feat(template): add ci options (#67)

* Feature: Add CI in template

Signed-off-by: Steffen Exler <[email protected]>

* Fix azure pipeline

Signed-off-by: Steffen Exler <[email protected]>

* Fix github action semgrep

Signed-off-by: Steffen Exler <[email protected]>

* Fix gitlab

Signed-off-by: Steffen Exler <[email protected]>

* Add CI files to gt build

Signed-off-by: Steffen Exler <[email protected]>

* Use in azure devops pipeline only make test

Signed-off-by: Steffen Exler <[email protected]>

* Remove build package from github actions

Signed-off-by: Steffen Exler <[email protected]>

* Add default os in github action pipeline

Signed-off-by: Steffen Exler <[email protected]>

* Excape github actions expressions

Signed-off-by: Steffen Exler <[email protected]>

* Unify CI statements

Signed-off-by: Steffen Exler <[email protected]>

_template/.azure-pipelines.yml

@@ -0,0 +1,40 @@
+pool:
+  vmImage: ubuntu-latest
+variables:
+  - name: goVersion
+    value: 1.17
+
+stages:
+  - stage: test
+    jobs:
+      - job: GoBuildTest
+        displayName: Lint & Test Go Application
+        steps:
+          - task: GoTool@0
+            displayName: Install Go Binary
+            inputs:
+              version: $(goVersion)
+
+          - bash: make download
+            displayName: Downloads the dependencies
+
+          - bash: make lint
+            displayName: Lints all code with golangci-lint
+
+          - bash: make test
+            displayName: Runs all tests
+
+      - job: Semgrep
+        displayName: Run semgrep security tests
+        steps:
+          - bash: |
+              docker run -v $(pwd):/src --workdir /src returntocorp/semgrep-agent:v1 semgrep-agent \
+              --config p/secrets \
+              --config p/ci \
+              --config p/r2c \
+              --config p/r2c-ci \
+              --config p/docker \
+              --config p/dockerfile \
+              --config p/command-injection \
+              --config p/security-audit
+            displayName: Semgrep

_template/.github/workflows/main.yml

@@ -0,0 +1,58 @@
+---
+# based on https://github.com/mvdan/github-actions-golang
+name: CI
+
+on:
+  pull_request:
+    branches: ["main"]
+    paths-ignore: ["docs/**"]
+
+  push:
+    branches: ["main"]
+    paths-ignore: ["docs/**"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: [1.17.x]
+        os: [ubuntu-latest]
+    runs-on: {{`${{ matrix.os }}`}}
+
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: {{`${{ matrix.go-version }}`}}
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # cache go modules
+      - uses: actions/cache@v2
+        with:
+          # In order:
+          # * Module download cache
+          # * Build cache (Linux)
+          # * Build cache (Mac)
+          # * Build cache (Windows)
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+            ~/Library/Caches/go-build
+            %LocalAppData%\go-build
+          key: {{`${{ runner.os }}`}}-go-{{`${{ hashFiles('**/go.sum') }}`}}
+          restore-keys: |
+            {{`${{ runner.os }}`}}-go-
+
+      - name: Downloads the dependencies
+        run: make download
+
+      - name: Lints all code with golangci-lint
+        run: make lint
+
+      - name: Runs all tests
+        run: make test

_template/.github/workflows/semgrep.yml

@@ -0,0 +1,61 @@
+name: Semgrep
+
+on:
+  # Scan changed files in PRs, block on new issues only (existing issues ignored)
+  pull_request: {}
+
+  # Scan all files on branches, block on any issues
+  # push:
+  #   branches: ["master", "main"]
+
+  # Schedule this job to run at a certain time, using cron syntax
+  # Note that * is a special character in YAML so you have to quote this string
+  # schedule:
+  #   - cron: '30 0 1,15 * *' # scheduled for 00:30 UTC on both the 1st and 15th of the month
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    # Skip any PR created by dependabot to avoid permission issues
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      # Fetch project source
+      - uses: actions/checkout@v2
+
+      - uses: returntocorp/semgrep-action@v1
+        with:
+          config: >- # more at semgrep.dev/explore
+            p/security-audit
+            p/secrets
+            p/ci
+            p/r2c
+            p/r2c-ci
+            p/docker
+            p/dockerfile
+            p/command-injection
+
+        # == Optional settings in the `with:` block
+
+        # Instead of `config:`, use rules set in Semgrep App.
+        # Get your token from semgrep.dev/manage/settings.
+        #   publishToken: {{`${{ secrets.SEMGREP_APP_TOKEN }}`}}
+
+        # Never fail the build due to findings on pushes.
+        # Instead, just collect findings for semgrep.dev/manage/findings
+        #   auditOn: push
+
+        # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
+        # See also the next step.
+        #   generateSarif: "1"
+
+        # Change job timeout (default is 1800 seconds; set to 0 to disable)
+        # env:
+        #   SEMGREP_TIMEOUT: 300
+
+      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
+      # - name: Upload SARIF file for GitHub Advanced Security Dashboard
+      #   uses: github/codeql-action/upload-sarif@v1
+      #   with:
+      #     sarif_file: semgrep.sarif
+      #   if: always()

_template/.gitlab-ci.yml

@@ -0,0 +1,60 @@
+stages:
+  - static_analysis
+  - test
+
+semgrep:
+  stage: static_analysis
+  image: returntocorp/semgrep-agent:v1
+  script: semgrep-agent
+
+  rules:
+  # Scan changed files in MRs, block on new issues only (existing issues ignored)
+  - if: $CI_MERGE_REQUEST_IID
+  # Scan all files on default branch, block on any issues
+  # - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+  variables:
+    SEMGREP_RULES: >- # more at semgrep.dev/explore
+      p/security-audit
+      p/secrets
+      p/ci
+      p/r2c
+      p/r2c-ci
+      p/docker
+      p/dockerfile
+      p/command-injection
+
+  # == Optional settings in the `variables:` block
+
+  # Instead of `SEMGREP_RULES:`, use rules set in Semgrep App.
+  # Get your token from semgrep.dev/manage/settings.
+  #   SEMGREP_APP_TOKEN: $SEMGREP_APP_TOKEN
+
+  # Receive inline MR comments (requires Semgrep App account)
+  # Setup instructions: https://semgrep.dev/docs/notifications/#gitlab-merge-request-comments
+  #   GITLAB_TOKEN: $PAT
+
+  # Never fail the build due to findings on pushes.
+  # Instead, just collect findings for semgrep.dev/manage/findings
+  #   SEMGREP_AUDIT_ON: push
+
+  # Upload findings to GitLab SAST Dashboard [step 1/2]
+  # See also the next step.
+  #   SEMGREP_GITLAB_JSON: "1"
+
+  # Change job timeout (default is 1800 seconds; set to 0 to disable)
+  #   SEMGREP_TIMEOUT: 300
+
+  # Upload findings to GitLab SAST Dashboard (remove `script:` line above) [step 2/2]
+  # script: semgrep-agent --gitlab-json > gl-sast-report.json || true
+  # artifacts:
+  #   reports:
+  #     sast: gl-sast-report.json
+
+golang:
+  stage: test
+  image: golang:1.17
+  script:
+    - make download
+    - make lint
+    - make test

cmd/dotembed/main_test.go

@@ -15,7 +15,13 @@ func Test_Run(t *testing.T) {
 	outputDir := t.TempDir()
 	outputFile := path.Join(outputDir, "test.go")
 
-	dotfiles := []string{path.Join(targetDir, ".gitignore"), path.Join(targetDir, ".dockerignore")}
+	dotfiles := []string{
+		path.Join(targetDir, ".gitignore"),
+		path.Join(targetDir, ".dockerignore"),
+		path.Join(targetDir, ".github"),
+		path.Join(targetDir, ".azure-pipelines.yml"),
+		path.Join(targetDir, ".gitlab-ci.yml"),
+	}
 	for _, file := range dotfiles {
 		_, err := os.Create(path.Join(file))
 		assert.NoError(t, err)

embed_gen.go

@@ -2,5 +2,5 @@ package gotemplate
 
 import "embed"
 
-//go:embed _template _template/.dockerignore _template/.editorconfig _template/.githooks _template/.gitignore _template/.golangci.yml _template/assets/.gitkeep _template/configs/.gitkeep _template/deployments/.gitkeep _template/internal/.gitkeep _template/pkg/.gitkeep
+//go:embed _template _template/.github _template/.azure-pipelines.yml _template/.gitlab-ci.yml  _template/.dockerignore _template/.editorconfig _template/.githooks _template/.gitignore _template/.golangci.yml _template/assets/.gitkeep _template/configs/.gitkeep _template/deployments/.gitkeep _template/internal/.gitkeep _template/pkg/.gitkeep
 var FS embed.FS

pkg/gotemplate/options.go

@@ -310,6 +310,41 @@ Options:
 					},
 				},
 			},
+			{
+				Name: "ci",
+				Options: []Option{
+					{
+						name:         "provider",
+						defaultValue: StaticValue(1),
+						description: StringValue(`Set an CI pipeline provider integration
+			Options:
+			0: No CI
+			1: Github
+			2: Gitlab
+			3: Azure DevOps`),
+						postHook: func(v interface{}, _ *OptionValues, targetDir string) error {
+							ciFiles := map[int][]string{
+								0: {},
+								1: {".github"},
+								2: {".gitlab-ci.yml"},
+								3: {".azure-pipelines.yml"},
+							}
+
+							for i, files := range ciFiles {
+								if i == v.(int) {
+									continue
+								}
+								for _, file := range files {
+									if err := os.RemoveAll(path.Join(targetDir, file)); err != nil {
+										return err
+									}
+								}
+							}
+							return nil
+						},
+					},
+				},
+			},
 			{
 				Name: "grpc",
 				Options: []Option{

pkg/gotemplate/testdata/values.yml

@@ -10,6 +10,8 @@ extensions:
     author: "Marty Mc Fly"
     codeowner: "[email protected]"
     license: 1 # MIT License
+  ci:
+    provider: 1
   grpc:
     base: true
     grpcGateway: false