Skip to content

Commit

Permalink
chore: initial commit
Browse files Browse the repository at this point in the history
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
  • Loading branch information
maxgio92 committed Dec 29, 2023
0 parents commit 6cfdf05
Show file tree
Hide file tree
Showing 38 changed files with 3,308 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
# Ignore build and test binaries.
bin/
testbin/
20 changes: 20 additions & 0 deletions .github/workflows/lint-code.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Lint code

on:
push:
branches: [ "*" ]
pull_request:
branches: [ "*" ]

jobs:
golangci:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run golangci-lint
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
with:
version: v1.55.2
only-new-issues: false
args: --config .golangci.yml --timeout=5m
23 changes: 23 additions & 0 deletions .github/workflows/lint-commit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Lint commits
permissions: {}

on:
push:
branches: [ "*" ]
pull_request:
branches: [ "*" ]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
commit_lint:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- uses: wagoid/commitlint-github-action@0d749a1a91d4770e983a7b8f83d4a3f0e7e0874e #v5.4.4
with:
firstParent: true
24 changes: 24 additions & 0 deletions .github/workflows/lint-ghactions.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Lint GitHub Actions
permissions: {}

on:
pull_request:
branches: [ "main" ]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b35f285b9bb7e80de0967367cee66d3b6d50ceca # v3.0.1
with:
# slsa-github-generator requires using a semver tag for reusable workflows.
# See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
allowlist: |
slsa-framework/slsa-github-generator
37 changes: 37 additions & 0 deletions .github/workflows/lint-pullrequest.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Lint pull request

on:
pull_request_target:
types:
- opened
- edited
- synchronize

permissions:
pull-requests: write

jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
types: |
chore
ci
docs
feat
fix
test
sec
requireScope: false
wip: false
# If the PR only contains a single commit, the action will validate that
# it matches the configured pattern.
validateSingleCommit: true
# Related to `validateSingleCommit` you can opt-in to validate that the PR
# title matches a single commit to avoid confusion.
validateSingleCommitMatchesPrTitle: true
49 changes: 49 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Release

on:
push:
tags:
- v*

permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access

jobs:
goreleaser:
runs-on: ubuntu-22.04
steps:

- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Fetch
run: git fetch --prune --force --tags

- name: Setup Go
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a #v3.2.1
with:
go-version: '1.20'

- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0

- uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0

- uses: anchore/sbom-action/download-syft@5ecf649a417b8ae17dc8383dc32d46c03f2312df #v0.15.1

- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
38 changes: 38 additions & 0 deletions .github/workflows/report-codecov.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Report Codecov
permissions: {}

on:
pull_request:
branches: [ "main" ]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
codecov:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
with:
build-cache-key: codecov
- name: Check secret
id: checksecret
uses: ./.github/actions/exists
with:
value: ${{ secrets.CODECOV_TOKEN }}
- name: Generate Code Coverage Report
if: steps.checksecret.outputs.result == 'true'
run: make test
- name: Upload Report to Codecov
if: steps.checksecret.outputs.result == 'true'
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
file: ./coverage.out
fail_ci_if_error: true
verbose: true
24 changes: 24 additions & 0 deletions .github/workflows/scan-code.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Scan code
permissions: {}
on:
push:
branches: [ "*" ]
pull_request:
branches: [ "*" ]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
tests:
runs-on: ubuntu-20.04
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run Gosec Security Scanner
uses: securego/gosec@55d79496019a560e16e73e1948dee20a1fad631a # v2.18.2
with:
args: ./...
26 changes: 26 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@

# Binaries for programs and plugins
*.exe
*.exe~
*.dll
*.so
*.dylib
bin
testbin/*
Dockerfile.cross

# Test binary, build with `go test -c`
*.test

# Output of the go coverage tool, specifically when used with LiteIDE
*.out

# Kubernetes Generated files - skip generated files, except for vendored files

!vendor/**/zz_generated.*

# editor and IDE paraphernalia
.idea
*.swp
*.swo
*~
43 changes: 43 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
linters-settings:
cyclop:
max-complexity: 27
gci:
sections:
- standard # Captures all standard packages if they do not match another section.
- default # Contains all imports that could not be matched to another section type.
- prefix(github.com/maxgio92/capsule-addon-fluxcd) # Groups all imports with the specified Prefix.
goconst:
min-len: 2
min-occurrences: 3
goheader:
template: |-
Copyright 2020-2023 Project Capsule Authors.
SPDX-License-Identifier: Apache-2.0
govet:
check-shadowing: true
maligned:
suggest-new: true

linters:
enable-all: true
disable:
- interfacer
- godox
- golint
- scopelint
- maligned
- gochecknoglobals
- gochecknoinits
- exhaustivestruct
- exhaustruct
- ireturn
- lll
- nonamedreturns
- wrapcheck
- varnamelen

issues:
exclude-rules:
- path: /
linters:
- typecheck
Loading

0 comments on commit 6cfdf05

Please sign in to comment.