agilira
diff --git a/‎.github/workflows/dependabot-auto-merge.yml‎
Lines changed: 68 additions & 0 deletions b/‎.github/workflows/dependabot-auto-merge.yml‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎.github/workflows/go-ci-full.yml‎
Lines changed: 128 additions & 0 deletions b/‎.github/workflows/go-ci-full.yml‎
Lines changed: 128 additions & 0 deletions
diff --git a/‎.github/workflows/go-pr-quick.yml‎
Lines changed: 58 additions & 0 deletions b/‎.github/workflows/go-pr-quick.yml‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 45 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 45 additions & 0 deletions
@@ -0,0 +1,68 @@
+name: Dependabot Auto-merge
+
+on:
+  workflow_call:
+    inputs:
+      ci-check-name:
+        description: 'Name of the CI check to wait for'
+        required: false
+        default: 'ci'
+        type: string
+      timeout-seconds:
+        description: 'Timeout in seconds for waiting CI'
+        required: false
+        default: 600
+        type: number
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      
+      - name: Wait for CI checks
+        uses: fountainhead/action-wait-for-check@v1.2.0
+        id: wait-for-ci
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          checkName: ${{ inputs.ci-check-name }}
+          ref: ${{ github.event.pull_request.head.sha }}
+          timeoutSeconds: ${{ inputs.timeout-seconds }}
+          intervalSeconds: 10
+      
+      - name: Auto-merge patch and minor updates
+        if: |
+          (steps.metadata.outputs.update-type == 'version-update:semver-patch' || 
+           steps.metadata.outputs.update-type == 'version-update:semver-minor') &&
+          steps.wait-for-ci.outputs.conclusion == 'success'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Auto-merge GitHub Actions updates
+        if: |
+          steps.metadata.outputs.package-ecosystem == 'github_actions' &&
+          steps.wait-for-ci.outputs.conclusion == 'success'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Comment on major updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
+        run: |
+          gh pr comment "$PR_URL" --body "🔄 **Major version update detected!** This requires manual review before merging."
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,128 @@
+name: Go CI/CD
+
+on:
+  workflow_call:
+    inputs:
+      go-version:
+        description: 'Go version to use'
+        required: false
+        default: 'stable'
+        type: string
+      working-directory:
+        description: 'Working directory for the project'
+        required: false
+        default: '.'
+        type: string
+      codecov-token:
+        description: 'Codecov token for coverage upload'
+        required: false
+        default: ''
+        type: string
+      gosec-config:
+        description: 'Path to gosec configuration file'
+        required: false
+        default: '.gosec.json'
+        type: string
+
+env:
+  CGO_ENABLED: 1
+
+jobs:
+  test:
+    name: Test Suite
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ inputs.working-directory }}
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ inputs.go-version }}
+        cache: true
+        cache-dependency-path: ${{ inputs.working-directory }}/go.sum
+
+    - name: Install Dependencies
+      run: |
+        go install honnef.co/go/tools/cmd/staticcheck@latest
+        go install github.com/securego/gosec/v2/cmd/gosec@latest
+        go install golang.org/x/vuln/cmd/govulncheck@latest
+
+    - name: Go Format Check
+      run: |
+        if [ "$(gofmt -l . | wc -l)" -gt 0 ]; then
+          echo "Code not formatted:"
+          gofmt -l .
+          exit 1
+        fi
+
+    - name: Go Vet
+      run: go vet ./...
+
+    - name: Verify Dependencies
+      run: go mod verify
+
+    - name: Staticcheck
+      run: staticcheck ./...
+
+    - name: Vulnerability Check
+      run: govulncheck ./...
+
+    - name: Security Scan (gosec)
+      continue-on-error: true
+      run: |
+        echo "Running security scan..."
+        if [ -f "${{ inputs.gosec-config }}" ]; then
+          gosec -conf ${{ inputs.gosec-config }} ./... || true
+        else
+          gosec ./... || true
+        fi
+        echo "Security scan completed"
+
+    - name: Test with Race Detection
+      run: go test -race -timeout 5m -v ./...
+
+    - name: Test Coverage
+      run: |
+        go test -coverprofile=coverage.out ./...
+        go tool cover -func=coverage.out
+
+    - name: Upload coverage to Codecov
+      if: ${{ inputs.codecov-token != '' }}
+      uses: codecov/codecov-action@v4
+      with:
+        file: ${{ inputs.working-directory }}/coverage.out
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: false
+        token: ${{ inputs.codecov-token }}
+
+  build:
+    name: Build Matrix
+    runs-on: ${{ matrix.os }}
+    defaults:
+      run:
+        working-directory: ${{ inputs.working-directory }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ inputs.go-version }}
+        cache: true
+        cache-dependency-path: ${{ inputs.working-directory }}/go.sum
+
+    - name: Build
+      run: go build -v ./...
+
+    - name: Short Test (no race, faster)
+      run: go test -short -timeout 30s ./...
@@ -0,0 +1,58 @@
+name: Go PR Quick Check
+
+on:
+  workflow_call:
+    inputs:
+      go-version:
+        description: 'Go version to use'
+        required: false
+        default: 'stable'
+        type: string
+      gosec-excludes:
+        description: 'Gosec rules to exclude (comma-separated)'
+        required: false
+        default: 'G104,G306,G301'
+        type: string
+      working-directory:
+        description: 'Working directory for the project'
+        required: false
+        default: '.'
+        type: string
+
+env:
+  CGO_ENABLED: 1
+
+jobs:
+  quick-test:
+    name: Quick Validation
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ inputs.working-directory }}
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ inputs.go-version }}
+        cache: true
+        cache-dependency-path: ${{ inputs.working-directory }}/go.sum
+
+    - name: Quick Quality Check
+      run: |
+        # Format check
+        test -z "$(gofmt -l .)"
+        
+        # Vet
+        go vet ./...
+        
+        # Basic test
+        go test -short ./...
+
+    - name: Install Security Tools
+      run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+
+    - name: Security Scan
+      run: gosec --exclude=${{ inputs.gosec-excludes }} ./...
@@ -0,0 +1,45 @@
+# Changelog
+
+All notable changes to AGILira Workflow Templates will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.0.0] - 2025-09-29
+
+### Added
+- **Reusable Workflows:**
+  - `go-ci-full.yml` - Comprehensive CI/CD pipeline for Go projects
+  - `go-pr-quick.yml` - Fast PR validation workflow
+  - `dependabot-auto-merge.yml` - Intelligent dependency auto-merging
+  
+- **Configuration Templates:**
+  - `dependabot.yml` - Standard dependabot configuration for Go projects
+  - `.gosec.json` - Security scanner configuration with AGILira standards
+  - `.gitignore` - Comprehensive Go project gitignore template
+  
+- **Documentation:**
+  - Complete README with usage examples
+  - Quick start guide for immediate adoption
+  - Template and workflow documentation
+
+### Features
+- **Go Version Management:** Always use latest stable Go version
+- **Security Integration:** Vulnerability scanning, gosec analysis, dependency verification
+- **Quality Gates:** Format checking, static analysis, race detection
+- **Cross-platform Testing:** Linux, Windows, macOS build matrix
+- **Intelligent Auto-merge:** Safe dependency updates with CI validation
+- **AGILira Standards:** Consistent configuration across all projects
+- **European Timezone:** Dependabot scheduling optimized for Italian development
+
+### Technical Details
+- Enterprise-grade workflow design
+- Configurable inputs for customization
+- Optimized for AGILira project structure
+- MIT licensed for maximum compatibility
+- Semantic versioning for stable API
+
+[Unreleased]: https://github.com/agilira/workflow/compare/v1.0.0...HEAD
+[1.0.0]: https://github.com/agilira/workflow/releases/tag/v1.0.0