Merge pull request #4 from MGTheTrain/feature/ci-workflows

Feature/ci workflows
MGTheTrain · Nov 13, 2024 · f9211ee · f9211ee
2 parents ecc4e56 + 9d01b2b
commit f9211ee
Show file tree

Hide file tree

Showing 48 changed files with 1,827 additions and 1,560 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+*       @MGTheTrain
diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,41 @@
+# Code of Conduct
+
+## Our Pledge
+
+We are committed to providing a welcoming and inclusive environment for all contributors, regardless of their background, identity, or experience. We value collaboration, kindness, and respect in all interactions.
+
+## Our Standards
+
+Examples of behavior that contribute to a positive environment include:
+
+- Being respectful and kind to others
+- Communicating constructively and with empathy
+- Welcoming diverse perspectives and feedback
+- Being open to learning and growing together
+
+Examples of unacceptable behavior include:
+
+- Harassment, discrimination, or abuse of any kind
+- Disrespectful or offensive language or actions
+- Disruptive, destructive, or harmful behavior
+- Intimidation, stalking, or unwelcome attention
+
+## Our Responsibilities
+
+Project maintainers are responsible for:
+
+- Ensuring that the community is a welcoming and inclusive space
+- Addressing unacceptable behavior promptly and transparently
+- Providing resources and support to contribute positively
+
+## Reporting
+
+If you witness or experience behavior that violates this Code of Conduct, please report it to us as soon as possible. Reports can be made privately to [your email or contact method here].
+
+We will respond to reports with care and confidentiality, ensuring that everyone feels safe and supported.
+
+## Enforcement
+
+Anyone found in violation of this Code of Conduct may be asked to leave the community or project, depending on the severity of the behavior. In serious cases, further actions may be taken, including banning or blocking individuals from contributing.
+
+Thank you for helping us make this a welcoming and productive space for everyone.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,31 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Hardware specs (please complete the following information):**
+ - OS: [e.g. Windows]
+ - Version [e.g. 11]
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -2,6 +2,6 @@
 - [ ] I adhere the [trunk-based workflow](https://www.atlassian.com/continuous-delivery/continuous-integration/trunk-based-development)
 - [ ] I verify that the `CHANGELOG.md` includes comprehensive documentation for the implemented features or fixed bugs. Increment the minor version such as `from 0.1.0 to 0.2.0` for implemented features and increment the patch version `from 0.1.0 to 0.1.1` for bug fixes. If any breaking changes occur, increment the major version, like `from 0.1.0 to 1.0.0`. Also see [Semantic Versioning 2.0.0](https://semver.org/lang/de/)
 - [ ] I ensure that all merge conflicts are resolved before asking for a PR reviewer
-- [ ] To ensure the success of all pull request workflows, I run [the auto-formatting and linting script](../scripts/format-and-lint.sh).
+- [ ] To ensure the success of all pull request workflows, I run the [format-and-lint.sh](../scripts/format-and-lint.sh) and [run-test.sh](../scripts/run-test.sh) locally.
 
 # Reference/Link to the issue solved with this PR (if any)
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+We support only the latest version of crypto-vult-service along with the two most recent minor versions of Go.
+
+## Reporting a Vulnerability
+
+If you discover a potential security vulnerability, please submit a security advisory.
+
+To help us respond more effectively to your report, kindly include the following information:
+
+- Steps to reproduce or a proof of concept
+- Any other relevant details, such as the versions involved
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -0,0 +1,33 @@
+name: Workflow for dev packages
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  dev-package-ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Go 1.21.x 🐹
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.x'
+
+      - name: Grant execute permissions
+        run: chmod +x *
+        working-directory: ./scripts
+
+      - name: Run Unit tests
+        run: ./run-test.sh -u
+        working-directory: ./scripts
+
+      # - name: Run Integration tests
+      #   run: sudo ./run-test.sh -i
+      #   working-directory: ./scripts
+
+      # Run static code analysis on source code
+      # Run vulnerability scanner and generate SBOMs on third part dependencies
+      # # Create build artifacts, e.g. Build docker image with dev tag for applications and push to container registry
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
@@ -0,0 +1,33 @@
+name: Workflow for pre-release packages
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  pre-release-package-ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Go 1.21.x 🐹
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.x'
+
+      - name: Grant execute permissions
+        run: chmod +x *
+        working-directory: ./scripts
+
+      - name: Run Unit tests
+        run: ./run-test.sh -u
+        working-directory: ./scripts
+
+      # - name: Run Integration tests
+      #   run: ./run-test.sh -i
+      #   working-directory: ./scripts
+
+      # Run static code analysis on source code
+      # Run vulnerability scanner and generate SBOMs on third part dependencies
+      # Create build artifacts, e.g.  Build docker image with pre-release tag for applications, scan docker image and push to container registry
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,28 +1,34 @@
-name: Pull request
+name: Workflow for release packages
 
 on:
   push:
-    branches: [main]
+    tags:
+      - "v*.*.*"
 
 jobs:
-  test-build-push:
+  release-package-ci:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Echo
-        run: echo "TBD"
-
-  # create-git-tags-from-version-file:
-  #   runs-on: ubuntu-latest
-  #   needs: [test-build-push]
-  #   steps:
+      - name: Setup Go 1.21.x 🐹
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.x'
 
-  #     - name: Checkout code
-  #       uses: actions/checkout@v3
+      - name: Grant execute permissions
+        run: chmod +x *
+        working-directory: ./scripts
 
-  #     - name: Create git tag from version file
-  #       uses: MGTheTrain/public-github-actions/.github/actions/create-git-tag-from-version-file@main
-  #       with:
-  #         GH_TOKEN: ${{ secrets.GH_TOKEN }}
+      - name: Run Unit tests
+        run: ./run-test.sh -u
+        working-directory: ./scripts
+
+      # - name: Run Integration tests
+      #   run: ./run-test.sh -i
+      #   working-directory: ./scripts
+
+      # Run static code analysis on source code
+      # Run vulnerability scanner and generate SBOMs on third part dependencies
+      # Create build artifacts, e.g. Build docker image with release tag for applications, scan docker image and push to container registry
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -12,14 +12,32 @@ jobs:
 
     - name: Checkout repository
       uses: actions/checkout@v3
+
+    - name: Setup Go 1.21.x 🐹
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.21.x'
+
+    - name: Install golangci-lint package 📦
+      run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 
-    - name: Echo
-      run: echo "TBD"
-
-    # - name: Check diffs
-    #   run: |
-    #     status=$(git status --porcelain=v1)
-    #     if [[ -n "$status" ]]; then
-    #       git diff
-    #       exit 1
-    #     fi
+    - name: Grant execute permissions
+      run: chmod +x *
+      working-directory: ./scripts
+
+    - name: Auto-format and lint Go
+      run: |
+        ./format-and-lint.sh
+      working-directory: ./scripts
+
+    - name: Remove execute permissions
+      run: chmod -x *
+      working-directory: ./scripts
+
+    - name: Check diffs
+      run: |
+        status=$(git status --porcelain=v1)
+        if [[ -n "$status" ]]; then
+          git diff
+          exit 1
+        fi
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,7 +9,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Asymmetric encryption and decryption**: Supported RSA and other asymmetric encryption algorithms for data protection.
 - **Symmetric encryption**: Supported symmetric key encryption (e.g. AES) for data protection.
 - **Hashing and signature verification**: Supported hashing algorithms (e.g. SHA-256, SHA-512) and verified signatures using asymmetric keys (RSA, ECDSA, etc.).
-- Adopted Domain-Driven Design to create a **modular, flexible and maintainable** project structure with a focus on the **domain at its core**
+- **Scalable and maintainable project structure**: Referred to the [project-layout GitHub repo](https://github.com/golang-standards/project-layout) and adopted Domain-Driven Design to create a **modular, flexible and maintainable** project structure with a focus on the **domain at its core**
+- **CI workflows for quality checks**: Set up continuous integration workflows with GitHub Actions for automated linting, functional testing, building and pushing artifacts.
 
 ## [0.1.0] - TBD-TBD-TBD
 

diff --git a/Makefile b/Makefile
@@ -0,0 +1,12 @@
+SCRIPT_DIR = "scripts"
+
+.PHONY: format-and-lint run-unit-tests run-integration-tests
+
+format-and-lint:
+	@cd $(SCRIPT_DIR) && ./format-and-lint.sh
+
+run-unit-tests:
+	@cd $(SCRIPT_DIR) && ./run-test.sh -u
+
+run-integration-tests:
+	@cd $(SCRIPT_DIR) && ./run-test.sh -i
diff --git a/README.md b/README.md
@@ -31,8 +31,9 @@ TBD
 
 ### Non-functional
 
-- [ ] **Scalable and maintainable project structure**: Adhere to the [project-layout GitHub repo](https://github.com/golang-standards/project-layout) to ensure a clean, modular and scalable codebase.
-- [ ] **CI/CD workflows for quality checks**: Set up continuous integration workflows with GitHub Actions for automated linting, testing and building.
+- [x] **Scalable and maintainable project structure**: Refer to the [project-layout GitHub repo](https://github.com/golang-standards/project-layout) and adopt Domain-Driven Design to create a **modular, flexible and maintainable** project structure with a focus on the **domain at its core**
+- [x] **CI workflows for quality checks**: Set up continuous integration workflows with GitHub Actions for automated linting, functional and non-functional testing, building and pushing artifacts.
+- [ ] **Security checks in CI workflows**: Consider non-functional testing (vulnerability scanning, SBOM generation, Static Code Analysis) in GitHub Actions.
 - [ ] **Performance optimization**: Ensure cryptographic operations are optimized for performance, especially for large files and high throughput environments.
 - [ ] **Logging and monitoring**: Integrate logging (e.g. using structured logging with `logrus`) and monitoring (e.g. Prometheus, Grafana) to track API usage, performance and errors.
 - [ ] **Error handling and resiliency**: Implement comprehensive error handling and retries for operations that may fail, with clear error messages and status codes for the API.
@@ -44,22 +45,49 @@ TBD
 
 ## Getting Started
 
+### Formatting and linting
+
+For formatting and linting run either on Unix systems
+
+```sh
+cd scripts
+./format-and-lint.sh
+```
+
+or
+
+```sh
+make format-and-lint
+```
+
 ### Run Tests
 
-To run `unit` tests on Unix systems execute:
+To run `unit` tests on Unix systems either execute
 
 ```sh
 cd scripts
 ./run-test.sh -u
 ```
 
-**TBD** To run `integration` tests on Unix systems execute:
+or
+
+```sh
+make run-unit-tests
+```
+
+**TBD** To run `integration` tests on Unix systems either execute
 
 ```sh
 cd scripts
 ./run-test.sh -i
 ```
 
+**TBD** or
+
+```sh
+make run-integration-tests
+```
+
 ### Applications
 
 You can find applications utilizing [internal packages](./internal/) in the [cmd folder](./cmd/).