Merge/sharepoint into hermes

.github/CODEOWNERS

@@ -1 +1 @@
-* @hashicorp-forge/labs
+* @hashicorp-forge/labs @hashicorp/team-scale-performance-eng

.github/workflows/ci.yml

@@ -5,6 +5,7 @@ on:
     branches: [main]
   push:
     branches: [main]
+  workflow_dispatch:
 
 jobs:
   build-and-test:
@@ -24,28 +25,26 @@ jobs:
         run: |
           corepack enable
           cd web
-          # Remove .yarnrc.yml to let corepack handle yarn version
-          rm -f .yarnrc.yml
           corepack prepare yarn@$(node -p "require('./package.json').packageManager.split('@')[1]") --activate
           yarn --version
 
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: "^1.18"
-
-      - name: Verify Yarn version
-        run: cd web && yarn --version
+          go-version: "^1.24"
 
       - name: Build web
         run: cd web && yarn install && yarn build
 
-      - name: Run web test (continue on failure)
-        run: cd web && yarn test:ember --timeout 600000 || true
-        continue-on-error: true
+      - name: Build plugin
+        run: cd hermes-plugin && npm install && npm run build
 
-      - name: Build
+      - name: Build Go binary
         run: make bin/linux
 
       - name: Run Go test
         run: make go/test
+
+      - name: Run web test (continue on failure)
+        run: cd web && yarn test:ember --timeout 600000 || true
+        continue-on-error: true

.github/workflows/docker-build-push.yml

@@ -0,0 +1,48 @@
+name: Docker Build & Push
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+
+      - name: Enable Corepack
+        run: |
+          corepack enable
+          cd web
+          corepack prepare yarn@$(node -p "require('./package.json').packageManager.split('@')[1]") --activate
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "^1.24"
+
+      - name: Build
+        run: make build/linux
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}

.gitignore

@@ -9,6 +9,9 @@
 .DS_Store
 .env
 
+# TLS certs (local dev)
+/certs
+
 # Web application
 node_modules
 /web/.pnp.*

Dockerfile

@@ -0,0 +1,18 @@
+FROM alpine:3.21.5
+
+# Update the package repository and install dependencies
+RUN apk --no-cache update && \
+    apk --no-cache upgrade
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the application binary and configuration
+COPY hermes /app/hermes
+COPY configs /app/configs
+
+# Set the entrypoint to run the hermes application
+ENTRYPOINT ["/app/hermes"]
+
+# Default command when container starts
+CMD ["server"]

Makefile

@@ -2,7 +2,7 @@
 default: help
 
 .PHONY: build
-build: web/build
+build: web/build plugin/build
 	rm -f ./hermes
 	CGO_ENABLED=0 go build -o ./hermes ./cmd/hermes
 
@@ -14,6 +14,15 @@ bin:
 bin/linux: # bin creates hermes binary for linux
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ./hermes ./cmd/hermes
 
+.PHONY: build/linux
+build/linux: web/build plugin/build
+	rm -f ./hermes
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ./hermes ./cmd/hermes
+
+.PHONY: plugin/build
+plugin/build:
+	cd hermes-plugin && npm install && rm -rf dist/ && npm run build
+
 .PHONY: dev
 dev: ## One command to start a dev environment
 dev: docker/postgres/start

configs/config.hcl

@@ -243,3 +243,56 @@ server {
   // addr is the address to bind to for listening.
   addr = "127.0.0.1:8000"
 }
+
+// --------------------------------------------------------------------------
+// SharePoint Backend Configuration (alternative to google_workspace)
+// --------------------------------------------------------------------------
+// Uncomment and configure these blocks to use SharePoint instead of Google.
+
+// sharepoint {
+//   client_id  = "YOUR_SHAREPOINT_CLIENT_ID"
+//   client_secret = "YOUR_SHAREPOINT_CLIENT_SECRET"
+//   tenant_id  = "YOUR_AZURE_AD_TENANT_ID"
+//   site_id    = "YOUR_SHAREPOINT_SITE_ID"
+//   drive_id   = "YOUR_SHAREPOINT_DRIVE_ID"
+//   domain     = "your-domain.com"
+//
+//   // templates_folder_id is the ID of the folder containing document templates.
+//   templates_folder_id = ""
+//
+//   // docs_folder_id is the ID of the published documents folder.
+//   docs_folder_id = ""
+//
+//   // drafts_folder_id is the ID of the drafts folder.
+//   drafts_folder_id = ""
+// }
+
+// oidc_alb {
+//   // auth_server_url is the OIDC discovery URL.
+//   auth_server_url = "https://your-oidc-provider.com"
+//   // aws_region is the region of the AWS ALB.
+//   aws_region = "us-east-1"
+//   // client_id is the OIDC client ID.
+//   client_id = ""
+//   // disabled disables OIDC ALB authorization.
+//   disabled = false
+//   // jwt_signer is the ARN of the ALB for JWT verification.
+//   jwt_signer = "arn:aws:elasticloadbalancing:..."
+// }
+
+// For SharePoint deployments, configure SMTP email:
+// email {
+//   enabled      = true
+//   from_address = "hermes@your-domain.com"
+//   smtp_host    = "smtp.your-domain.com"
+//   smtp_port    = 587
+//   smtp_user    = ""
+//   smtp_pass    = ""
+// }
+
+// For TLS (required for SharePoint/Office Add-in):
+// server {
+//   addr     = "0.0.0.0:8443"
+//   tls_cert = "/path/to/cert.pem"
+//   tls_key  = "/path/to/key.pem"
+// }

go.mod

@@ -1,14 +1,14 @@
 module github.com/hashicorp-forge/hermes
 
-go 1.18
+go 1.24.0
 
 require (
 	github.com/algolia/algoliasearch-client-go/v3 v3.23.0
 	github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
 	github.com/cenkalti/backoff/v4 v4.1.3
 	github.com/forPelevin/gomoji v1.1.3
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0
-	github.com/golang-jwt/jwt/v5 v5.0.0
+	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/hashicorp/go-hclog v1.2.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/hcl/v2 v2.11.1
@@ -17,7 +17,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
 	github.com/stretchr/testify v1.8.1
-	golang.org/x/oauth2 v0.8.0
+	golang.org/x/oauth2 v0.32.0
 	google.golang.org/api v0.126.0
 	gopkg.in/DataDog/dd-trace-go.v1 v1.49.1
 	gorm.io/datatypes v1.1.0
@@ -26,8 +26,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.19.3 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/compute/metadata v0.7.0 // indirect
 	github.com/DataDog/datadog-agent/pkg/obfuscate v0.46.0 // indirect
 	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.0-devel // indirect
 	github.com/DataDog/datadog-go/v5 v5.3.0 // indirect
@@ -42,30 +41,30 @@ require (
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/ebitengine/purego v0.5.0-alpha.1 // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/go-sql-driver/mysql v1.7.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/s2a-go v0.1.4 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
 	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
-	github.com/jackc/pgconn v1.13.0 // indirect
+	github.com/jackc/pgconn v1.14.3 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgproto3/v2 v2.3.1 // indirect
+	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jackc/pgtype v1.13.0 // indirect
-	github.com/jackc/pgx/v4 v4.17.2 // indirect
+	github.com/jackc/pgtype v1.14.0 // indirect
+	github.com/jackc/pgx/v4 v4.18.3 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -86,20 +85,19 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
 	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
-	golang.org/x/crypto v0.33.0 // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/sync v0.18.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/tools v0.38.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920183334-c177e329c48b // indirect
-	google.golang.org/grpc v1.57.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect
+	google.golang.org/grpc v1.76.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gorm.io/driver/mysql v1.4.5 // indirect
 	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect