Skip to content

Commit

Permalink
feat: add backend boilerplate
Browse files Browse the repository at this point in the history
Signed-off-by: Ali Sajid Imami <395482+AliSajid@users.noreply.github.com>
  • Loading branch information
AliSajid committed May 28, 2024
1 parent 75bec52 commit 27327c3
Show file tree
Hide file tree
Showing 43 changed files with 2,729 additions and 0 deletions.
39 changes: 39 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
<!--
SPDX-FileCopyrightText: 2024 Cognitive Disorders Research Lab
SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: MIT
-->

---
name: Bug report
about: Create a report to help us improve
title: "[BUG]"
labels: bug
assignees: CogDisResLab

---

**Describe the bug**
A clear and concise description of what the bug is.

**To Reproduce**
Steps to reproduce the behavior:
1. Go to '…'
2. Click on '…'
3. Scroll down to '…
4. See error

**Expected behavior**
A clear and concise description of what you expected to happen.

**Screenshots**
If applicable, add screenshots to help explain your problem.

**Versions (please complete the following information):**
- OS: [for example: macos, linux, windows]
- OS Version / Distribution: [for example: 10.15.7, Ubuntu 20.04, Windows 10]
- Release Version [for example: 0.1.0]

**Related Context**
Add any other context about the problem here.
27 changes: 27 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<!--
SPDX-FileCopyrightText: 2024 Cognitive Disorders Research Lab
SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: MIT
-->

---
name: Feature request
about: Suggest an idea for this project
title: "[FEATURE]"
labels: enhancement
assignees: CogDisResLab

---

**Is your feature request related to a problem? Please describe.**
A clear and concise description of the problem. For example, it is frustrating when []

**Describe the solution you'd like**
A clear and concise description of what you want to happen.

**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.

**Relevant context**
Add any other context or screenshots about the feature request here.
Empty file removed .github/workflows/.gitkeep
Empty file.
32 changes: 32 additions & 0 deletions .github/workflows/audit.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# SPDX-FileCopyrightText: 2024 Cognitive Disorders Research Lab
#
# SPDX-License-Identifier: Apache-2.0
# SPDX-License-Identifier: MIT

---
name: Security Audit
on:
schedule:
- cron: 0 0 1,15 * *
push:
branches:
- "*"
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
workflow_dispatch:
jobs:
security_audit:
if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
uses: taiki-e/install-action@6261d093c5f01aa48722a4640a5b00a02a358aac # v2.33.7
with:
tool: cargo-audit
- name: Security Audit
run: cargo audit
137 changes: 137 additions & 0 deletions .github/workflows/build_container.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
# SPDX-FileCopyrightText: 2024 Cognitive Disorders Research Lab
#
# SPDX-License-Identifier: Apache-2.0
# SPDX-License-Identifier: MIT

---
name: Docker Image Generation
on:
workflow_call:
workflow_dispatch:
release:
types:
- created
- published
- prereleased

concurrency:
group: docker
cancel-in-progress: false
env:
DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }}
DOCKER_REPOSITORY_NAME: ${{ vars.DOCKER_REPOSITORY_NAME }}
REPOSITORY_NAME: ${{ github.event.repository.name }}
COSIGN_RELEASE_VERSION: v2.2.3
SOURCE_DATE_EPOCH: 0
jobs:
docker-build-push:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Get Last Commit Date/Time for reproducible builds
run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Generate Docker Metadata
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
${{env.DOCKER_REPOSITORY_NAME}}/${{env.REPOSITORY_NAME}}
ghcr.io/${{ github.repository}}
tags: |
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
labels: |
org.opencontainers.image.licenses="MIT AND Apache-2.0"
- name: Debug Metadata
run: echo "${{ steps.meta.outputs.json }}"
- name: Setup Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
with:
install: true
buildkitd-flags: --debug
- name: Setup QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
platforms: aarch64,amd64
- name: Login to DockerHub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Build and Push Docker Images
id: build
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
env:
SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
with:
context: .
push: true
provenance: true
annotations: ${{ steps.meta.outputs.annotations }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
- name: Debug Build
run: echo "${{join(steps.build.outputs.*, '\n')}}"
- name: Install cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
with:
cosign-release: ${{ env.COSIGN_RELEASE_VERSION }}
- name: Install Syft
uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
with:
syft-version: v1.0.1
- name: Sign and Push
env:
IMAGE_DIGEST: ${{ steps.build.outputs.digest }}
IMAGE_TAGS: ${{ steps.meta.outputs.tags }}
GITHUB_TOKEN: ${{ github.token }}
SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
run: |
for tag in ${IMAGE_TAGS}; do
image="${tag}@${IMAGE_DIGEST}"
original_name="sbom-${tag}.json"
sanitized_name=$(echo "$original_name" | sed 's|[/:]|_|g' | tr '_-' '-_')
echo "Signing the image: ${image}"
echo "Using the original name: $original_name"
echo "Using the sanitized name: $sanitized_name"
echo "Signing and pushing ${tag}@${IMAGE_DIGEST}"
cosign sign --yes ${image}
echo "Generating Software Bill of Materials for ${image}"
syft ${image} -o spdx-json=${sanitized_name} -v
echo "Attesting the Software Bill of Materials for ${image}"
cosign attest --type=spdxjson --yes --predicate ${sanitized_name} ${image}
echo "Done signing and pushing ${tag}@${IMAGE_DIGEST} with SBOM"
done
shell: bash
# - name: Verify Signatures
# env:
# IMAGE_DIGEST: ${{ steps.build.outputs.digest }}
# IMAGE_TAGS: ${{ steps.meta.outputs.tags }}
# GITHUB_TOKEN: ${{ github.token }}
# SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
# run: |
# for tag in ${IMAGE_TAGS}; do
# image="${tag}@${IMAGE_DIGEST}"
# echo "Verifying ${image}"
# cosign verify ${image} --certificate-identity-regexp="${{vars.COSIGN_CERTIFICATE_IDENTITY}}" --certificate-oidc-issuer-regexp="${{vars.COSIGN_CERTIFICATE_OIDC_ISSUER}}"
# echo "Verifying SBOM Attestation for ${image}"
# cosign verify-attestation ${image} --type=spdxjson --certificate-identity-regexp="${{vars.COSIGN_CERTIFICATE_IDENTITY}}" --certificate-oidc-issuer-regexp="${{vars.COSIGN_CERTIFICATE_OIDC_ISSUER}}"
# echo "Done verifying ${image}"
# done
# shell: bash
127 changes: 127 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# SPDX-FileCopyrightText: 2024 Cognitive Disorders Research Lab
#
# SPDX-License-Identifier: Apache-2.0
# SPDX-License-Identifier: MIT

---
name: Continuous integration
on:
push:
branches:
- 'main'
pull_request:
branches:
- main
types:
- closed
workflow_dispatch:
concurrency:
group: CI
env:
GIST_KEY: {{ dynamic-badge-gist }} # pragma: allowlist secret
RUST_BACKTRACE: 1
MINIMUM_WAIT: 3
MAXIMUM_WAIT: 10
jobs:
ci:
runs-on: ${{matrix.os}}-latest
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true) || github.event_name == 'workflow_dispatch'
outputs:
result: ${{steps.result.outputs.result}}
strategy:
fail-fast: false
matrix:
rust:
- stable
- beta
- nightly
- {{ msrv }} # MSRV
os:
- windows
- ubuntu
- macos
include:
- os: windows
logo: windows
- os: ubuntu
logo: ubuntu
- os: macos
logo: apple
- rust: {{ msrv }} # MSRV
label: msrv
- rust: stable
label: stable
- rust: beta
label: beta
- rust: nightly
label: nightly
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{matrix.rust}}
components: rustfmt, clippy
- name: Install nightly Rust
uses: dtolnay/rust-toolchain@nightly
with:
toolchain: nightly
components: rustfmt, clippy
- name: Cache dependencies
uses: Swatinem/rust-cache@6fd3edff6979b79f87531400ad694fb7f2c84b1f # v2.2.1
- name: Cargo Build
run: cargo build --verbose
- name: Cargo Test
run: cargo test
- name: Cargo Format
run: cargo +nightly fmt --all -- --check
- name: Cargo Lint
run: cargo clippy -- -D warnings
- name: Wait before badge creation
uses: AliSajid/random-wait-action@v1.1.0
with:
minimum: ${{env.MINIMUM_WAIT}}
maximum: ${{env.MAXIMUM_WAIT}}
- name: Create Awesome Badge - Success
uses: schneegans/dynamic-badges-action@5d424ad4060f866e4d1dab8f8da0456e6b1c4f56 # v1.6.0
if: success()
with:
auth: ${{secrets.GIST_SECRET}}
gistID: ${{env.GIST_KEY}}
filename: ${{matrix.os}}-${{matrix.label}}.json
label: Build
namedLogo: ${{matrix.logo}}
message: Succeeded
color: green
- name: Create Awesome Badge - Failure
uses: schneegans/dynamic-badges-action@5d424ad4060f866e4d1dab8f8da0456e6b1c4f56 # v1.6.0
if: failure()
with:
auth: ${{secrets.GIST_SECRET}}
gistID: ${{env.GIST_KEY}}
filename: ${{matrix.os}}-${{matrix.label}}.json
namedLogo: ${{matrix.logo}}
label: Build
message: Failed
isError: true
- name: Set Result
if: always()
id: result
run: echo "result=${{job.status}}" >> "$GITHUB_OUTPUT"
generate_code_coverage:
uses: ./.github/workflows/code_coverage.yaml
needs: [ci]
secrets: inherit # pragma: allowlist secret
generate_mdbook:
uses: ./.github/workflows/deploy_mdbook.yaml
needs: [ci]
secrets: inherit # pragma: allowlist secret
get-next-version:
uses: ./.github/workflows/get_next_version.yaml
needs: [ci]
secrets: inherit # pragma: allowlist secret
semantic-release:
needs: [ci, get-next-version]
if: ${{needs.get-next-version.outputs.new-release-published == 'true'}}
uses: ./.github/workflows/release.yaml
secrets: inherit # pragma: allowlist secret
Loading

0 comments on commit 27327c3

Please sign in to comment.