Merge pull request #4 from remerge/CORE-400

Initialize copier template

.checkov.yml

@@ -0,0 +1,31 @@
+---
+quiet: true
+compact: false
+
+skip-check:
+  # https://github.com/bridgecrewio/checkov/issues/5286
+  - CKV_TF_1
+  # do not enforce Customer Supplied Encryption Keys (CSEK)
+  - CKV_GCP_37
+  - CKV_GCP_38
+  - CKV_GCP_80
+  - CKV_GCP_81
+  - CKV_GCP_83
+  - CKV_GCP_84
+  - CKV_GCP_85
+  - CKV_GCP_90
+  - CKV_GCP_91
+  - CKV_GCP_93
+  # do not enforce vpc flow logs
+  - CKV_GCP_26
+  - CKV_GCP_61
+  # restricted default service account is ok
+  - CKV_GCP_30
+  # do not enforce bucket access log
+  - CKV_GCP_62
+  # do not enforce bucket object versioning
+  - CKV_GCP_78
+  # we want serial port console access
+  - CKV_GCP_35
+  # base64 high entropy check causes too many false positives
+  - CKV_SECRET_6

.copier-answers.yml

@@ -0,0 +1,16 @@
+---
+# Changes here will be overwritten by Copier
+_commit: v2.5.1
+_src_path: gh:remerge/template
+is_golang_library: true
+project_id: gzip
+project_license: private
+project_name: GZIP middleware for Gin
+project_owner: core
+project_type: default
+use_ansible: false
+use_consul: false
+use_golang: true
+use_nomad: false
+use_python: false
+use_terraform: false

.envrc

@@ -0,0 +1,25 @@
+# Turns on shell execution strictness. This will force the .envrc
+# evaluation context to exit immediately if:
+#
+# - any command in a pipeline returns a non-zero exit status that is
+#   not otherwise handled as part of `if`, `while`, or `until` tests,
+#   return value negation (`!`), or part of a boolean (`&&` or `||`)
+#   chain.
+# - any variable that has not explicitly been set or declared (with
+#   either `declare` or `local`) is referenced.
+strict_env
+
+# Loads a ".env" file into the current environment
+dotenv_if_exists "${PWD}"/../.env
+dotenv_if_exists "${PWD}"/.env
+
+# Add local scripts to PATH
+PATH_add "${PWD}/bin"
+
+# Enforce correct 1Password account
+export OP_ACCOUNT=remerge.1password.com
+
+# Go settings
+export GO111MODULE=on
+export CGO_ENABLED=0
+export GOPRIVATE="github.com/remerge/*"

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# By default all files are owned by the project owner
+* @remerge/core

.github/actionlint.yaml

@@ -0,0 +1,8 @@
+---
+self-hosted-runner:
+  labels:
+    - generic
+    - self-hosted
+    - nomad
+    - docker
+    - default

.github/workflows/go-lib.yml

@@ -0,0 +1,28 @@
+---
+name: go-lib
+
+on:
+  pull_request:
+  push:
+    branches: [main, master, production]
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+jobs:
+  go-checks:
+    uses: remerge/workflows/.github/workflows/go-checks.yml@main
+    secrets:
+      ssh_key: ${{ secrets.DEPLOY_USER_SSH_KEY }}

.github/workflows/go-optional.yml

@@ -0,0 +1,27 @@
+---
+name: go-optional
+
+on:
+  schedule:
+    - cron: "30 0 * * 0"
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+jobs:
+  go-modules:
+    uses: remerge/workflows/.github/workflows/go-modules.yml@main
+    secrets:
+      ssh_key: ${{ secrets.DEPLOY_USER_SSH_KEY }}

.github/workflows/pre-commit.yml

@@ -0,0 +1,50 @@
+---
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "stable"
+
+      - uses: webfactory/ssh-agent@v0.6.0
+        with:
+          ssh-private-key: "${{ secrets.DEPLOY_USER_SSH_KEY }}"
+      - run: 'git config --global url."git@github.com:".insteadOf "https://github.com/"'
+
+      - name: Load envrc
+        uses: HatsuneMiku3939/direnv-action@v1
+
+      - name: Setup pre-commit
+        run: python -m pip install pre-commit
+
+      - name: Install project dependencies
+        run: make install
+
+      - name: Run pre-commit checks
+        uses: pre-commit/action@v3.0.0