feat: Add FedRAMP R5 Balance initiatives and 20x Phase One implementation with REST API

.github/workflows/build.yml

@@ -11,13 +11,13 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        go-version: [1.13.x, 1.14.x]
+        go-version: [1.19.x, 1.20.x]
 
     runs-on: ${{ matrix.os }}
     steps:
 
     - name: Set up Go ${{ matrix.go-version }}
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v4
       with:
         go-version: ${{ matrix.go-version }}
       id: go
@@ -28,10 +28,13 @@ jobs:
     - name: Get Go dependencies
       run: go get -v -t -d ./...
 
-    - name: Build
+    - name: Install pkger
       run: |
-        export PATH=~/go/bin:$PATH
-        make build
+        go install -v github.com/markbates/pkger/cmd/pkger@v0.17.1
+        echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
+
+    - name: Build
+      run: make build
 
     - name: Unit tests
       run: go test ./...

.github/workflows/release.yml

@@ -16,9 +16,9 @@ jobs:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.14
+          go-version: 1.19
       -
         name: Install dependencies
         uses: mstksg/get-package@master

CI_BUILD_NOTES.md

@@ -0,0 +1,44 @@
+# CI Build Notes
+
+## Local Build Test Results
+
+Successfully tested the build locally with the following configuration:
+
+### Environment
+- Go version: 1.24.5 darwin/arm64
+- pkger: v0.17.1 (installed via go install)
+- OS: macOS (darwin 25.0.0)
+
+### Build Steps Executed
+1. `go install -v github.com/markbates/pkger/cmd/pkger@v0.17.1` - Success
+2. `pkger -o bundled` - Success (generated 5.7MB pkged.go file)
+3. `go build ./cli/gocomply_fedramp` - Success
+
+### Test Results
+- Build completed successfully
+- No test failures (no test files in project)
+- All dependencies resolved properly
+
+## Upstream CI Configuration
+
+The upstream GoComply/fedramp repository has an outdated CI configuration:
+- Uses Go 1.13.x and 1.14.x (very old versions)
+- Uses `go get` to install pkger (doesn't work in Go 1.17+)
+- Has pkged.go (5.9MB) committed to the repository
+
+## Changes Made for CI Compatibility
+
+1. **Updated Go versions**: Changed from 1.13.x/1.14.x to 1.19.x/1.20.x
+   - Required for io/fs package support
+   - Compatible with modern Go tooling
+
+2. **Fixed pkger installation**: 
+   - Changed from `go get` to `go install` for Go 1.17+ compatibility
+   - Added separate installation step in workflow
+   - Updated Makefile to use installed pkger binary when available
+
+3. **Updated GitHub Actions**:
+   - Upgraded actions/setup-go from v1 to v4
+   - Added proper PATH configuration for installed Go binaries
+
+The CI should now pass when the upstream maintainers run it. 

CI_TEST_SUMMARY.md

@@ -0,0 +1,43 @@
+# CI Test Summary
+
+## Test Setup
+
+We've created a test branch (`test-r5-implementation`) with all the R5 Balance and 20x Phase One implementation to verify that the CI will pass with our updated configuration.
+
+### Changes Made for CI Compatibility
+
+1. **Updated Go Versions**: Changed from 1.13.x/1.14.x to 1.19.x/1.20.x
+   - Required for `io/fs` package support
+   - Compatible with modern Go tooling
+
+2. **Fixed pkger Installation**: 
+   - Changed from `go get` to `go install` for Go 1.17+ compatibility
+   - Added separate installation step in workflow
+   - Updated Makefile to use installed pkger binary when available
+
+3. **Updated GitHub Actions**:
+   - Upgraded actions/setup-go from v1 to v4
+   - Added proper PATH configuration for installed Go binaries
+
+### Test Branch Details
+
+- Branch: `test-r5-implementation` 
+- Fork: `https://github.com/yflop/fedramp`
+- Contains all R5 Balance and 20x Phase One implementation files
+- Excludes large files (vendor/, bundled/pkged.go) to avoid push size limits
+
+### Next Steps
+
+1. Create a PR from `yflop/fedramp:test-r5-implementation` to `GoComply/fedramp:master`
+2. The CI should run automatically when the PR is created
+3. Monitor the CI results to ensure all tests pass
+
+### Expected CI Behavior
+
+With our updates, the CI should:
+1. Successfully use Go 1.19.x and 1.20.x
+2. Install pkger correctly using `go install`
+3. Build the project without errors
+4. Pass all tests (no test files exist, so this should be trivial)
+
+The upstream maintainers can then review the PR and merge if satisfied with the implementation and CI results. 

Dockerfile

@@ -0,0 +1,61 @@
+# Build stage
+FROM golang:1.19-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache git make gcc musl-dev
+
+# Set working directory
+WORKDIR /app
+
+# Copy go mod files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the applications
+RUN go build -o fedramp-server cmd/server/main.go
+RUN go build -o gocomply_fedramp cli/gocomply_fedramp/main.go
+
+# Runtime stage
+FROM alpine:latest
+
+# Install runtime dependencies
+RUN apk add --no-cache ca-certificates tzdata
+
+# Create non-root user
+RUN addgroup -g 1000 fedramp && \
+    adduser -D -u 1000 -G fedramp fedramp
+
+# Set working directory
+WORKDIR /app
+
+# Copy binaries from builder
+COPY --from=builder /app/fedramp-server /app/
+COPY --from=builder /app/gocomply_fedramp /app/
+
+# Copy web assets
+COPY --from=builder /app/web /app/web
+
+# Copy bundled resources
+COPY --from=builder /app/bundled /app/bundled
+
+# Create directories for data
+RUN mkdir -p /app/data /app/logs && \
+    chown -R fedramp:fedramp /app
+
+# Switch to non-root user
+USER fedramp
+
+# Expose port
+EXPOSE 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/api/v1/health || exit 1
+
+# Default command
+CMD ["/app/fedramp-server"] 

Dockerfile.prod

@@ -0,0 +1,81 @@
+# Production Dockerfile for FedRAMP R5 Balance & 20x Server
+
+# Build stage
+FROM golang:1.21-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache git make gcc musl-dev
+
+# Set working directory
+WORKDIR /build
+
+# Copy go mod files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the binary with optimizations
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags="-w -s -X main.Version=$(git describe --tags --always) -X main.BuildTime=$(date -u +%Y%m%d.%H%M%S)" \
+    -a -installsuffix cgo \
+    -o fedramp-server \
+    cmd/server/main.go
+
+# Runtime stage
+FROM alpine:3.19
+
+# Install runtime dependencies
+RUN apk --no-cache add ca-certificates tzdata curl
+
+# Create non-root user
+RUN addgroup -g 1000 -S fedramp && \
+    adduser -u 1000 -S fedramp -G fedramp
+
+# Set working directory
+WORKDIR /app
+
+# Copy binary from builder
+COPY --from=builder /build/fedramp-server /app/
+COPY --from=builder /build/web /app/web
+COPY --from=builder /build/bundled /app/bundled
+
+# Create necessary directories
+RUN mkdir -p /app/logs /app/uploads /app/temp && \
+    chown -R fedramp:fedramp /app
+
+# Security: Set file permissions
+RUN chmod 755 /app/fedramp-server && \
+    chmod -R 644 /app/web/* && \
+    find /app/web -type d -exec chmod 755 {} \;
+
+# Switch to non-root user
+USER fedramp
+
+# Expose ports
+EXPOSE 8080 9090
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8080/api/v1/health || exit 1
+
+# Set environment defaults
+ENV SERVER_PORT=8080 \
+    SERVER_HOST=0.0.0.0 \
+    LOG_LEVEL=info \
+    LOG_FORMAT=json \
+    ENABLE_METRICS=true \
+    METRICS_PORT=9090
+
+# Add labels for metadata
+LABEL maintainer="your-email@domain.com" \
+      version="1.0.0" \
+      description="FedRAMP R5 Balance & 20x API Server" \
+      org.opencontainers.image.source="https://github.com/yflop/fedramp"
+
+# Run the server
+ENTRYPOINT ["/app/fedramp-server"]
+CMD ["serve"] 

GO_VERSION_REQUIREMENT.md

@@ -0,0 +1,38 @@
+# Go Version Requirement
+
+## Minimum Required Version: Go 1.19
+
+This project requires **Go 1.19 or higher** due to dependencies that use features introduced in newer Go versions.
+
+## CI Configuration Update Required
+
+The current CI pipeline is using Go 1.14.15, which causes build failures with the error:
+```
+io/fs: package io/fs is not in GOROOT
+```
+
+This is because the `io/fs` package was introduced in Go 1.16, and our dependencies (particularly `fsnotify`) require it.
+
+## Fix for GitHub Actions
+
+The GitHub Actions workflow needs to be updated to use Go 1.19 or higher. Update the workflow file with:
+
+```yaml
+- name: Set up Go
+  uses: actions/setup-go@v4
+  with:
+    go-version: '1.19'
+```
+
+## Build Error Resolution
+
+If you encounter the build error locally, ensure you have Go 1.19+ installed:
+```bash
+go version  # Should show go1.19 or higher
+```
+
+## Dependencies Requiring Newer Go
+
+The following dependencies require Go 1.16+:
+- `github.com/fsnotify/fsnotify` (requires `io/fs`)
+- Various server implementation dependencies added for R5 Balance features 

Makefile

@@ -1,18 +1,23 @@
 GO=GO111MODULE=on go
 GOBUILD=$(GO) build
+PKGER_BIN := $(shell command -v pkger 2> /dev/null)
 
 all: build
 
 build: bundled/pkged.go
 	$(GOBUILD) ./cli/gocomply_fedramp
 
 bundled/pkged.go: pkger README.md
-	pkger -o bundled
+ifdef PKGER_BIN
+	$(PKGER_BIN) -o bundled
+else
+	GO111MODULE=on go run -mod=mod github.com/markbates/pkger/cmd/pkger -o bundled
+endif
 
 .PHONY: pkger vendor
 pkger:
 ifeq ("$(wildcard $(GOPATH)/bin/pkger)","")
-	go get -u -v github.com/markbates/pkger/cmd/pkger
+	go install -v github.com/markbates/pkger/cmd/pkger@v0.17.1
 endif
 
 ci-update-bundled-deps: ci-update-fedramp-templates ci-update-fedramp-catalogs