3,11 +3,13 @@ module git.dragonheim.net/dragonheim/gagent
 go 1.16
 
 require (
+	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/aviddiviner/docopt-go v0.0.0-20170807220726-d8a1d67efc6a
-	github.com/hashicorp/hcl/v2 v2.8.2
+	github.com/hashicorp/hcl/v2 v2.10.0
 	github.com/hashicorp/logutils v1.0.0
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
-	github.com/pebbe/zmq4 v1.2.2
-	github.com/zclconf/go-cty v1.2.0
+	github.com/pebbe/zmq4 v1.2.6
+	github.com/zclconf/go-cty v1.8.3
 	golang.org/x/text v0.3.6 // indirect
 )

go.sum

@@ -1,10 +1,11 @@
-github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
 github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
+github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
 github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0=
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
-github.com/apparentlymart/go-textseg/v12 v12.0.0 h1:bNEQyAGak9tojivJNkoqWErVCQbjdL7GzRt3F8NvfJ0=
-github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
+github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
+github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aviddiviner/docopt-go v0.0.0-20170807220726-d8a1d67efc6a h1:YJuVATwP+Gzk7nys0U/DKjKkoYp1n/sYm0yi5vX8W8M=
 github.com/aviddiviner/docopt-go v0.0.0-20170807220726-d8a1d67efc6a/go.mod h1:pBRbUcGboHT5qBceq2Cg/WIcDbO78a8wPxTg8zmS3Hs=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -12,10 +13,12 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
 github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/hashicorp/hcl/v2 v2.8.2 h1:wmFle3D1vu0okesm8BTLVDyJ6/OL9DCLUwn0b2OptiY=
-github.com/hashicorp/hcl/v2 v2.8.2/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
+github.com/hashicorp/hcl/v2 v2.10.0 h1:1S1UnuhDGlv3gRFV4+0EdwB+znNP5HmcGbIqwnSCByg=
+github.com/hashicorp/hcl/v2 v2.10.0/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
@@ -25,32 +28,43 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
-github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 h1:DpOJ2HYzCv8LZP15IdmG+YdwD2luVPHITV96TkirNBM=
 github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
+github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d h1:VhgPp6v9qf9Agr/56bj7Y/xa04UccTW04VP0Qed4vnQ=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
-github.com/pebbe/zmq4 v1.2.2 h1:RZ5Ogp0D5S6u+tSxopnI3afAf0ifWbvQOAw9HxXvZP4=
-github.com/pebbe/zmq4 v1.2.2/go.mod h1:7N4y5R18zBiu3l0vajMUWQgZyjv464prE8RCyBcmnZM=
+github.com/pebbe/zmq4 v1.2.6 h1:zcTAfa/jYi2RxjTFIdLfnVrmxbAd9nSr02+CDMn8swg=
+github.com/pebbe/zmq4 v1.2.6/go.mod h1:nqnPueOapVhE2wItZ0uOErngczsJdLOGkebMxaO8r48=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/zclconf/go-cty v1.2.0 h1:sPHsy7ADcIZQP3vILvTjrh74ZA175TFP5vqiNK1UmlI=
+github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
 github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
+github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty v1.8.3 h1:48gwZXrdSADU2UW9eZKHprxAI7APZGW9XmExpJpSjT0=
+github.com/zclconf/go-cty v1.8.3/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734 h1:p/H982KKEjUnLJkM3tt/LemDnOc1GiZL5FCVlORJ5zo=
 golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

simple_build.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env sh
-#
-#
-docker buildx build --platform linux/arm/v7,linux/amd64,linux/arm64 --progress plain --pull -t dragonheim/gagent --push -f docker/Dockerfile .

src/client/client.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	gs "git.dragonheim.net/dragonheim/gagent/src/gstructs"
+
 	zmq "github.com/pebbe/zmq4"
 )
 

src/picol/commands.go

@@ -7,7 +7,7 @@ import (
 )
 
 func ArityErr(i *Interp, name string, argv []string) error {
-	return fmt.Errorf("Wrong number of args for %s %s", name, argv)
+	return fmt.Errorf("wrong number of args for %s %s", name, argv)
 }
 
 func CommandMath(i *Interp, argv []string, pd interface{}) (string, error) {
@@ -104,9 +104,9 @@ func CommandWhile(i *Interp, argv []string, pd interface{}) (string, error) {
 		if r, _ := strconv.Atoi(result); r != 0 {
 			result, err := i.Eval(argv[2])
 			switch err {
-			case PICOL_CONTINUE, nil:
+			case errContinue, nil:
 				//pass
-			case PICOL_BREAK:
+			case errBreak:
 				return result, nil
 			default:
 				return result, err
@@ -123,9 +123,9 @@ func CommandRetCodes(i *Interp, argv []string, pd interface{}) (string, error) {
 	}
 	switch argv[0] {
 	case "break":
-		return "", PICOL_BREAK
+		return "", errBreak
 	case "continue":
-		return "", PICOL_CONTINUE
+		return "", errContinue
 	}
 	return "", nil
 }
@@ -152,12 +152,12 @@ func CommandCallProc(i *Interp, argv []string, pd interface{}) (string, error) {
 	}
 
 	if arity != len(argv)-1 {
-		return "", fmt.Errorf("Proc '%s' called with wrong arg num", argv[0])
+		return "", fmt.Errorf("proc '%s' called with wrong arg num", argv[0])
 	}
 
 	body := x[1]
 	result, err := i.Eval(body)
-	if err == PICOL_RETURN {
+	if err == errReturn {
 		err = nil
 	}
 	return result, err
@@ -178,7 +178,7 @@ func CommandReturn(i *Interp, argv []string, pd interface{}) (string, error) {
 	if len(argv) == 2 {
 		r = argv[1]
 	}
-	return r, PICOL_RETURN
+	return r, errReturn
 }
 
 func CommandError(i *Interp, argv []string, pd interface{}) (string, error) {
@@ -190,7 +190,7 @@ func CommandError(i *Interp, argv []string, pd interface{}) (string, error) {
 
 func CommandPuts(i *Interp, argv []string, pd interface{}) (string, error) {
 	if len(argv) != 2 {
-		return "", fmt.Errorf("Wrong number of args for %s %s", argv[0], argv)
+		return "", fmt.Errorf("wrong number of args for %s %s", argv[0], argv)
 	}
 	fmt.Println(argv[1])
 	return "", nil

src/picol/parser.go

@@ -246,5 +246,5 @@ func (p *Parser) GetToken() string {
 			return p.parseString()
 		}
 	}
-	return p.token() /* unreached */
+	/*	return p.token() /* unreached */
 }

src/picol/picol.go

@@ -7,9 +7,9 @@ import (
 )
 
 var (
-	PICOL_RETURN   = errors.New("RETURN")
-	PICOL_BREAK    = errors.New("BREAK")
-	PICOL_CONTINUE = errors.New("CONTINUE")
+	errReturn   = errors.New("RETURN")
+	errBreak    = errors.New("BREAK")
+	errContinue = errors.New("CONTINUE")
 )
 
 type Var string
@@ -91,7 +91,7 @@ func (i *Interp) Eval(t string) (string, error) {
 		case PT_VAR:
 			v, ok := i.Var(t)
 			if !ok {
-				return "", fmt.Errorf("No such variable '%s'", t)
+				return "", fmt.Errorf("no such variable '%s'", t)
 			}
 			t = string(v)
 		case PT_CMD:
@@ -114,7 +114,7 @@ func (i *Interp) Eval(t string) (string, error) {
 			if len(argv) != 0 {
 				c := i.Command(argv[0])
 				if c == nil {
-					return "", fmt.Errorf("No such command '%s'", argv[0])
+					return "", fmt.Errorf("no such command '%s'", argv[0])
 				}
 				result, err = c.fn(i, argv, c.privdata)
 				if err != nil {

src/worker/worker.go

@@ -5,6 +5,7 @@ import (
 	"log"
 
 	gs "git.dragonheim.net/dragonheim/gagent/src/gstructs"
+
 	// picol "git.dragonheim.net/dragonheim/gagent/src/picol"
 	zmq "github.com/pebbe/zmq4"
 )

tfenv/_provider.tf

@@ -0,0 +1,9 @@
+provider "aws" {
+  alias      = "us-west-2"
+  region     = "us-west-2"
+}
+
+provider "aws" {
+  alias      = "us-east-1"
+  region     = "us-east-1"
+}

tfenv/cluster/subnets.tf

@@ -0,0 +1,84 @@
+# variable "vpc_id" {}
+
+data "aws_vpc" "selected" {
+  id                 = var.vpc_id
+}
+
+variable "regional_cidr_blocks" {
+  description = "A simple map of subnets used by region"
+  type        = map
+  default     = {
+    "us-west-2a-private" = "10.172.64.0/23",
+    "us-west-2b-private" = "10.172.66.0/23",
+    "us-west-2a-public"  = "10.172.68.0/26",
+    "us-west-2b-public"  = "10.172.68.64/26",
+    "us-east-1a-private" = "10.172.0.0/23",
+    "us-east-1b-private" = "10.172.2.0/23",
+    "us-east-1a-public"  = "10.172.4.0/26",
+    "us-east-1b-public"  = "10.172.4.64/26"
+  }
+}
+
+resource "aws_subnet" "aza-private" {
+  depends_on         = [data.aws_vpc.selected]
+  vpc_id             = data.aws_vpc.id
+  availability_zone  = format("%sa", var.region)
+  cidr_block         = var.regional_cidr_blocks[
+    format("%sa-private", var.region)
+  ]
+  tags               = merge(
+    var.extra_tags,
+    {
+      Name = "aza-private"
+      tier = "private"
+    }
+  )
+}
+
+# resource "aws_subnet" "aza-public" {
+#   depends_on         = [data.aws_vpc.selected]
+#   vpc_id             = data.aws_vpc.selected.id
+#   availability_zone  = format("%sa", var.region)
+#   cidr_block         = var.regional_cidr_blocks[
+#     format("%sa-public", var.region)
+#   ]
+#   tags               = merge(
+#     var.extra_tags,
+#     {
+#       Name = "aza-public"
+#       tier = "public"
+#     }
+#   )
+# }
+# 
+# resource "aws_subnet" "azb-private" {
+#   depends_on         = [data.aws_vpc.selected]
+#   vpc_id             = data.aws_vpc.selected.id
+#   availability_zone  = format("%sb", var.region)
+#   cidr_block         = var.regional_cidr_blocks[
+#     format("%sb-private", var.region)
+#   ]
+#   tags               = merge(
+#     var.extra_tags,
+#     {
+#       Name = "azb-private"
+#       tier = "private"
+#     }
+#   )
+# }
+# 
+# resource "aws_subnet" "azb-public" {
+#   depends_on         = [data.aws_vpc.selected]
+#   vpc_id             = data.aws_vpc.selected.id
+#   availability_zone  = format("%sb", var.region)
+#   cidr_block         = var.regional_cidr_blocks[
+#     format("%sb-public", var.region)
+#   ]
+#   tags               = merge(
+#     var.extra_tags,
+#     {
+#       Name = "azb-public"
+#       tier = "public"
+#     }
+#   )
+# }

tfenv/cluster/variables.tf

@@ -0,0 +1,9 @@
+variable "extra_tags" {
+  description        = "Tags required on all resources"
+  type               = map
+  default            = {
+    "org"            = "dragonheim"
+    "service"        = "gagent"
+    "maintained_by"  = "jwells@dragonheim.net"
+  }
+}

tfenv/cluster/vpc.tf

@@ -0,0 +1,23 @@
+variable "region" {}
+variable "provider_alias" {}
+
+variable "regional_vpc_cidr" {
+  description = "A simple map of VPC subnets used by region"
+  type        = map
+  default     = {
+    "us-west-2" = "10.172.64.0/19",
+    "us-east-1" = "10.172.0.0/19",
+  }
+}
+
+resource "aws_vpc" "gagent" {
+  instance_tenancy   = "default"
+  enable_dns_support = true
+  cidr_block         = var.regional_vpc_cidr[var.region]
+  tags = merge(
+    var.extra_tags,
+    {
+      Name = "gagent"
+    }
+  )
+}

tfenv/main.tf

@@ -0,0 +1,18 @@
+# main.tf
+module "us-east-1" {
+  source    = "./cluster"
+  region    = "us-east-1"
+  provider_alias = us-west-2
+  providers = {
+    aws = "aws.us-east-1"
+  }
+}
+
+module "us-west-2" {
+  source    = "./cluster"
+  region    = "us-west-2"
+  provider_alias = us-west-2
+  providers = {
+    aws = "aws.us-west-2"
+  }
+}

tfenv/terraform.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.15.3"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.42.0"
+    }
+  }
+}