jlec
diff --git a/‎.checkov.yaml
Lines changed: 6 additions & 0 deletions b/‎.checkov.yaml
Lines changed: 6 additions & 0 deletions
diff --git a/‎.cruft.json
Lines changed: 32 additions & 0 deletions b/‎.cruft.json
Lines changed: 32 additions & 0 deletions
diff --git a/‎.envrc
Lines changed: 13 additions & 0 deletions b/‎.envrc
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/dependabot.yml
Lines changed: 46 additions & 0 deletions b/‎.github/dependabot.yml
Lines changed: 46 additions & 0 deletions
diff --git a/‎.github/workflows/cd.yml
Lines changed: 51 additions & 0 deletions b/‎.github/workflows/cd.yml
Lines changed: 51 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml
Lines changed: 75 additions & 0 deletions b/‎.github/workflows/ci.yml
Lines changed: 75 additions & 0 deletions
@@ -0,0 +1,6 @@
+---
+skip-check:
+  - CKV_K8S_15 # IfNotPresent should be tolerable
+  - CKV_K8S_21 # Default Namespace
+  - CKV_K8S_38 # Service Account token mount
+  - CKV_K8S_43 # Image hash
@@ -0,0 +1,32 @@
+{
+  "template": "[email protected]:jlec/cookiecutter-general.git",
+  "commit": "149d69fa35e5dfcffd750c2f2c5fca9ba9b728eb",
+  "checkout": null,
+  "context": {
+    "cookiecutter": {
+      "email": "[email protected]",
+      "full_name": "Justin Lecher",
+      "github_owner": "jlec",
+      "github_repo": "terraform-provider-turing-pi-bmc",
+      "project_name": "TF provider for Turing PI BMC",
+      "project_short_description": "TF provider for Turing PI BMC",
+      "project_slug": "terraform_provider_turing_pi_bmc",
+      "project_support_ansible": false,
+      "project_support_ansible_collection": false,
+      "project_support_ansible_playbook": false,
+      "project_support_ansible_role": false,
+      "project_support_golang": true,
+      "project_support_nomad": false,
+      "project_support_packer": false,
+      "project_support_terraform": true,
+      "project_support_terraform_module": true,
+      "project_support_kubernetes": false,
+      "_copy_without_render": [
+        "charts/README.md.gotmpl"
+      ],
+      "_go_app_name": "goer",
+      "_template": "[email protected]:jlec/cookiecutter-general.git"
+    }
+  },
+  "directory": null
+}
@@ -0,0 +1,13 @@
+# shellcheck shell=bash
+# shellcheck disable=SC1083,SC1090
+
+set -o errexit
+
+source_env_if_exists "$(realpath ../.envrc)"
+
+__RC=(
+)
+for i in "${__RC[@]}"; do
+	. "${HOME}/.${i}.rc"
+done
+unset __RC i
@@ -0,0 +1,46 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 8
+    assignees:
+      - "jlec"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 8
+    assignees:
+      - "jlec"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    registries: "*"
+    open-pull-requests-limit: 8
+    assignees:
+      - "jlec"
+  - package-ecosystem: "terraform"
+    directory: "/deployment"
+    schedule:
+      interval: "weekly"
+    registries: "*"
+    open-pull-requests-limit: 8
+    assignees:
+      - "jlec"
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    registries: "*"
+    open-pull-requests-limit: 8
+    assignees:
+      - "jlec"
+registries:
+  terraform-jlec:
+    type: terraform-registry
+    url: https://app.terraform.io/
+    token: ${{ secrets.TFE_TOKEN_DEPENDABOT }}
@@ -0,0 +1,51 @@
+---
+name: Continuous Delivery
+
+# yamllint disable-line rule:truthy
+on:
+  # yamllint disable-line rule:empty-values
+  workflow_dispatch:
+
+  push:
+    branches:
+      - main
+
+permissions: read-all
+
+jobs:
+  goreleaser:
+    name: "GO Releaser"
+    if: >-
+      startsWith(github.event.head_commit.message, 'bump:')
+    uses: jlec/github-actions/.github/workflows/reusable-cd-go.yml@main
+    permissions:
+      contents: write
+      statuses: write
+    secrets:
+      pat: ${{ secrets.PAT_GITHUB_TOKEN }}
+      token: ${{ secrets.GITHUB_TOKEN }}
+      tfe_release_token: ${{ secrets.TFE_RELEASE_KEY }}
+      gpg_release_key: ${{ secrets.GPG_RELEASE_KEY }}
+  release-and-clean:
+    name: Release the code & clean up
+    if: >-
+      startsWith(github.event.head_commit.message, 'bump:')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      statuses: write
+    needs:
+      - goreleaser
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.ref_name }}
+      - name: Cleanup action status
+        uses: ouzi-dev/commit-status-updater@v2
+        with:
+          status: "success"
+          token: ${{ secrets.GITHUB_TOKEN }}
+          name: "GithubActions - ${GITHUB_WORKFLOW}"
+          ignoreForks: true
@@ -0,0 +1,75 @@
+---
+name: Continuous Integration
+
+# yamllint disable-line rule:truthy
+on:
+  # yamllint disable-line rule:empty-values
+  workflow_dispatch:
+
+  # yamllint disable-line rule:empty-values
+  pull_request:
+
+  push:
+    branches:
+      - "*"
+    tags-ignore:
+      - "**"
+
+permissions: read-all
+
+jobs:
+  ##############################################################################
+  #
+  # Run on everything but Releases and WIP
+  #
+  ##############################################################################
+  linting:
+    if: >-
+      !startsWith(github.event.head_commit.message, 'bump:') &&
+      !startsWith(github.event.head_commit.message, 'WIP')
+    name: "Run Linting against all files"
+    uses: jlec/github-actions/.github/workflows/reusable-linting.yml@main
+  go-build-test:
+    name: "GO Build & Test"
+    if: >-
+      ${{ github.actor != 'dependabot[bot]' }} &&
+      !startsWith(github.event.head_commit.message, 'bump:') &&
+      !startsWith(github.event.head_commit.message, 'WIP')
+    needs:
+      - linting
+    uses: jlec/github-actions/.github/workflows/reusable-ci-go.yml@main
+    secrets:
+      pat: ${{ secrets.PAT_GITHUB_TOKEN }}
+
+  dependabot:
+    name: "Handle dependabot PR"
+    if: >-
+      ${{ github.actor == 'dependabot[bot]' }} &&
+      !startsWith(github.event.head_commit.message, 'bump:') &&
+      !startsWith(github.event.head_commit.message, 'WIP')
+    needs:
+      - linting
+    uses: jlec/github-actions/.github/workflows/reusable-pr-dependabot.yml@main
+    permissions:
+      contents: write
+      pull-requests: write
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
+
+  ci-generic:
+    name: "Run generic CI"
+    if: >-
+      ${{ github.actor != 'dependabot[bot]' }} &&
+      !startsWith(github.event.head_commit.message, 'bump:') &&
+      !startsWith(github.event.head_commit.message, 'WIP')
+    needs:
+      - go-build-test
+      - dependabot
+      - linting
+    uses: jlec/github-actions/.github/workflows/reusable-ci-generic.yml@main
+    permissions:
+      contents: write
+      pull-requests: write
+    secrets:
+      pat: ${{ secrets.PAT_GITHUB_TOKEN }}
+      token: ${{ secrets.GITHUB_TOKEN }}