feat(project): initial commit

ttybitnik · Jan 11, 2025 · e1a9ccf · e1a9ccf
commit e1a9ccf
Show file tree

Hide file tree

Showing 23 changed files with 1,816 additions and 0 deletions.
diff --git a/.dir-locals.el b/.dir-locals.el
@@ -0,0 +1 @@
+((nil . ((compile-command . "./linter.sh && ./update-makefiles.sh"))))
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,25 @@
+---
+name: Bug report
+about: Create a bug report to help the project improve
+title: ""
+labels: bug
+assignees: ''
+
+---
+<!-- Thank you for submitting a bug report. Your contribution is appreciated!
+Please follow the instructions and the structure below. -->
+
+**Context**
+<!-- Provide information for the context fields below. For example: Program Version: 0.1.0 / OS: Debian -->
+ - Program Version:
+ - OS:
+
+**Bug report description**
+<!-- A clear and concise description of what the bug is and what you expected to happen. -->
+
+
+**Steps to reproduce the behavior**
+<!-- Replace the steps in the list below with the specific actions to reproduce the issue.  -->
+1. Go to '...'
+2. Run '...' on '...'
+3. See error
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: Request a feature or suggest an idea for the project
+title: ""
+labels: enhancement
+assignees: ''
+
+---
+<!-- Thank you for submitting a feature request. Your contribution is appreciated!
+Please follow the instructions and the structure below. -->
+
+**Which of the following options relate to your request?**
+<!-- Mark the chosen option with an "X". For example: - [X] None of the above-->
+- [ ] Extending an existing functionality
+- [ ] Proposing an entirely new feature
+- [ ] None of the above
+
+**Feature request description**
+<!-- A clear and concise description of what you would like. -->
diff --git a/.github/ISSUE_TEMPLATE/other_custom.md b/.github/ISSUE_TEMPLATE/other_custom.md
@@ -0,0 +1,10 @@
+---
+name: Other issue
+about: Submit a custom issue
+title: ''
+labels: ''
+assignees: ''
+
+---
+<!-- Thank you for submitting a custom issue. Your contribution is appreciated!
+Please write your issue below. -->
diff --git a/.github/actions/fallback-updates/action.yaml b/.github/actions/fallback-updates/action.yaml
@@ -0,0 +1,53 @@
+---
+name: Fallback updates
+description: Run update scripts as fallback and push any changes
+inputs:
+  run_mode:
+    description: Run fallback script as push or dry-run
+    required: false
+    default: 'dry-run'
+outputs:
+  makefiles:
+    description: Status from update-makefiles.sh
+    value: ${{ steps.makefiles.outputs.makefiles }}
+  push:
+    description: Status from update-push.sh
+    value: ${{ steps.push.outputs.push }}
+  changes:
+    description: Status from update changes
+    value: ${{ steps.makefiles.outputs.changes }}
+runs:
+  using: composite
+  steps:
+    - name: Check Makefiles changes as fallback
+      id: makefiles
+      shell: bash
+      env:
+        RUN_MODE: ${{ inputs.run_mode }}
+        EVENT: ${{ github.event_name }}
+      run: |
+        ./update-makefiles.sh
+        if [ -n "$(git status --porcelain)" ]; then
+          echo "changes=true" >> "$GITHUB_OUTPUT"
+          if [ "$EVENT" != "push" ]; then
+            echo "::warning title=${{ github.job }}::run update-makefiles.sh to update boilerplates."
+          fi
+        fi
+    - name: Push changes to the branch
+      id: push
+      if: ${{ steps.makefiles.outputs.changes && inputs.run_mode == 'push' }}
+      shell: bash
+      env:
+        RUN_MODE: ${{ inputs.run_mode }}
+        TARGET_BRANCH: ${{ github.ref_name }}
+        COMMIT_SHA: ${{ github.sha }}
+      run: |
+        git config user.name 'github-actions[bot]'
+        git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
+        git fetch origin
+        git checkout -B "$TARGET_BRANCH" "origin/$TARGET_BRANCH"
+        git add .
+        git commit -m "chore(fallback): update changes for ${COMMIT_SHA::7}"
+        git push origin "$TARGET_BRANCH"
+        echo "push=true" >> "$GITHUB_OUTPUT"
+        echo "::notice title=${{ github.job }}::all changes pushed successfully."
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,23 @@
+---
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"  # Includes './.github' by default
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "deps(gh)"
+      # include: "scope"
+
+# - package-ecosystem: "docker"
+#   directories:
+#     - "**/*"
+#   schedule:
+#     interval: "weekly"
+#   commit-message:
+#     prefix: "deps(gh)"
diff --git a/.github/funding.yaml b/.github/funding.yaml
@@ -0,0 +1,2 @@
+---
+buy_me_a_coffee: ttybitnik
diff --git a/.github/release.yaml b/.github/release.yaml
@@ -0,0 +1,14 @@
+---
+changelog:
+  categories:
+    # Disabled in favour of release-please deps commit type
+    # - title: Dependencies
+    #   labels:
+    #     - dependencies
+    - title: Pull Requests
+      labels:
+        - '*'
+      exclude:
+        labels:
+          - dependencies
+          - 'autorelease: tagged'
diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml
@@ -0,0 +1,119 @@
+---
+name: CI/CD
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release-please:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    outputs:
+      releases_created: ${{ steps.release.outputs.releases_created }}
+      prs_created: ${{ steps.release.outputs.prs_created }}
+      release_created: ${{ steps.release.outputs.release_created }}
+      major: ${{ steps.release.outputs.major }}
+      minor: ${{ steps.release.outputs.minor }}
+      patch: ${{ steps.release.outputs.patch }}
+      sha: ${{ steps.release.outputs.sha }}
+    steps:
+      - name: Automate releases based on conventional commits
+        id: release
+        uses: googleapis/release-please-action@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          config-file: configs/release-please-config.json
+          manifest-file: configs/release-please-manifest.json
+      - name: Format and print GH step summary
+        if: always()
+        run: |
+          echo "| Key | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|:--|:--|" >> $GITHUB_STEP_SUMMARY
+          echo "| **releases_created** | ${{ steps.release.outputs.releases_created }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **prs_created** | ${{ steps.release.outputs.prs_created }} |" >> $GITHUB_STEP_SUMMARY
+      - name: Format and print the release_created GH step summary
+        if: ${{ steps.release.outputs.release_created }}
+        run: |
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Key | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|:--|:--|" >> $GITHUB_STEP_SUMMARY
+          echo "| **release_created** | ${{ steps.release.outputs.release_created }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **major** | ${{ steps.release.outputs.major }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **minor** | ${{ steps.release.outputs.minor }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **patch** | ${{ steps.release.outputs.patch }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **sha** | ${{ steps.release.outputs.sha }} |" >> $GITHUB_STEP_SUMMARY
+
+  linter:
+    needs: release-please
+    runs-on: ubuntu-latest
+    outputs:
+      fallback: ${{ steps.fallback.outputs.changes }}
+    steps:
+      - name: Checkout default branch
+        uses: actions/checkout@v4
+      - name: Check compliance with guidelines
+        id: linter
+        run: ./linter.sh
+      - name: Check Containerfiles with hadolint
+        id: hadolint
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: Containerfile
+          recursive: true
+          config: configs/hadolint.yaml
+      - name: Check update scripts fallback changes
+        id: fallback
+        uses: ./.github/actions/fallback-updates
+      - name: Format and print GH step summary
+        if: always()
+        run: |
+          echo "| Key | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|:--|:--|" >> $GITHUB_STEP_SUMMARY
+          echo "| **linter** | ${{ steps.linter.outputs.checks }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **hadolint** | ${{ steps.hadolint.outcome }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **fallback** | ${{ steps.fallback.outputs.changes || 'false' }} |" >> $GITHUB_STEP_SUMMARY
+
+  fallback-updates:
+    needs: linter
+    permissions:
+      contents: write
+    if: ${{ needs.linter.outputs.fallback && github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout default branch
+        uses: actions/checkout@v4
+      - name: Run update scripts as fallback and push any changes
+        id: fallback
+        uses: ./.github/actions/fallback-updates
+        with:
+          run_mode: push
+      - name: Format and print GH step summary
+        if: always()
+        run: |
+          echo "| Key | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|:--|:--|" >> $GITHUB_STEP_SUMMARY
+          echo "| **makefiles** | ${{ steps.fallback.outputs.makefiles }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **push** | ${{ steps.fallback.outputs.push || 'false' }} |" >> $GITHUB_STEP_SUMMARY
+
+  secops:
+    needs: [release-please, linter]
+    permissions:
+      contents: read
+      security-events: write
+      # private repos only
+      actions: read
+    if: ${{ needs.release-please.outputs.release_created }}
+    uses: ./.github/workflows/secops.yaml
diff --git a/.github/workflows/secops.yaml b/.github/workflows/secops.yaml
@@ -0,0 +1,31 @@
+---
+name: SecOps
+on:
+  workflow_dispatch:
+  workflow_call:
+  schedule:
+    - cron: '34 8 * * 4'
+
+jobs:
+  scan:
+    permissions:
+      contents: read
+      security-events: write
+      # private repos only
+      actions: read
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout default branch
+        uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in fs mode
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
diff --git a/CHANGELOG.md b/CHANGELOG.md
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		((nil . ((compile-command . "./linter.sh && ./update-makefiles.sh"))))