chore: maintenance

.devcontainer/devcontainer.json

@@ -1,5 +1,3 @@
-// For format details, see https://aka.ms/vscode-remote/devcontainer.json or this file's README at:
-// https://github.com/microsoft/vscode-dev-containers/tree/v0.195.0/containers/go
 {
   "name": "sbom-convert",
   "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
@@ -27,8 +25,8 @@
         "esbenp.prettier-vscode",
         "GitHub.copilot",
         "GitHub.copilot-chat",
-        "GitHub.copilot-labs",
-        "golang.Go"
+        "golang.Go",
+        "github.vscode-github-actions"
       ],
       "settings": {
         "editor.formatOnSave": true,
@@ -40,6 +38,11 @@
         "go.goroot": "/usr/local/go",
         "go.lintTool": "golangci-lint",
         "go.lintFlags": ["--fast", "--timeout", "5m"],
+        "go.testEnvVars": {
+          "NO_COLOR": "true"
+        },
+        "go.buildTags": "unit,integration",
+        "go.testTags": "unit,integration",
         "gopls": {
           "formatting.gofumpt": true
         },
@@ -58,9 +61,11 @@
   "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind",
   "features": {
     "ghcr.io/devcontainers/features/go:1": {
-      "version": "1.20"
+      "version": "1.21.5"
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "moby": true
     },
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
     "ghcr.io/devcontainers/features/git:1": {},
     "ghcr.io/devcontainers/features/common-utils:2": {
       "configureZshAsDefaultShell": true

.devcontainer/post-create.sh

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 
-PYTHON_UTILS=("yamllint" "pre-commit")
+PYTHON_UTILS=("yamllint" "pre-commit" "semgrep")
 GITHUB_UTILS=("")
-GOLANG_UTILS=("github.com/google/yamlfmt/cmd/yamlfmt@latest" "github.com/goreleaser/goreleaser@latest")
+GOLANG_UTILS=("github.com/google/yamlfmt/cmd/yamlfmt@latest" "github.com/goreleaser/goreleaser@latest" "go.uber.org/mock/mockgen@latest" "github.com/mfridman/tparse@latest" "github.com/vburenin/ifacemaker@latest" "github.com/maxbrunsfeld/counterfeiter/v6@latest" "github.com/go-task/task/v3/cmd/task@latest")
 APT_UTILS=("shellcheck" "vim")
 NODE_UTILS=("@commitlint/cli" "@commitlint/config-conventional")
 set -e
@@ -34,7 +34,8 @@ echo ====================================================
 echo "Installing tools from Github..."
 for util in "${GITHUB_UTILS[@]}"; do
     if ! type "${util}" >/dev/null 2>&1; then
-        curl -s "https://raw.githubusercontent.com/${util}" | bash
+        echo "im installing ${util}"
+        curl -s "https://raw.githubusercontent.com/${util}" | sudo sh -s -- -b /usr/local/bin
         echo ""
     else
         echo "${util} already installed. Skipping."

.github/CODEOWNERS

@@ -1,55 +1 @@
-# This is a comment.
-# Each line is a file pattern followed by one or more owners.
-#
-# These owners will be the default owners for everything in
-# the repo. Unless a later match takes precedence,
-# @global-owner1 and @global-owner2 will be requested for
-# review when someone opens a pull request.
-# *       @global-owner1 @global-owner2
-#
-# Order is important; the last matching pattern takes the most
-# precedence. When someone opens a pull request that only
-# modifies JS files, only @js-owner and not the global
-# owner(s) will be requested for a review.
-# *.js    @js-owner #This is an inline comment.
-#
-# You can also use email addresses if you prefer. They'll be
-# used to look up users just like we do for commit author
-# emails.
-# *.go [email protected]
-#
-# Teams can be specified as code owners as well. Teams should
-# be identified in the format @org/team-name. Teams must have
-# explicit write access to the repository. In this example,
-# the octocats team in the octo-org organization owns all .txt files.
-# *.txt @octo-org/octocats
-#
-# In this example, @doctocat owns any files in the build/logs
-# directory at the root of the repository and any of its
-# subdirectories.
-# /build/logs/ @doctocat
-#
-# The `docs/*` pattern will match files like
-# `docs/getting-started.md` but not further nested files like
-# `docs/build-app/troubleshooting.md`.
-# docs/*  [email protected]
-#
-# In this example, @octocat owns any file in an apps directory
-# anywhere in your repository.
-# apps/ @octocat
-#
-# In this example, @doctocat owns any file in the `/docs`
-# directory in the root of your repository and any of its
-# subdirectories.
-# /docs/ @doctocat
-#
-# In this example, any change inside the `/scripts` directory
-# will require approval from @doctocat or @octocat.
-# /scripts/ @doctocat @octocat
-#
-# In this example, @octocat owns any file in the `/apps`
-# directory in the root of your repository except for the `/apps/github`
-# subdirectory, as its owners are left empty.
-# /apps/ @octocat
-# /apps/github
-@manifestori @puerco @houdini91
+@manifestori @adefee @puerco @houdini91

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Report a bug
+title: ""
+labels: bug,triage
+assignees: manifestori
+---
+
+<!--
+
+Thanks for your bug report!
+
+Before submitting this issue, please make sure the same problem was not
+already reported by someone else.
+
+-->
+
+**Description:**
+A clear and concise description of what the bug is.
+
+**Version:**
+Specify the tool version.
+
+**Platform:**
+
+- [ ] Ubuntu
+- [ ] macOS
+- [ ] Windows
+
+**Reproduction steps:**
+A description with steps to reproduce the issue. If your have a public example or repositories to share, please provide the link.
+
+**Expected behavior:**
+A description of what you expected to happen.
+
+**Actual behavior:**
+A description of what is actually happening.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature Request
+about: Suggest a new feature
+title: ""
+labels: enhancement,triage
+assignees: manifestori
+---
+
+<!--
+
+Describe in detail what feature do you want to see in this tool.
+Give examples or usecases if possible.
+
+Please, search if this wasn't proposed before, and if this is more like an idea
+than a simple feature request, contact us :)
+
+-->

.github/dependabot.yml

@@ -0,0 +1,38 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "manifestori"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    open-pull-requests-limit: 10
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "manifestori"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    open-pull-requests-limit: 10
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "manifestori"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    open-pull-requests-limit: 10

.github/workflows/build.yml

@@ -0,0 +1,81 @@
+name: build
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    paths:
+      - "go.*"
+      - "**/*.go"
+      - "Dockerfile"
+      - ".github/workflows/*.yml"
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.21.5
+      - name: govulncheck
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck ./...
+  semgrep:
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          repository: dgryski/semgrep-go
+          path: rules
+      - name: semgrep
+        run: semgrep scan --error --enable-nosem -f ./rules .
+  ruleguard:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          repository: dgryski/semgrep-go
+          path: rules
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.21.5
+      - name: setup-ruleguard
+        run: go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@latest
+      - name: ruleguard
+        run: |
+          mv rules ../
+          go get -u github.com/quasilyte/go-ruleguard/dsl@latest
+          ruleguard -c=0 -rules ../rules/ruleguard.rules.go ./...
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.21.5
+      - uses: arduino/setup-task@v1
+        with:
+          version: 3.x
+          repo-token: ${{ secrets.GH_TOKEN }}
+      - name: setup-tparse
+        run: go install github.com/mfridman/tparse@latest
+      - name: setup
+        run: |
+          task setup
+          task build
+      - name: test
+        run: ./scripts/test.sh
+      - uses: codecov/codecov-action@v3
+        with:
+          file: ./coverage.txt
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/gitleaks.yml

@@ -0,0 +1,23 @@
+name: gitleaks
+
+on:
+  push:
+    branches: ["main"]
+    tags: ["v*"]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+        if: ${{ env.GITLEAKS_LICENSE != '' }}

.github/workflows/lint.yml

@@ -0,0 +1,31 @@
+name: golangci-lint
+
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  golangci:
+    permissions:
+      contents: read
+      pull-requests: read
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.21.5
+          cache: true
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          args: --timeout=5m
+          version: v1.55.2

.github/workflows/semanticpr.yml

@@ -0,0 +1,20 @@
+name: "semantic PR"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}