go-makefile-maker

.dockerignore

@@ -1,6 +1,25 @@
-# SPDX-FileCopyrightText: Copyright 2024 SAP SE or an SAP affiliate company and cobaltcore-dev contributors
-#
+# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company
 # SPDX-License-Identifier: Apache-2.0
-# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
-# Ignore build and test binaries.
-bin/
+
+.DS_Store
+/*.env*
+/.dockerignore
+# TODO: uncomment when applications no longer use git to get version information
+#.git/
+/.github/
+/.gitignore
+/.golangci.yaml
+/.goreleaser.yml
+/.vscode/
+/CONTRIBUTING.md
+/Dockerfile
+/LICENSE*
+/Makefile.maker.yaml
+/README.md
+/build/
+/docs/
+/go.work
+/go.work.sum
+/report.html
+/shell.nix
+/testing/

.editorconfig

@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: SAP SE or an SAP affiliate company
+# SPDX-License-Identifier: Apache-2.0
+
+root = true
+
+[*]
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+
+[{Makefile,go.mod,go.sum,*.go}]
+indent_style = tab
+indent_size = unset
+
+[*.md]
+trim_trailing_whitespace = false
+
+[{LICENSE,LICENSES/*,vendor/**}]
+charset = unset
+end_of_line = unset
+indent_size = unset
+indent_style = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset

.envrc

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# SPDX-FileCopyrightText: 2019–2020 Target
+# SPDX-FileCopyrightText: 2021 The Nix Community
+# SPDX-License-Identifier: Apache-2.0
+if type -P lorri &>/dev/null; then
+  eval "$(lorri direnv)"
+elif type -P nix &>/dev/null; then
+  use nix
+else
+  echo "Found no nix binary. Skipping activating nix-shell..."
+fi

.github/renovate.json

@@ -1,18 +1,76 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:base"
+    "config:recommended",
+    "default:pinDigestsDisabled",
+    "mergeConfidence:all-badges",
+    "docker:disable"
   ],
   "assignees": [
-    "notandy"
+    "notandy",
+    "fwiesel",
+    "mchristianl",
+    "toanju"
+  ],
+  "commitMessageAction": "Renovate: Update",
+  "constraints": {
+    "go": "1.25"
+  },
+  "dependencyDashboardOSVVulnerabilitySummary": "all",
+  "osvVulnerabilityAlerts": true,
+  "postUpdateOptions": [
+    "gomodTidy",
+    "gomodUpdateImportPaths"
   ],
   "packageRules": [
     {
-      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
-      "automerge": true
+      "matchPackageNames": [
+        "/.*/"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "groupName": "External dependencies"
+    },
+    {
+      "matchPackageNames": [
+        "/^github\\.com\\/sapcc\\/.*/"
+      ],
+      "automerge": true,
+      "groupName": "github.com/sapcc"
+    },
+    {
+      "matchPackageNames": [
+        "go",
+        "golang",
+        "actions/go-versions"
+      ],
+      "groupName": "golang",
+      "separateMinorPatch": true
+    },
+    {
+      "matchPackageNames": [
+        "go",
+        "golang",
+        "actions/go-versions"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "major"
+      ],
+      "dependencyDashboardApproval": true
+    },
+    {
+      "matchPackageNames": [
+        "/^k8s.io\\//"
+      ],
+      "allowedVersions": "0.28.x"
     }
   ],
-  "postUpdateOptions": [
-    "gomodTidy"
-  ]
+  "prHourlyLimit": 0,
+  "schedule": [
+    "before 8am on Friday"
+  ],
+  "semanticCommits": "disabled"
 }

.github/workflows/checks.yaml

@@ -1,48 +1,58 @@
+################################################################################
+# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
+# Edit Makefile.maker.yaml instead.                                            #
+################################################################################
+
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company
+# SPDX-License-Identifier: Apache-2.0
+
 name: Checks
-on:
+"on":
   push:
-    tags:
-      - v*
     branches:
       - main
   pull_request:
-
+    branches:
+      - '*'
+  workflow_dispatch: {}
 permissions:
   checks: write
   contents: read
-
 jobs:
   checks:
     name: Checks
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-      - run: go mod edit -json | jq -r .Go | echo "GO_VERSION_FROM_PROJECT=$(cut -d' ' -f2)" >>${GITHUB_ENV}
-      - name: Dependency Review
-        uses: actions/dependency-review-action@v4
+        uses: actions/setup-go@v6
         with:
-          base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
-          deny-licenses: AGPL-1.0, AGPL-3.0, GPL-1.0, GPL-2.0, GPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, BUSL-1.1
-          fail-on-severity: moderate
-          head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
-      - name: Run govulncheck
-        uses: golang/govulncheck-action@v1
+          check-latest: true
+          go-version: 1.25.3
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v8
         with:
-          go-version-input: "${{ env.GO_VERSION_FROM_PROJECT }}"
+          version: latest
+      - name: Delete pre-installed shellcheck
+        run: sudo rm -f $(which shellcheck)
+      - name: Run shellcheck
+        run: make run-shellcheck
+      - name: Dependency Licenses Review
+        run: make check-dependency-licenses
       - name: Check for spelling errors
         uses: reviewdog/action-misspell@v1
         with:
+          exclude: ./vendor/*
           fail_on_error: true
           github_token: ${{ secrets.GITHUB_TOKEN }}
           ignore: importas
           reporter: github-check
       - name: Check if source code files have license header
-        run: |
-          shopt -s globstar
-          go install github.com/google/addlicense@latest
-          addlicense --check -- **/*.go
+        run: make check-addlicense
+      - name: REUSE Compliance Check
+        uses: fsfe/reuse-action@v6
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      - name: Run govulncheck
+        run: govulncheck -format text ./...

.github/workflows/ci.yaml

@@ -0,0 +1,75 @@
+################################################################################
+# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
+# Edit Makefile.maker.yaml instead.                                            #
+################################################################################
+
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company
+# SPDX-License-Identifier: Apache-2.0
+
+name: CI
+"on":
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches:
+      - '*'
+    paths-ignore:
+      - '**.md'
+  workflow_dispatch: {}
+permissions:
+  contents: read
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          check-latest: true
+          go-version: 1.25.3
+      - name: Build all binaries
+        run: make build-all
+  code_coverage:
+    name: Code coverage report
+    if: github.event_name == 'pull_request'
+    needs:
+      - test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+      - name: Post coverage report
+        uses: fgrosse/[email protected]
+        with:
+          coverage-artifact-name: code-coverage
+          coverage-file-name: cover.out
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
+  test:
+    name: Test
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          check-latest: true
+          go-version: 1.25.3
+      - name: Run tests and generate coverage report
+        run: make build/cover.out
+      - name: Archive code coverage results
+        uses: actions/upload-artifact@v4
+        with:
+          name: code-coverage
+          path: build/cover.out

.github/workflows/codeql.yaml

@@ -0,0 +1,44 @@
+################################################################################
+# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
+# Edit Makefile.maker.yaml instead.                                            #
+################################################################################
+
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company
+# SPDX-License-Identifier: Apache-2.0
+
+name: CodeQL
+"on":
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: '00 07 * * 1'
+  workflow_dispatch: {}
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+jobs:
+  analyze:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          check-latest: true
+          go-version: 1.25.3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: go
+          queries: security-extended
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v4
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4