build: circle ci and code analysis

.circleci/config.yml

@@ -0,0 +1,79 @@
+version: 2.1
+
+commands:
+  configure_github_access:
+    steps:
+      - run:
+          name: Configure github access
+          command: git config --global url."https://${GITHUB_USERNAME}:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"
+
+  restore_build_cache:
+    steps:
+      - restore_cache:
+          keys:
+            - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }}-{{ .Environment.CIRCLE_SHA1 }}
+            - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }}
+            - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-main
+            - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-
+
+  save_build_cache:
+    steps:
+      - save_cache:
+          key: v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }}-{{ .Environment.CIRCLE_SHA1 }}
+          paths:
+            - /mnt/ramdisk/.cache/go-build
+          when: always
+
+global_context: &global_context
+  context:
+    - org-global
+    - org-datadog-credentials
+    - GITHUB_CREDS
+
+global_dockerhub_auth: &global_dockerhub_auth
+  auth:
+    username: $GLOBAL_DOCKERHUB_USERNAME
+    password: $GLOBAL_DOCKERHUB_PASSWORD
+
+executors:
+  test-container:
+    docker:
+      - image: cimg/go:1.21
+        <<: *global_dockerhub_auth
+    environment:
+      GOCACHE: /mnt/ramdisk/.cache/go-build
+      TEST_RESULTS: /tmp/test-results
+
+test_steps: &test_steps
+  steps:
+    - checkout
+    - restore_build_cache
+    - configure_github_access
+    - run:
+        name: Run tests
+        command: make test-ci
+    - store_artifacts:
+        path: /tmp/test-results
+        destination: raw-test-output
+    - store_artifacts:
+        path: /tmp/artifacts
+    - store_test_results:
+        path: /tmp/test-results
+    - persist_to_workspace:
+        root: /tmp/artifacts
+        paths:
+          - test_coverage_stats
+    - save_build_cache
+
+jobs:
+  test:
+    executor: test-container
+    resource_class: small
+    <<: *test_steps
+
+workflows:
+  version: 2
+  build_and_push:
+    jobs:
+      - test:
+          <<: *global_context

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,49 @@
+name: "CodeQL - Minimal incremental analysis"
+
+on:
+  push:
+    branches:
+      - "main" # Change this to the branch to default branch
+      - "!ignore/branch" # Ignore CodeQL scan for these branches
+      - "!test/*" # Ignore CodeQL scan for these branches
+    paths-ignore:
+      - "**/*.md"
+      - "**/*.txt"
+  pull_request:
+    branches:
+      - "main" # Change this to the branch to default branch
+  # If your project is not actively developed, consider scheduling CodeQL scans
+  #schedule:
+  #  - cron: '44 23 * * 5' # Run CodeQL scan every Friday at 11:44 PM UTC
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: 30 # Set timeout to 30 minutes; Change if your project takes longer to scan
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["go"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # queries: security-extended,security-and-quality
+          # debug: true # Only use this for debugging. It will increase the runtime of the action and take up storage
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"

Makefile

@@ -0,0 +1,34 @@
+# Go related variables.
+GOBASE=$(shell pwd)
+export GOBIN=$(GOBASE)/bin
+export GOPRIVATE=github.com/deliveroo/*
+export GOPROXY=https://proxy.golang.org,off
+
+# Ensure that we use vendored binaries before consulting the system.
+GOBIN=$(shell pwd)/bin
+export PATH := $(GOBIN):$(PATH)
+
+MODULE = $(shell env GO111MODULE=on go list -m)
+
+# allows passing specific tags to go build (for example musl)
+ifdef GO_BUILD_TAGS
+GO_BUILD_TAGS_ARG += -tags $(GO_BUILD_TAGS)
+endif
+
+gocoverstats=$(GOBIN)/gocoverstats
+$(gocoverstats):
+	GOBIN=$(GOBIN) go install $(GO_BUILD_TAGS_ARG) gitlab.com/fgmarand/gocoverstats@latest
+
+.PHONY: test
+test: ## Run tests
+	APP_ENV=test go test -race ./...
+
+.PHONY: test-ci
+test-ci: $(go-junit-report) $(gocoverstats) ## Run tests and output as junit-xml
+	mkdir -p /tmp/artifacts
+	mkdir -p /tmp/test-results
+	touch /tmp/test-results/go-test.out
+	trap "$(GOBIN)/go-junit-report </tmp/test-results/go-test.out > /tmp/test-results/go-test-report.xml" EXIT; \
+	APP_ENV=test go test ${GO_TEST_ARGS} $(GO_BUILD_TAGS_ARG) -coverprofile=/tmp/artifacts/coverage.txt -race ./... 2>&1 | tee /tmp/test-results/go-test.out
+	$(GOBIN)/gocoverstats -f /tmp/artifacts/coverage.txt > /tmp/artifacts/test_coverage_stats
+	go tool cover -html=/tmp/artifacts/coverage.txt -o /tmp/artifacts/coverage.html