Merge feature/shamir-secret-sharing-o2a into main

.github/workflows/crda.yml

@@ -0,0 +1,126 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow performs a static analysis of your source code using
+# Red Hat CodeReady Dependency Analytics.
+
+# Scans are triggered:
+# 1. On every push to default and protected branches
+# 2. On every Pull Request targeting the default branch
+# 3. On a weekly schedule
+# 4. Manually, on demand, via the "workflow_dispatch" event
+
+# 💁 The CRDA Starter workflow will:
+# - Checkout your repository
+# - Setup the required tool stack
+# - Install the CRDA command line tool
+# - Auto detect the manifest file and install the project's dependencies
+# - Perform the security scan using CRDA
+# - Upload the SARIF result to the GitHub Code Scanning which can be viewed under the security tab
+# - Optionally upload the SARIF file as an artifact for the future reference
+
+# ℹ️ Configure your repository and the workflow with the following steps:
+# 1. Setup the tool stack based on the project's requirement.
+#    Refer to: https://github.com/redhat-actions/crda/#1-set-up-the-tool-stack
+# 2. (Optional) CRDA action attempt to detect the language and install the
+#    required dependencies for your project. If your project doesn't aligns
+#    with the default dependency installation command mentioned here
+#    https://github.com/redhat-actions/crda/#3-installing-dependencies.
+#    Use the required inputs to setup the same
+# 3. (Optional) CRDA action attempts to detect the manifest file if it is
+#    present in the root of the project and named as per the default mentioned
+#    here https://github.com/redhat-actions/crda/#3-installing-dependencies.
+#    If it deviates from the default, use the required inputs to setup the same
+# 4. Setup Authentication - Create the CRDA_KEY or SNYK_TOKEN.
+#    Refer to: https://github.com/redhat-actions/crda/#4-set-up-authentication
+# 5. (Optional) Upload SARIF file as an Artifact to download and view
+# 6. Commit and push the workflow file to your default branch to trigger a workflow run.
+
+# 👋 Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback.
+
+name: CRDA Scan
+
+# Controls when the workflow will run
+on:
+  # TODO: Customize trigger events based on your DevSecOps processes
+  #
+  # This workflow is made to run with OpenShift starter workflow
+  # https://github.com/actions/starter-workflows/blob/main/deployments/openshift.yml
+  # However, if you want to run this workflow as a standalone workflow, please
+  # uncomment the 'push' trigger below and configure it based on your requirements.
+  #
+  workflow_call:
+    secrets:
+      CRDA_KEY:
+        required: false
+      SNYK_TOKEN:
+        required: false
+  workflow_dispatch:
+
+  # push:
+  #   branches: [ "main" ]
+
+  # pull_request_target is used to securely share secret to the PR's workflow run.
+  # For more info visit: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
+  pull_request_target:
+    branches: [ "main" ]
+    types: [ assigned, opened, synchronize, reopened, labeled, edited ]
+
+permissions:
+  contents: read
+
+jobs:
+  crda-scan:
+    permissions:
+      contents: read            # for actions/checkout to fetch code
+      security-events: write    # for redhat-actions/crda to upload SARIF results
+    name: Scan project vulnerabilities with CRDA
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      # *******************************************************************
+      # Required: Instructions to setup project
+      # 1. Setup Go, Java, Node.js or Python depending on your project type
+      # 2. Setup Actions are listed below, choose one from them:
+      #    - Go: https://github.com/actions/setup-go
+      #    - Java: https://github.com/actions/setup-java
+      #    - Node.js: https://github.com/actions/setup-node
+      #    - Python: https://github.com/actions/setup-python
+      #
+      # Example:
+      # - name: Setup Node
+      #   uses: actions/setup-node@v4
+      #   with:
+      #     node-version: '20'
+
+      # https://github.com/redhat-actions/openshift-tools-installer/blob/main/README.md
+      - name: Install CRDA CLI
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          source: github
+          github_pat: ${{ github.token }}
+          # Choose the desired version of the CRDA CLI
+          crda: "latest"
+
+      ######################################################################################
+      # https://github.com/redhat-actions/crda/blob/main/README.md
+      #
+      # By default, CRDA will detect the manifest file and install the required dependencies
+      # using the standard command for the project type.
+      # If your project doesn't aligns with the defaults mentioned in this action, you will
+      # need to set few inputs that are described here:
+      # https://github.com/redhat-actions/crda/blob/main/README.md#3-installing-dependencies
+      # Visit https://github.com/redhat-actions/crda/#4-set-up-authentication to understand
+      # process to get a SNYK_TOKEN or a CRDA_KEY
+      - name: CRDA Scan
+        id: scan
+        uses: redhat-actions/crda@v1
+        with:
+          crda_key: ${{ secrets.CRDA_KEY }}           # Either use crda_key or snyk_token
+          # snyk_token: ${{ secrets.SNYK_TOKEN }}
+          # upload_artifact: false                    # Set this to false to skip artifact upload

=0.15.0

@@ -0,0 +1,69 @@
+Defaulting to user installation because normal site-packages is not writeable
+Collecting websockets
+  Downloading websockets-15.0.1-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (6.8 kB)
+Collecting python-dotenv
+  Downloading python_dotenv-1.2.1-py3-none-any.whl.metadata (25 kB)
+Collecting psutil
+  Downloading psutil-7.1.3-cp36-abi3-manylinux2010_x86_64.manylinux_2_12_x86_64.manylinux_2_28_x86_64.whl.metadata (23 kB)
+Collecting pyyaml
+  Downloading pyyaml-6.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl.metadata (2.4 kB)
+Collecting typing-extensions
+  Downloading typing_extensions-4.15.0-py3-none-any.whl.metadata (3.3 kB)
+Collecting asyncio
+  Downloading asyncio-4.0.0-py3-none-any.whl.metadata (994 bytes)
+Collecting aiosqlite
+  Downloading aiosqlite-0.21.0-py3-none-any.whl.metadata (4.3 kB)
+Collecting pydantic
+  Downloading pydantic-2.12.3-py3-none-any.whl.metadata (87 kB)
+Collecting fastapi
+  Downloading fastapi-0.121.0-py3-none-any.whl.metadata (28 kB)
+Collecting uvicorn
+  Downloading uvicorn-0.38.0-py3-none-any.whl.metadata (6.8 kB)
+Collecting annotated-types>=0.6.0 (from pydantic)
+  Downloading annotated_types-0.7.0-py3-none-any.whl.metadata (15 kB)
+Collecting pydantic-core==2.41.4 (from pydantic)
+  Downloading pydantic_core-2.41.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (7.3 kB)
+Collecting typing-inspection>=0.4.2 (from pydantic)
+  Downloading typing_inspection-0.4.2-py3-none-any.whl.metadata (2.6 kB)
+Collecting starlette<0.50.0,>=0.40.0 (from fastapi)
+  Downloading starlette-0.49.3-py3-none-any.whl.metadata (6.4 kB)
+Collecting annotated-doc>=0.0.2 (from fastapi)
+  Downloading annotated_doc-0.0.3-py3-none-any.whl.metadata (6.6 kB)
+Collecting anyio<5,>=3.6.2 (from starlette<0.50.0,>=0.40.0->fastapi)
+  Downloading anyio-4.11.0-py3-none-any.whl.metadata (4.1 kB)
+Collecting exceptiongroup>=1.0.2 (from anyio<5,>=3.6.2->starlette<0.50.0,>=0.40.0->fastapi)
+  Downloading exceptiongroup-1.3.0-py3-none-any.whl.metadata (6.7 kB)
+Collecting idna>=2.8 (from anyio<5,>=3.6.2->starlette<0.50.0,>=0.40.0->fastapi)
+  Downloading idna-3.11-py3-none-any.whl.metadata (8.4 kB)
+Collecting sniffio>=1.1 (from anyio<5,>=3.6.2->starlette<0.50.0,>=0.40.0->fastapi)
+  Downloading sniffio-1.3.1-py3-none-any.whl.metadata (3.9 kB)
+Collecting click>=7.0 (from uvicorn)
+  Downloading click-8.1.8-py3-none-any.whl.metadata (2.3 kB)
+Collecting h11>=0.8 (from uvicorn)
+  Downloading h11-0.16.0-py3-none-any.whl.metadata (8.3 kB)
+Downloading websockets-15.0.1-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (181 kB)
+Downloading python_dotenv-1.2.1-py3-none-any.whl (21 kB)
+Downloading psutil-7.1.3-cp36-abi3-manylinux2010_x86_64.manylinux_2_12_x86_64.manylinux_2_28_x86_64.whl (263 kB)
+Downloading pyyaml-6.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (750 kB)
+   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 750.8/750.8 kB 210.2 MB/s  0:00:00
+Downloading typing_extensions-4.15.0-py3-none-any.whl (44 kB)
+Downloading asyncio-4.0.0-py3-none-any.whl (5.6 kB)
+Downloading aiosqlite-0.21.0-py3-none-any.whl (15 kB)
+Downloading pydantic-2.12.3-py3-none-any.whl (462 kB)
+Downloading pydantic_core-2.41.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB)
+   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.1/2.1 MB 293.7 MB/s  0:00:00
+Downloading fastapi-0.121.0-py3-none-any.whl (109 kB)
+Downloading starlette-0.49.3-py3-none-any.whl (74 kB)
+Downloading anyio-4.11.0-py3-none-any.whl (109 kB)
+Downloading uvicorn-0.38.0-py3-none-any.whl (68 kB)
+Downloading annotated_doc-0.0.3-py3-none-any.whl (5.5 kB)
+Downloading annotated_types-0.7.0-py3-none-any.whl (13 kB)
+Downloading click-8.1.8-py3-none-any.whl (98 kB)
+Downloading exceptiongroup-1.3.0-py3-none-any.whl (16 kB)
+Downloading h11-0.16.0-py3-none-any.whl (37 kB)
+Downloading idna-3.11-py3-none-any.whl (71 kB)
+Downloading sniffio-1.3.1-py3-none-any.whl (10 kB)
+Downloading typing_inspection-0.4.2-py3-none-any.whl (14 kB)
+Installing collected packages: websockets, typing-extensions, sniffio, pyyaml, python-dotenv, psutil, idna, h11, click, asyncio, annotated-types, annotated-doc, uvicorn, typing-inspection, pydantic-core, exceptiongroup, aiosqlite, pydantic, anyio, starlette, fastapi
+
+Successfully installed aiosqlite-0.21.0 annotated-doc-0.0.3 annotated-types-0.7.0 anyio-4.11.0 asyncio-4.0.0 click-8.1.8 exceptiongroup-1.3.0 fastapi-0.121.0 h11-0.16.0 idna-3.11 psutil-7.1.3 pydantic-2.12.3 pydantic-core-2.41.4 python-dotenv-1.2.1 pyyaml-6.0.3 sniffio-1.3.1 starlette-0.49.3 typing-extensions-4.15.0 typing-inspection-0.4.2 uvicorn-0.38.0 websockets-15.0.1

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+Issues.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.