add github stuff

Author: lucarin91

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+/.github/CODEOWNERS @bcmi-labs/team_tooling
+* @bcmi-labs/team_tooling

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,19 @@
+### Motivation
+
+<!-- Why this pull request? -->
+
+### Change description
+
+<!-- What does your code do? -->
+
+### Additional Notes
+
+<!-- Link any useful metadata: Jira task, GitHub issue, ... -->
+
+### Reviewer checklist
+
+- [ ] PR addresses a single concern.
+- [ ] PR title and description are properly filled.
+- [ ] Changes will be merged in `main`.
+- [ ] Changes are covered by tests.
+- [ ] Logging is meaningful in case of troubleshooting.

.github/workflows/check-license.yml

@@ -0,0 +1,81 @@
+# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-license.md
+name: Check License
+
+env:
+  EXPECTED_LICENSE_FILENAME: LICENSE
+  # SPDX identifier: https://spdx.org/licenses/
+  EXPECTED_LICENSE_TYPE: GPL-3.0
+
+# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+  push:
+    paths:
+      - ".github/workflows/check-license.ya?ml"
+      - ".licenses/**"
+      - ".licensed.json"
+      - ".licensed.ya?ml"
+      - "Taskfile.ya?ml"
+      - "**/.gitmodules"
+      - "**/go.mod"
+      - "**/go.sum"
+  pull_request:
+    paths:
+      - ".github/workflows/check-license.ya?ml"
+      - ".licenses/**"
+      - ".licensed.json"
+      - ".licensed.ya?ml"
+      - "Taskfile.ya?ml"
+      - "**/.gitmodules"
+      - "**/go.mod"
+      - "**/go.sum"
+  workflow_dispatch:
+  repository_dispatch:
+
+jobs:
+  check-license:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ruby # Install latest version
+
+      - name: Install Task
+        uses: arduino/setup-task@v2
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          version: 3.x
+
+      - name: Install licensee
+        run: gem install licensee
+
+      - name: Check license file
+        run: |
+          EXIT_STATUS=0
+          # See: https://github.com/licensee/licensee
+          LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)"
+
+          DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')"
+          echo "Detected license file: $DETECTED_LICENSE_FILE"
+          if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then
+            echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME"
+            EXIT_STATUS=1
+          fi
+
+          DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')"
+          echo "Detected license type: $DETECTED_LICENSE_TYPE"
+          if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then
+            echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\""
+            EXIT_STATUS=1
+          fi
+
+          exit $EXIT_STATUS
+
+      - name: Check debian copyright file
+        run: |
+          task update-deb-copyright
+          git diff --color --exit-code

.github/workflows/checks.yaml

@@ -0,0 +1,47 @@
+name: Test Go
+
+env:
+  GITHUB_TOKEN: ${{ secrets.ARDUINOBOT_TOKEN }}
+  GITHUB_USERNAME: ArduinoBot
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+# In the same branch only 1 workflow per time can run. In case we're not in the
+# main branch we cancel previous running workflow
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+permissions:
+  contents: read
+  # Used by the buf to create a comment with a brief summary of failing tets
+  pull-requests: write
+
+jobs:
+  run-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure credential to download private go modules
+        run: |
+          echo "machine github.com login $GITHUB_USERNAME password $GITHUB_TOKEN" > ~/.netrc
+
+      - uses: dprint/[email protected]
+        with:
+          dprint-version: 0.48.0
+
+      - uses: golangci/golangci-lint-action@v8
+        with:
+          version: v2.4.0
+          args: --timeout 300s
+
+      - name: Check go mod
+        run: |
+          go mod tidy
+          git diff --color --exit-code
+

.github/workflows/go-test.yml

@@ -0,0 +1,32 @@
+name: Run Go Tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+env:
+  GO_VERSION: "1.25.1"
+
+jobs:
+  go-test-orchestrator:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install Task
+        uses: arduino/setup-task@v2
+        with:
+          version: 3.x
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Run tests
+        run: go test -v --race ./...
+

.github/workflows/release.yml

@@ -0,0 +1,197 @@
+name: Release remoteocd
+
+on:
+  push:
+    tags:
+      - "*" # Trigger on all tags
+
+env:
+  GO_VERSION: "1.25.1"
+  PROJECT_NAME: "remoteocd"
+  GITHUB_TOKEN: ${{ secrets.ARDUINOBOT_TOKEN }}
+  GITHUB_USERNAME: ArduinoBot
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [linux, darwin]
+        arch: [amd64, arm64]
+        ext: [""]
+        include:
+          - os: windows
+            arch: amd64
+            ext: .exe
+          - os: windows
+            arch: arm64
+            ext: .exe
+
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Extract version
+        shell: bash
+        run: |
+          TAG_NAME="${GITHUB_REF##*/}"
+          VERSION="${TAG_NAME#remoteocd-}" # Remove 'remoteocd-' prefix
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+          echo "PACKAGE_NAME=${{ env.PROJECT_NAME }}-${VERSION}-${{ matrix.os }}-${{ matrix.arch }}" >> $GITHUB_ENV
+          echo "BINARY_NAME=${{ env.PROJECT_NAME }}${{ matrix.ext }}" >> $GITHUB_ENV
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Build Binary
+        env:
+          GOARCH: ${{ matrix.arch }}
+          GOOS: ${{ matrix.os }}
+        run: |
+          mkdir -p ./build/${{ env.PACKAGE_NAME }}
+          go build -v -ldflags "-X 'main.Version=${{ env.VERSION }}'" \
+            -o ../build/${{ env.PACKAGE_NAME }}/${{ env.BINARY_NAME}}\
+            .
+
+      - name: Prepare Build Artifacts [windows]
+        if: ${{ matrix.os == 'windows' }}
+        run: |
+          cd build \
+            && zip -r ./${{ env.PACKAGE_NAME }}.zip ${{ env.PACKAGE_NAME }} \
+            && rm -r ./${{ env.PACKAGE_NAME }}
+      - name: Prepare Build Artifacts [!windows]
+        if: ${{ matrix.os != 'windows' }}
+        run: |
+          tar -czf ./build/${{ env.PACKAGE_NAME}}.tar.gz -C ./build ${{ env.PACKAGE_NAME }}
+          rm -r ./build/${{ env.PACKAGE_NAME }}
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: binaries-${{ matrix.os }}-${{ matrix.arch }}
+          path: build/
+
+  generate-index:
+    needs: build
+    runs-on: ubuntu-22.04
+    environment: staging
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Download Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: binaries-*
+          merge-multiple: true
+          path: dist/
+
+      - name: Extract version
+        shell: bash
+        run: |
+          TAG_NAME="${GITHUB_REF##*/}"
+          VERSION="${TAG_NAME#remoteocd-}" # Remove 'remoteocd-' prefix
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      - name: Generate JSON index
+        shell: bash
+        env:
+          VERSION: ${{ env.VERSION }}
+          TOOL_NAME: remoteocd
+          BASE_URL: https://arduino:[email protected]/tools
+        run: |
+          set -e
+
+          map_os_arch() {
+            case "$1" in
+              linux-amd64)
+                echo "x86_64-linux-gnu"
+                ;;
+              linux-arm64)
+                echo "aarch64-linux-gnu"
+                ;;
+              windows-amd64)
+                echo "x86_64-mingw32"
+                ;;
+              windows-arm64)
+                echo "arm64-mingw32"
+                ;;
+              darwin-amd64)
+                echo "x86_64-apple-darwin"
+                ;;
+              darwin-arm64)
+                echo "arm64-apple-darwin"
+                ;;
+              *)
+                echo "Unknown os-arch: $os_arch"
+                ;;
+            esac
+          }
+
+          systems="[]"
+
+          for file in dist/*; do
+            filename=$(basename "$file")
+
+            # Remove prefix and suffix to get host
+            basename_no_prefix=${filename#"${TOOL_NAME}-${VERSION}-"}
+            os_arch=${basename_no_prefix%.tar.gz}
+            os_arch=${os_arch%.zip}
+            host=$(map_os_arch "$os_arch")
+
+            checksum=$(sha256sum "$file" | awk '{print $1}')
+            size=$(stat --format="%s" "$file")
+            url="${BASE_URL}/${filename}"
+
+            system_entry=$(jq -n \
+              --arg host "$host" \
+              --arg url "$url" \
+              --arg archiveFileName "$filename" \
+              --arg checksum "SHA-256:$checksum" \
+              --argjson size "$size" \
+              '{
+                host: $host,
+                url: $url,
+                archiveFileName: $archiveFileName,
+                checksum: $checksum,
+                size: $size
+              }')
+
+            systems=$(echo "$systems" | jq --argjson entry "$system_entry" '. + [$entry]')
+          done
+
+          jq -n \
+            --arg name "$TOOL_NAME" \
+            --arg version "$VERSION" \
+            --argjson systems "$systems" \
+            '{
+              name: $name,
+              version: $version,
+              systems: $systems
+            }' > tool_index.json
+
+      - name: Upload artifacts index
+        uses: ncipollo/release-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: false
+          prerelease: true
+          artifacts: tool_index.json,dist/*
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: "us-east-1"
+          role-to-assume: "arn:aws:iam::257442868231:role/static-website/orchestrator"
+          role-session-name: "GHA_to_AWS_via_OIDC_for_orchestrator"
+      - name: Upload to S3
+        run: |
+          aws s3 sync dist/ s3://apt-repo.oniudra.cc/tools/