Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initialize copier template #5

Merged
merged 1 commit into from
Nov 29, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions .checkov.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
quiet: true
compact: false

skip-check:
# https://github.com/bridgecrewio/checkov/issues/5286
- CKV_TF_1
# do not enforce Customer Supplied Encryption Keys (CSEK)
- CKV_GCP_37
- CKV_GCP_38
- CKV_GCP_80
- CKV_GCP_81
- CKV_GCP_83
- CKV_GCP_84
- CKV_GCP_85
- CKV_GCP_90
- CKV_GCP_91
- CKV_GCP_93
# do not enforce vpc flow logs
- CKV_GCP_26
- CKV_GCP_61
# restricted default service account is ok
- CKV_GCP_30
# do not enforce bucket access log
- CKV_GCP_62
# do not enforce bucket object versioning
- CKV_GCP_78
# we want serial port console access
- CKV_GCP_35
# base64 high entropy check causes too many false positives
- CKV_SECRET_6
16 changes: 16 additions & 0 deletions .copier-answers.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
# Changes here will be overwritten by Copier
_commit: v2.5.1
_src_path: gh:remerge/template
is_golang_library: true
project_id: chd
project_license: private
project_name: CHD Minimal Perfect Hash
project_owner: core
project_type: default
use_ansible: false
use_consul: false
use_golang: true
use_nomad: false
use_python: false
use_terraform: false
25 changes: 25 additions & 0 deletions .envrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Turns on shell execution strictness. This will force the .envrc
# evaluation context to exit immediately if:
#
# - any command in a pipeline returns a non-zero exit status that is
# not otherwise handled as part of `if`, `while`, or `until` tests,
# return value negation (`!`), or part of a boolean (`&&` or `||`)
# chain.
# - any variable that has not explicitly been set or declared (with
# either `declare` or `local`) is referenced.
strict_env

# Loads a ".env" file into the current environment
dotenv_if_exists "${PWD}"/../.env
dotenv_if_exists "${PWD}"/.env

# Add local scripts to PATH
PATH_add "${PWD}/bin"

# Enforce correct 1Password account
export OP_ACCOUNT=remerge.1password.com

# Go settings
export GO111MODULE=on
export CGO_ENABLED=0
export GOPRIVATE="github.com/remerge/*"
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# By default all files are owned by the project owner
* @remerge/core
8 changes: 8 additions & 0 deletions .github/actionlint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
self-hosted-runner:
labels:
- generic
- self-hosted
- nomad
- docker
- default
28 changes: 28 additions & 0 deletions .github/workflows/go-lib.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
name: go-lib

on:
pull_request:
push:
branches: [main, master, production]

permissions:
actions: none
checks: none
contents: read
deployments: none
discussions: none
id-token: none
issues: none
packages: none
pages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none

jobs:
go-checks:
uses: remerge/workflows/.github/workflows/go-checks.yml@main
secrets:
ssh_key: ${{ secrets.DEPLOY_USER_SSH_KEY }}
27 changes: 27 additions & 0 deletions .github/workflows/go-optional.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
name: go-optional

on:
schedule:
- cron: "30 0 * * 0"

permissions:
actions: none
checks: none
contents: read
deployments: none
discussions: none
id-token: none
issues: none
packages: none
pages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none

jobs:
go-modules:
uses: remerge/workflows/.github/workflows/go-modules.yml@main
secrets:
ssh_key: ${{ secrets.DEPLOY_USER_SSH_KEY }}
50 changes: 50 additions & 0 deletions .github/workflows/pre-commit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
---
name: pre-commit

on:
pull_request:
push:
branches: [main, master]

permissions:
actions: none
checks: none
contents: read
deployments: none
discussions: none
id-token: none
issues: none
packages: none
pages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none

jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: "stable"

- uses: webfactory/[email protected]
with:
ssh-private-key: "${{ secrets.DEPLOY_USER_SSH_KEY }}"
- run: 'git config --global url."[email protected]:".insteadOf "https://github.com/"'

- name: Load envrc
uses: HatsuneMiku3939/direnv-action@v1

- name: Setup pre-commit
run: python -m pip install pre-commit

- name: Install project dependencies
run: make install

- name: Run pre-commit checks
uses: pre-commit/[email protected]
Loading