diff --git a/.github/workflows/gitleaks-scanning.yml b/.github/workflows/gitleaks-scanning.yml deleted file mode 100644 index fe88e87..0000000 --- a/.github/workflows/gitleaks-scanning.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: gitleaks -on: - pull_request: - push: - workflow_dispatch: - schedule: - - cron: "0 4 * * *" # run once a day at 4 AM -jobs: - scan: - name: gitleaks - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v7 - with: - fetch-depth: 0 - - uses: gitleaks/gitleaks-action@v3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} \ No newline at end of file diff --git a/.github/workflows/osv-scanner-pr.yml b/.github/workflows/osv-scanner-pr.yml deleted file mode 100644 index 4951186..0000000 --- a/.github/workflows/osv-scanner-pr.yml +++ /dev/null @@ -1,21 +0,0 @@ -# https://google.github.io/osv-scanner/github-action/#scan-on-pull-request -name: OSV-Scanner PR Scan - -# Change "main" to your default branch if you use a different name, i.e. "master" -on: - pull_request: - branches: [main] - merge_group: - branches: [main] - -permissions: - # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117 - actions: read - # Require writing security events to upload SARIF file to security tab - security-events: write - # Only need to read contents - contents: read - -jobs: - scan-pr: - uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.3.8 \ No newline at end of file diff --git a/.github/workflows/osv-scanner-release.yml b/.github/workflows/osv-scanner-release.yml deleted file mode 100644 index d543db9..0000000 --- a/.github/workflows/osv-scanner-release.yml +++ /dev/null @@ -1,54 +0,0 @@ -# https://google.github.io/osv-scanner/github-action/#scan-on-release -name: Go Release Process - -on: - push: - tags: - - "*" # triggers only if push new tag version, like `0.8.4` or else - -permissions: - # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117 - actions: read - # Require writing security events to upload SARIF file to security tab - security-events: write - # to fetch code (actions/checkout) - contents: read - -jobs: - osv-scan: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.3.8" - with: - # Recursive scan supports multiple ecosystems: - # Go, Node.js, Python, Rust, Java, etc. - scan-args: |- - ./ - permissions: - # Require writing security events to upload SARIF file to security tab - security-events: write - tests: - name: Run unit tests - runs-on: ubuntu-latest - steps: - - name: Placeholder test step - run: echo "Configure project-specific tests here" - # Replace placeholder steps with actual project tests - # Examples: - # npm test - # go test ./... - # pytest - # cargo test - release: - needs: # Needs both tests and osv-scan to pass - - tests - - osv-scan - runs-on: ubuntu-latest - # Your actual release steps - steps: - - name: Placeholder release step - run: echo "Configure release steps here" - # Add actual release/build/publish steps here - # Examples: - # - Build binaries - # - Publish Docker image - # - Create GitHub Release - # - Upload artifacts diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-scheduled.yml deleted file mode 100644 index f21ed7a..0000000 --- a/.github/workflows/osv-scanner-scheduled.yml +++ /dev/null @@ -1,21 +0,0 @@ -# https://google.github.io/osv-scanner/github-action/#scheduled-scans -name: OSV-Scanner Scheduled Scan - -on: - schedule: - - cron: "30 12 * * 1" - # Change "main" to your default branch if you use a different name, i.e. "master" - push: - branches: [main] - -permissions: - # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117 - actions: read - # Require writing security events to upload SARIF file to security tab - security-events: write - # Only need to read contents - contents: read - -jobs: - scan-scheduled: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.8" \ No newline at end of file diff --git a/.github/workflows/release-goreleaser.yml b/.github/workflows/release-goreleaser.yml deleted file mode 100644 index f864893..0000000 --- a/.github/workflows/release-goreleaser.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Release -concurrency: - group: release-${{ github.ref }} - cancel-in-progress: false -on: - push: - tags: ["v*.*.*"] -jobs: - release: - name: Release with GoReleaser - runs-on: ubuntu-latest - permissions: - contents: write - packages: write # [DOCKER] Required for ghcr.io push - id-token: write # [SIGNING] Required for cosign keyless signing - steps: - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 - with: - fetch-depth: 0 # Full history needed for changelog - persist-credentials: false # Avoid exposing token to submodules - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # [NODE] Remove if not a Node.js project - with: - node-version: '20' - cache: '' - # [PYTHON] Add: actions/setup-python@v5 with python-version: '3.12' - # [DOCKER] Add: docker/setup-buildx-action@v3 + docker/login-action@v3 - # [GO] Add: actions/setup-go@v5 with go-version: stable - - uses: goreleaser/goreleaser-action@f06c13b6b1a9625abc9e6e439d9c05a8f2190e94 - with: - version: latest - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # [NODE] - # DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} # [DOCKER] \ No newline at end of file diff --git a/.goreleaser.yaml b/.goreleaser.yaml deleted file mode 100644 index 16a9ffb..0000000 --- a/.goreleaser.yaml +++ /dev/null @@ -1,198 +0,0 @@ -# https://goreleaser.com/customization/ -# 1. Uncomment only the sections relevant to your project type -# 2. Fill in placeholders marked with -# 3. Run `goreleaser check` to validate before pushing - -version: 2 - -project_name: template-repo # replace with project name e.g. my-tool, my-project - -# before: -# hooks: - # Clean up build artifacts before release - # - go mod tidy # [GO] uncomment if Go project - # - npm ci # [NODE] Uncomment for Node.js projects - # - bun install --frozen # [NODE/BUN] Uncomment for Bun projects - -env: - - GITHUB_TOKEN={{ .Env.GITHUB_TOKEN }} - # - NPM_TOKEN={{ .Env.NPM_TOKEN }} # [NODE] Uncomment if publishing to npm - # - DOCKER_USERNAME={{ .Env.DOCKER_USERNAME }} # [DOCKER] Uncomment if pushing to Docker Hub - -# builds: -# # [GO] — Go binary build (most common for CLI tools, GitHub Actions runners) -# - id: go-build -# builder: go -# main: ./main.go # Entry point — change to ./cmd//main.go if needed -# binary: template-repo # Output binary name e.g. my-project -# env: -# - CGO_ENABLED=0 # Disable CGO for static binaries (recommended for Actions) -# goos: -# - linux -# - darwin -# - windows -# goarch: -# - amd64 -# - arm64 -# ldflags: -# # Embed version info at build time -# - -s -w -# - -X main.version={{ .Version }} -# - -X main.commit={{ .Commit }} -# - -X main.date={{ .Date }} - # [GO] Uncomment if building multiple binaries from the same repo - # targets: - # - linux_amd64 - # - linux_arm64 - # - darwin_amd64 - # - darwin_arm64 - # - windows_amd64 - - # [NODE] — Node.js project build, Uncomment this entire block if your project is Node.js/Bun based - # - id: node-build - # builder: node - # command: build # Runs `npm run build` or equivalent - # ids: [] - # # For Bun projects, replace builder with: - # # builder: bun - # # command: build - - # [PYTHON] — Python project (uv/poetry),Uncomment this entire block if your project is Python based - # - id: python-build - # builder: uv # Options: uv, poetry, python - # # For Poetry projects replace with: - # # builder: poetry - - # [PREBUILT] — Import pre-built binaries, Use if you build binaries in a prior CI step and just want GoReleaser to package - # - id: prebuilt-import - # builder: prebuilt - # goos: - # - linux - # - darwin - # - windows - # goarch: - # - amd64 - # - arm64 - # prebuilt: - # path: dist/{{ .Os }}_{{ .Arch }}/{{ .ProjectName }} - -archives: - - id: default-archive - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" - wrap_in_directory: true # Wrap binary in a directory inside the archive - files: - - LICENSE - - README.md - - CHANGELOG.md - # Uncomment if shipping ABI/contract artifacts with release ( for web3 projects) - # - artifacts/abi/** - # - artifacts/addresses.json - format_overrides: # Windows gets .zip, everything else gets .tar.gz - - goos: windows - format: zip - - # [NODE] Uncomment if your project produces a dist/ folder to archive - # - id: node-archive - # ids: [node-build] - # name_template: "{{ .ProjectName }}_{{ .Version }}_js" - # files: - # - dist/** - # - package.json - # - README.md - -# include checksums for security/verification -checksum: - name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt" - algorithm: sha256 - -# source archive of the full repository at the release tag, useful for source-based distributions and OpenSSF compliance -source: - enabled: true - name_template: "{{ .ProjectName }}_{{ .Version }}_source" - -# SBOM — Software Bill of Materials generation for supply chain transparency -sboms: - - artifacts: archive - # Requires syft to be installed: https://github.com/anchore/syft - -# SIGNING — Sign release artifacts with cosign (keyless via GitHub OIDC) -# signs: -# - cmd: cosign -# args: -# - sign-blob -# - --output-signature=${signature} -# - ${artifact} -# - --yes -# artifacts: checksum - - -# [DOCKER] Uncomment this entire section if your project has a Dockerfile -# docker_builds: -# - id: docker-linux -# ids: [go-build] # Reference your build id above; or remove for non-Go -# goos: linux -# goarchs: -# - amd64 -# - arm64 -# image_templates: -# - "ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/{{ .ProjectName }}:{{ .Version }}-{{ .Os }}-{{ .Arch }}" -# - "ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/{{ .ProjectName }}:latest" -# build_flag_templates: -# - --label=org.opencontainers.image.title={{ .ProjectName }} -# - --label=org.opencontainers.image.version={{ .Version }} -# - --label=org.opencontainers.image.created={{ .Date }} -# - --label=org.opencontainers.image.revision={{ .FullCommit }} -# - --label=org.opencontainers.image.source={{ .GitURL }} -# # Optional: push to Docker Hub as well -# # extra_files: -# # - docker-compose.yml - -# [NODE] Uncomment if your project is an npm package, Requires NPM_TOKEN secret in GitHub Actions -# nfpms: [] # Not applicable for npm — GoReleaser publishes npm directly: -# publishers: -# - name: npm -# cmd: npm publish --access public -# env: -# - NODE_AUTH_TOKEN={{ .Env.NPM_TOKEN }} -# dir: "{{ dir .ArtifactPath }}" -# artifacts: archive -# ids: [node-archive] - - -# [WEB3] Uncomment if your project compiles Solidity/Hardhat/Foundry contracts, This publishes ABI + bytecode artifacts alongside the release -# before hooks for WEB3 — add to before.hooks above: -# - forge build --sizes # Foundry projects -# - npx hardhat compile # Hardhat projects -# -# extra_files: -# - glob: ./artifacts/contracts/**/*.json -# - glob: ./deployments/**/*.json # deployment addresses per network -# - glob: ./broadcast/**/*-latest.json # Foundry broadcast logs - -release: # Release metadata and GitHub release configuration - github: - owner: AOSSIE-Org - name: template-repo # Repo name e.g. pr-feedback-action - # Make release a draft first so maintainer can review before publishing - draft: false - # Set to true to mark as a pre-release if version has a pre-release tag (e.g. v1.0.0-beta.1) - prerelease: auto - # Override release name - name_template: "{{ .ProjectName }} {{ .Version }}" - # [OPTIONAL] Point to a hand-crafted release notes file instead of auto-changelog - # release_notes: RELEASE_NOTES.md - -# CHANGELOG generation disabled here because Release Drafter already produces changelog drafts via .github/release-drafter.yml - -# [MONOREPO] Uncomment if this template repo spans multiple sub-projects. Each sub-project should have its own .goreleaser.yaml that includes this base -# monorepo: -# tag_prefix: "{{ .ProjectName }}/" -# dir: . # Root of the monorepo - -# SNAPSHOT — Local test builds (no git tag required) -# Run: goreleaser release --snapshot --clean -snapshot: - version_template: "{{ .Tag }}-SNAPSHOT-{{ .ShortCommit }}" - -# REPORT SIZES — Print artifact size table after build which is useful for tracking binary bloat over releases -report_sizes: true \ No newline at end of file