coderbirju
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.md
+28 b/‎.github/ISSUE_TEMPLATE/bug_report.md
+28
diff --git a/‎.github/ISSUE_TEMPLATE/config.yaml
+6 b/‎.github/ISSUE_TEMPLATE/config.yaml
+6
diff --git a/‎.github/ISSUE_TEMPLATE/feature_request.md
+19 b/‎.github/ISSUE_TEMPLATE/feature_request.md
+19
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md
+14 b/‎.github/PULL_REQUEST_TEMPLATE.md
+14
diff --git a/‎.github/bin/update-lima-dep.sh
+31 b/‎.github/bin/update-lima-dep.sh
+31
diff --git a/‎.github/dependabot.yaml
+21 b/‎.github/dependabot.yaml
+21
diff --git a/‎.github/workflows/ci.yaml
+118 b/‎.github/workflows/ci.yaml
+118
diff --git a/‎.github/workflows/lint-pr-title.yaml
+20 b/‎.github/workflows/lint-pr-title.yaml
+20
diff --git a/‎.github/workflows/release-please.yaml
+45 b/‎.github/workflows/release-please.yaml
+45
diff --git a/‎.github/workflows/update-deps.yaml
+40 b/‎.github/workflows/update-deps.yaml
+40
@@ -0,0 +1,28 @@
+---
+name: Bug Report
+about: Report a bug to help improve Finch
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+Briefly describe the probem you are having.
+
+
+**Steps to reproduce**
+A clear, step-by-step set of instructions to reproduce the bug.
+
+
+**Expected behavior**
+Description of what you expected to happen.
+
+
+**Screenshots or logs**
+If applicable, add screenshots or logs to help explain your problem.
+
+
+
+**Additional context**
+Add any other context about the problem here.
@@ -0,0 +1,6 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Ask a question 
+    url: https://github.com/runfinch/finch/discussions
+    about: Use GitHub Discussions to ask questions, discuss options, or propose new ideas
+      
@@ -0,0 +1,19 @@
+---
+name: Feature Request
+about: Suggest a new feature for Finch
+title: ''
+labels: 'feature'
+assignees: ''
+
+---
+
+**What is the problem you're trying to solve?.**
+A clear and concise description of the use case for this feature. Please provide an example, if possible.
+
+
+**Describe the feature you'd like**
+A clear and concise description of what you'd like to happen.
+
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
@@ -0,0 +1,14 @@
+Issue #, if available:
+
+*Description of changes:*
+
+*Testing done:*
+
+
+
+- [ ] I've reviewed the guidance in CONTRIBUTING.md
+
+
+#### License Acceptance
+
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+CLOUDFRONT_URL="https://deps.runfinch.com/"
+AARCH64_FILENAME_PATTERN="aarch64/lima-and-qemu.macos-aarch64.[0-9].*\.gz$"
+AMD64_FILENAME_PATTERN="x86-64/lima-and-qemu.macos-x86_64.[0-9].*\.gz$"
+AARCH64="aarch64"
+X86_64="x86-64"
+set -x
+
+while getopts b: flag
+do
+        case "${flag}" in
+            b) bucket=${OPTARG};;
+         esac
+done
+[[ -z "$bucket" ]] && { echo "Error: Bucket not set"; exit 1; }
+
+aarch64Deps=$(aws s3 ls s3://${bucket}/${AARCH64}/ --recursive | grep "$AARCH64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}')
+
+[[ -z "$aarch64Deps" ]] && { echo "Error: aarch64 dependency not found"; exit 1; }
+
+
+amd64Deps=$(aws s3 ls s3://${bucket}/${X86_64}/ --recursive | grep "$AMD64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}')
+
+[[ -z "$amd64Deps" ]] && { echo "Error: x86_64 dependency not found"; exit 1; }
+
+sed -E  -i.bak  's|^([[:blank:]]*LIMA_URL[[:blank:]]*\?=[[:blank:]]*'${CLOUDFRONT_URL}')('${AARCH64_FILENAME_PATTERN}')|\1'$aarch64Deps'|' Makefile
+sed -E  -i.bak  's|^([[:blank:]]*LIMA_URL[[:blank:]]*\?=[[:blank:]]*'${CLOUDFRONT_URL}')('${AMD64_FILENAME_PATTERN}')|\1'$amd64Deps'|'  Makefile
+
+
+
@@ -0,0 +1,21 @@
+version: 2
+updates:
+- package-ecosystem: "gomod"
+  directory: "/"
+  schedule:
+    interval: "daily"
+  commit-message:
+    # When a dependency is updated,
+    # we want release-please to treat the corresponding commit as a releasable unit
+    # because it may contain a security fix.
+    #
+    # Re. how that is achieved, see `changelog-types` in workflows/release-please.yml.
+    prefix: "build"
+    include: "scope"
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "daily"
+  commit-message:
+    prefix: "ci"
+    include: "scope"
@@ -0,0 +1,118 @@
+# When a third-party action is added (i.e., `uses`), please also add it to `download-licenses` in Makefile.
+name: CI
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '*.md'
+  pull_request:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  gen-code-no-diff:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: go.mod
+          cache: true
+      - run: make gen-code
+      - run: git diff --exit-code
+  unit-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          # Since this repository is not meant to be used as a library,
+          # we don't need to test the latest 2 major releases like Go does: https://go.dev/doc/devel/release#policy.
+          go-version-file: go.mod
+          cache: true
+      - run: make test-unit
+  # It's recommended to run golangci-lint in a job separate from other jobs (go test, etc) because different jobs run in parallel.
+  go-linter:
+    runs-on: ubuntu-latest
+    # TODO: Remove this when we make the repos public.
+    env:
+      GOPRIVATE: github.com/runfinch/common-tests
+      ACCESS_TOKEN: ${{ secrets.FINCH_BOT_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: go.mod
+          cache: true
+      # TODO: Remove this when we make the repos public.
+      - run: git config --global url.https://[email protected]/.insteadOf https://github.com/
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Pin the version in case all the builds start to fail at the same time.
+          # There may not be an automatic way (e.g., dependabot) to update a specific parameter of a Github Action,
+          # so we will just update it manually whenever it makes sense (e.g., a feature that we want is added).
+          version: v1.50.0
+          args: --fix=false
+  go-mod-tidy-check:
+    runs-on: ubuntu-latest
+    # TODO: Remove this when we make the repos public.
+    env:
+      GOPRIVATE: github.com/runfinch/common-tests
+      ACCESS_TOKEN: ${{ secrets.FINCH_BOT_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: go.mod
+          cache: true
+      # TODO: Remove this when we make the repos public.
+      - run: git config --global url.https://[email protected]/.insteadOf https://github.com/
+      # TODO: Use `go mod tidy --check` after https://github.com/golang/go/issues/27005 is fixed.
+      - run: go mod tidy
+      - run: git diff --exit-code
+  check-licenses:
+    runs-on: ubuntu-latest
+    # TODO: Remove this when we make the repos public.
+    env:
+      GOPRIVATE: github.com/runfinch/common-tests
+      ACCESS_TOKEN: ${{ secrets.FINCH_BOT_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: go.mod
+          cache: true
+      # TODO: Remove this when we make the repos public.
+      - run: git config --global url.https://[email protected]/.insteadOf https://github.com/
+      - run: make check-licenses
+  e2e-tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [[self-hosted, macos, amd64, 11.7], [self-hosted, macos, amd64, 12.6], [self-hosted, macos, arm64, 11.7], [self-hosted, macos, arm64, 12.6]]
+    runs-on: ${{ matrix.os }} 
+    # TODO: Remove this when we make the repos public
+    env:
+      ACCESS_TOKEN: ${{ secrets.FINCH_BOT_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Clean up previous files
+        run: |
+          sudo rm -rf /opt/finch
+          sudo rm -rf ~/.finch
+      - run: brew install go lz4 automake autoconf libtool 
+      - name: Build project
+        run: |
+          export PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH"
+          which libtool
+          make
+      # TODO: Remove this when we make the repos public
+      - name: Configure repo access
+        run: git config --global url.https://[email protected]/.insteadOf https://github.com/
+      - run: make test-e2e
@@ -0,0 +1,20 @@
+# When a third-party action is added (i.e., `uses`), please also add it to `download-licenses` in Makefile.
+name: "Lint PR Title"
+
+on:
+  # TODO: Change to pull_request_target after the repo is public.
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+
+jobs:
+  main:
+    name: conventional-commit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,45 @@
+# When a third-party action is added (i.e., `uses`), please also add it to `download-licenses` in Makefile.
+on:
+  push:
+    branches:
+      - main
+name: release-please
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        with:
+          release-type: go
+          package-name: finch
+          # Include 'build' in the changelog and
+          # make it a releasable unit (patch version bump) because dependabot PRs uses it.
+          # For more details, see ../dependabot.yml.
+          #
+          # The mapping from type to section comes from conventional-commit-types [1]
+          # which is used by action-semantic-pull-request [2],
+          # which is used by us.
+          #
+          # [1] https://github.com/commitizen/conventional-commit-types/blob/master/index.json
+          # [2] https://github.com/amannn/action-semantic-pull-request/blob/0b14f54ac155d88e12522156e52cb6e397745cfd/README.md?plain=1#L60
+          changelog-types: >
+            [
+              {
+                "type":"feat",
+                "section":"Features",
+                "hidden":false
+              },
+              {
+                "type":"fix",
+                "section":"Bug Fixes",
+                "hidden":false
+              },
+              {
+                "type":"build",
+                "section":"Build System or External Dependencies",
+                "hidden":false
+              }
+            ]
+          # Before we are at v1.0.0
+          bump-minor-pre-major: true
+
@@ -0,0 +1,40 @@
+name: Update dependencies
+on:
+  workflow_dispatch:
+
+permissions:
+  # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
+  # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
+  id-token: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-deps:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.ROLE }}
+          role-session-name: dependency-upload-session
+          aws-region: ${{ secrets.REGION }}
+
+      # This step fetches the latest set of released dependencies from s3 and updates the Makefile to use the same.
+      - name: update dependencies url
+        run: |
+          ./.github/bin/update-lima-dep.sh -b ${{ secrets.DEPENDENCY_BUCKET_NAME }}
+
+      - name: create PR
+        uses: peter-evans/create-pull-request@v4
+        with:
+          # A Personal Access Token instead of the default `GITHUB_TOKEN` is required
+          # to trigger the checks (e.g., e2e tests) on the created pull request.
+          # More info: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
+          # TODO: Use FINCH_BOT_TOKEN instead of GITHUB_TOKEN.
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # TODO: Add updated lima version in the title.
+          title: 'build(deps): Bump lima version'