Add Makefile and CI

.codecov.yml

@@ -0,0 +1,21 @@
+# Validate this file:
+#   curl --data-binary @.codecov.yml https://codecov.io/validate
+
+comment:
+  behavior: default
+
+coverage:
+  precision: 2
+  round: down
+  range: "50...70"
+  status:
+    project:
+      default:
+        threshold: 1.0
+    patch:
+      default:
+        threshold: 1.0
+
+ignore:
+- ".github"
+- "hack"

.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0

.github/workflows/gosec.yml

@@ -0,0 +1,26 @@
+name: Gosec
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "45 11 * * 0"
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Read Go version
+      id: go_version
+      run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
+    - name: Install Go (${{ steps.go_version.outputs.go_version }})
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ steps.go_version.outputs.go_version }}
+        cache: true
+    - name: Run Gosec Security Scanner
+      run: make gosec

.github/workflows/lint.yml

@@ -0,0 +1,65 @@
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+name: Lint
+jobs:
+  golangci-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Read Go version
+        id: go_version
+        run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
+      - name: Install Go (${{ steps.go_version.outputs.go_version }})
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go_version.outputs.go_version }}
+      - name: Get date
+        id: get-date
+        shell: bash
+        run: |
+          echo "::set-output name=date::$(date -u "+%Y-%m")"
+      - name: Restore golangci-lint cache
+        uses: actions/cache@v4
+        timeout-minutes: 10
+        continue-on-error: true
+        with:
+          path: ${{ runner.temp }}/golangci-lint-cache
+          key: ${{ runner.os }}-golangci-lint-cache-${{ steps.get-date.outputs.date }}
+          restore-keys: |
+            ${{ runner.os }}-golangci-lint-cache-
+      - name: Run golangci-lint
+        run: make lint
+        env:
+          GOLANGCI_LINT_CACHE: ${{ runner.temp }}/golangci-lint-cache
+  golines:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Read Go version
+        id: go_version
+        run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
+      - name: Install Go (${{ steps.go_version.outputs.go_version }})
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go_version.outputs.go_version }}
+      - name: Run golines
+        run: make golines
+  shfmt:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Read Go version
+        id: go_version
+        run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
+      - name: Install Go (${{ steps.go_version.outputs.go_version }})
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go_version.outputs.go_version }}
+      - name: Run shfmt
+        run: make shfmt

.github/workflows/mod.yml

@@ -0,0 +1,43 @@
+on:
+  pull_request:
+  push:
+    branches:
+    - main
+name: Mod
+jobs:
+  mod:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Read Go version
+      id: go_version
+      run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
+    - name: Install Go (${{ steps.go_version.outputs.go_version }})
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ steps.go_version.outputs.go_version }}
+    - name: Check go.mod
+      run: |
+        go mod download
+        go mod tidy
+        if [ ! -z "$(git status --porcelain go.mod)" ]; then
+          printf "go.mod has modifications\n"
+          git diff go.mod
+          exit 1
+        fi
+        if [ ! -z "$(git status --porcelain go.sum)" ]; then
+          printf "go.sum has modifications\n"
+          git diff go.sum
+          exit 1
+        fi
+        if [ ! -z "$(git status --porcelain go.work)" ]; then
+          printf "go.work has modifications\n"
+          git diff go.work
+          exit 1
+        fi
+        if [ ! -z "$(git status --porcelain go.work.sum)" ]; then
+          printf "go.work.sum has modifications\n"
+          git diff go.work.sum
+          exit 1
+        fi

.github/workflows/nightly.yml

@@ -0,0 +1,26 @@
+name: Nightly
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    # Daily, at 1pm UTC / 6am PST.
+    - cron: "0 13 * * *"
+
+jobs:
+  govulncheck:
+    name: Go vulnerability check
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Read Go version
+        id: go_version
+        run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
+      - name: Install Go (${{ steps.go_version.outputs.go_version }})
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.go_version.outputs.go_version }}
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      - name: Execute govulncheck
+        run: govulncheck ./...

.github/workflows/test.yml

@@ -0,0 +1,45 @@
+on:
+  pull_request:
+  push:
+    branches:
+    - main
+name: Test
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Read Go version
+      id: go_version
+      run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
+    - name: Install Go (${{ steps.go_version.outputs.go_version }})
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ steps.go_version.outputs.go_version }}
+        cache: true
+    - name: Test
+      run: make test-ci
+    - name: Determine skip-codecov
+      uses: actions/github-script@v7
+      id: skip-codecov
+      with:
+        script: |
+          // Sets `ref` to the SHA of the current pull request's head commit,
+          // or, if not present, to the SHA of the commit that triggered the
+          // event.
+          const ref = '${{ github.event.pull_request.head.sha || github.event.after }}';
+          const { repo, owner } = context.repo;
+          const { data: commit } = await github.rest.repos.getCommit({ owner, repo, ref });
+          const commitMessage = commit.commit.message;
+          const skip = commitMessage.includes("[skip codecov]") || commitMessage.includes("[skip-codecov]");
+          core.setOutput("skip", skip);
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      if: ${{ steps.skip-codecov.outputs.skip != 'true' }}
+      with:
+        file: covreport
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/tilt-ci.yml

@@ -0,0 +1,28 @@
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+name: Tilt CI
+jobs:
+  tilt-ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Create k8s cluster
+        uses: AbsaOSS/[email protected]
+        with:
+          cluster-name: preprocessing-ci
+          args: >-
+            --registry-create preprocessing-ci-registry
+            --no-lb
+            --k3s-arg "--no-deploy=traefik,servicelb,metrics-server@server:*"
+      - name: Install Tilt
+        uses: yokawasa/[email protected]
+        with:
+          setup-tools: |
+            tilt
+          tilt: v0.30.2
+      - name: Check tilt ci
+        run: timeout 600 tilt ci

.golangci.yml

@@ -0,0 +1,49 @@
+run:
+  deadline: 60s
+  skip-dirs:
+    - .github
+    - hack
+
+linters:
+  enable:
+    - gci
+    - gofumpt
+    - gosec
+    - importas
+    - misspell
+    - unparam
+
+issues:
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - errcheck
+
+linters-settings:
+  gci:
+    no-inline-comments: true
+    no-prefix-comments: false
+    sections:
+      - standard
+      - default
+      - prefix(github.com/artefactual-sdps/preprocessing-sfa)
+    section-separators:
+      - newLine
+  gofumpt:
+    extra-rules: true
+  importas:
+    no-unaliased: true
+    no-extra-aliases: false
+    alias:
+      - pkg: go.temporal.io/sdk/contrib/(\w+)
+        alias: temporalsdk_contrib_$1
+      - pkg: go.temporal.io/sdk/(\w+)
+        alias: temporalsdk_$1
+      - pkg: go.temporal.io/api/(\w+)
+        alias: temporalapi_$1
+  gosec:
+    exclude-generated: false
+    severity: low
+    confidence: low
+    excludes:
+      - G601 # Implicit memory aliasing of items (only for Go 1.21 or lower)