use go-makefile-maker

.dockerignore

@@ -0,0 +1,18 @@
+.dockerignore
+# TODO: uncomment when applications no longer use git to get version information
+#.git/
+.github/
+.gitignore
+.goreleaser.yml
+/*.env*
+.golangci.yaml
+build/
+CONTRIBUTING.md
+Dockerfile
+docs/
+LICENSE*
+Makefile.maker.yaml
+README.md
+report.html
+shell.nix
+/testing/

.github/renovate.json

@@ -0,0 +1,57 @@
+{
+  "extends": [
+    "config:base",
+    "default:pinDigestsDisabled",
+    "github>whitesource/merge-confidence:beta",
+    "docker:disable"
+  ],
+  "assignees": [
+    "defo89",
+    "SchwarzM",
+    "xsen84",
+    "goerangudat"
+  ],
+  "commitMessageAction": "Renovate: Update",
+  "constraints": {
+    "go": "1.21"
+  },
+  "postUpdateOptions": [
+    "gomodTidy",
+    "gomodUpdateImportPaths"
+  ],
+  "packageRules": [
+    {
+      "matchPackageNames": [
+        "golang"
+      ],
+      "allowedVersions": "1.21.x"
+    },
+    {
+      "matchPackagePatterns": [
+        "^github\\.com\\/sapcc\\/.*"
+      ],
+      "automerge": true,
+      "groupName": "github.com/sapcc"
+    },
+    {
+      "excludePackagePatterns": [
+        "^github\\.com\\/sapcc\\/.*"
+      ],
+      "matchPackagePatterns": [
+        ".*"
+      ],
+      "groupName": "External dependencies"
+    },
+    {
+      "matchPackagePrefixes": [
+        "k8s.io/"
+      ],
+      "allowedVersions": "0.27.x"
+    }
+  ],
+  "prHourlyLimit": 0,
+  "schedule": [
+    "before 8am on Friday"
+  ],
+  "semanticCommits": "disabled"
+}

.github/workflows/checks.yaml

@@ -0,0 +1,50 @@
+################################################################################
+# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
+# Edit Makefile.maker.yaml instead.                                            #
+################################################################################
+
+name: Checks
+"on":
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - '*'
+permissions:
+  checks: write
+  contents: read
+jobs:
+  checks:
+    name: Checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          check-latest: true
+          go-version: "1.21"
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
+          deny-licenses: AGPL-1.0, AGPL-3.0, GPL-1.0, GPL-2.0, GPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, BUSL-1.1
+          fail-on-severity: moderate
+          head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
+      - name: Run govulncheck
+        uses: golang/govulncheck-action@v1
+      - name: Check for spelling errors
+        uses: reviewdog/action-misspell@v1
+        with:
+          exclude: ./vendor/*
+          fail_on_error: true
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          ignore: importas
+          reporter: github-check
+      - name: Check if source code files have license header
+        run: |
+          shopt -s globstar
+          go install github.com/google/addlicense@latest
+          addlicense --check -ignore "vendor/**" -- **/*.go

.github/workflows/ci.yaml

@@ -0,0 +1,59 @@
+################################################################################
+# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
+# Edit Makefile.maker.yaml instead.                                            #
+################################################################################
+
+name: CI
+"on":
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches:
+      - '*'
+    paths-ignore:
+      - '**.md'
+permissions:
+  contents: read
+jobs:
+  buildAndLint:
+    name: Build & Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          check-latest: true
+          go-version: "1.21"
+      - name: Build all binaries
+        run: make build-all
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
+  test:
+    name: Test
+    needs:
+      - buildAndLint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          check-latest: true
+          go-version: "1.21"
+      - name: Run tests and generate coverage report
+        run: make build/cover.out
+      - name: Upload coverage report to Coveralls
+        env:
+          COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_BRANCH: ${{ github.head_ref }}
+        run: |
+          go install github.com/mattn/goveralls@latest
+          goveralls -service=github -coverprofile=build/cover.out

.github/workflows/codeql.yaml

@@ -0,0 +1,39 @@
+################################################################################
+# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
+# Edit Makefile.maker.yaml instead.                                            #
+################################################################################
+
+name: CodeQL
+"on":
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: '00 07 * * 1'
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          check-latest: true
+          go-version: "1.21"
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: go
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.golangci.yaml

@@ -0,0 +1,141 @@
+################################################################################
+# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
+# Edit Makefile.maker.yaml instead.                                            #
+################################################################################
+
+run:
+  deadline: 3m # 1m by default
+  modules-download-mode: vendor
+
+output:
+  # Do not print lines of code with issue.
+  print-issued-lines: false
+
+issues:
+  exclude:
+    # It is idiomatic Go to reuse the name 'err' with ':=' for subsequent errors.
+    # Ref: https://go.dev/doc/effective_go#redeclaration
+    - 'declaration of "err" shadows declaration at'
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - bodyclose
+  # '0' disables the following options.
+  max-issues-per-linter: 0
+  max-same-issues: 0
+
+linters-settings:
+  dupl:
+    # Tokens count to trigger issue, 150 by default.
+    threshold: 100
+  errcheck:
+    # Report about assignment of errors to blank identifier.
+    check-blank: true
+    # Report about not checking of errors in type assertions.
+    check-type-assertions: true
+  forbidigo:
+    forbid:
+      # ioutil package has been deprecated: https://github.com/golang/go/issues/42026
+      - ^ioutil\..*$
+      # Using http.DefaultServeMux is discouraged because it's a global variable that some packages silently and magically add handlers to (esp. net/http/pprof).
+      # Applications wishing to use http.ServeMux should obtain local instances through http.NewServeMux() instead of using the global default instance.
+      - ^http\.DefaultServeMux$
+      - ^http\.Handle(?:Func)?$
+  gocritic:
+    enabled-checks:
+      - boolExprSimplify
+      - builtinShadow
+      - emptyStringTest
+      - evalOrder
+      - httpNoBody
+      - importShadow
+      - initClause
+      - methodExprCall
+      - paramTypeCombine
+      - preferFilepathJoin
+      - ptrToRefParam
+      - redundantSprint
+      - returnAfterHttpError
+      - stringConcatSimplify
+      - timeExprSimplify
+      - truncateCmp
+      - typeAssertChain
+      - typeUnparen
+      - unnamedResult
+      - unnecessaryBlock
+      - unnecessaryDefer
+      - weakCond
+      - yodaStyleExpr
+  goimports:
+    # Put local imports after 3rd-party packages.
+    local-prefixes: github.com/sapcc/ccloud-nodeCIDR-controller
+  gosec:
+    excludes:
+      # gosec wants us to set a short ReadHeaderTimeout to avoid Slowloris attacks, but doing so would expose us to Keep-Alive race conditions (see https://iximiuz.com/en/posts/reverse-proxy-http-keep-alive-and-502s/)
+      - G112
+      # created file permissions are restricted by umask if necessary
+      - G306
+  govet:
+    # Report about shadowed variables.
+    check-shadowing: true
+  nolintlint:
+    require-specific: true
+  stylecheck:
+    dot-import-whitelist:
+      - github.com/onsi/ginkgo/v2
+      - github.com/onsi/gomega
+  usestdlibvars:
+    constant-kind: true
+    crypto-hash: true
+    default-rpc-path: true
+    http-method: true
+    http-status-code: true
+    os-dev-null: true
+    rpc-default-path: true
+    time-weekday: true
+    time-month: true
+    time-layout: true
+    tls-signature-scheme: true
+  whitespace:
+    # Enforce newlines (or comments) after multi-line function signatures.
+    multi-func: true
+
+linters:
+  # We use 'disable-all' and enable linters explicitly so that a newer version
+  # does not introduce new linters unexpectedly.
+  disable-all: true
+  enable:
+    - bodyclose
+    - containedctx
+    - dupl
+    - dupword
+    - durationcheck
+    - errcheck
+    - errorlint
+    - exportloopref
+    - forbidigo
+    - ginkgolinter
+    - gocheckcompilerdirectives
+    - gocritic
+    - gofmt
+    - goimports
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - noctx
+    - nolintlint
+    - nosprintfhostport
+    - perfsprint
+    - rowserrcheck
+    - sqlclosecheck
+    - staticcheck
+    - stylecheck
+    - tenv
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - usestdlibvars
+    - whitespace