Initial commit

.config/dotnet-tools.json

@@ -0,0 +1,12 @@
+{
+    "version": 1,
+    "isRoot": true,
+    "tools": {
+      "csharpier": {
+        "version": "0.28.2",
+        "commands": [
+          "dotnet-csharpier"
+        ]
+      }
+    }
+  }

.csharpierrc.yaml

@@ -0,0 +1 @@
+endOfLine: auto

.deepsource.toml

@@ -0,0 +1,11 @@
+version = 1
+
+[[analyzers]]
+name = "test-coverage"
+enabled = true
+
+[[analyzers]]
+name = "secrets"
+
+[[analyzers]]
+name = "csharp"

.githooks/pre-commit

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+LC_ALL=C
+
+local_branch="$(git rev-parse --abbrev-ref HEAD)"
+
+valid_branch_regex="^(dependabot|feature|fix|docs|style|refactor|perf|hotfix|test|chore|create)(\/[a-zA-Z0-9._-]+)+$"
+
+message="There is something wrong with your branch name. Branch names in this project must adhere to this contract: $valid_branch_regex. Your commit will be rejected. You should rename your branch to a valid name and try again."
+
+if [[ ! $local_branch =~ $valid_branch_regex ]]
+then
+    echo "$message"
+    exit 1
+fi
+
+dotnet tool restore && dotnet csharpier . --check

.github/dependabot.yml

@@ -0,0 +1,30 @@
+version: 2
+
+updates:
+- package-ecosystem: "nuget"
+  directory: "/"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 50
+  assignees: 
+    - "guibranco"
+  reviewers: 
+    - "guibranco"
+  labels:
+    - "nuget"
+    - ".NET"
+    - "packages"
+    - "dependencies"
+
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 50
+  assignees: 
+    - "guibranco"
+  reviewers: 
+    - "guibranco"
+  labels:
+    - "github-actions"
+    - "dependencies"

.github/workflows/build.yml

@@ -0,0 +1,36 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - '*'
+      - '*/*'
+      - '**'
+      - '!main'
+  workflow_dispatch:
+
+concurrency: 
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest    
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '8.0.x'
+
+      - name: Build solution
+        run: dotnet build -c Debug
+
+      - name: Run tests
+        run: dotnet test -c Debug --no-build --no-restore

.github/workflows/deep-source.yml

@@ -0,0 +1,33 @@
+name: Deep Source
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  DeepSource:
+    name: Deep Source Coverage report
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Install DeepSource scanner
+        run: curl https://deepsource.io/cli | sh
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '7.0.x'
+
+      - name: Build and analyze
+        env:
+          DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
+        run: |
+          dotnet build -c Debug --verbosity minimal
+          dotnet test -c Debug --verbosity minimal --no-build --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat="cobertura"
+          ./bin/deepsource report --analyzer test-coverage --key csharp --value-file ./Tests/POCTemplate.Tests/coverage.cobertura.xml

.github/workflows/infisical-secrets-check.yml

@@ -0,0 +1,112 @@
+name: Infisical secrets check
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  secrets-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set Infisical package source
+        shell: bash
+        run: curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | sudo -E bash
+
+      - name: Install tools
+        shell: bash
+        run: | 
+          sudo apt-get update && sudo apt-get install -y infisical
+          pip install csvkit
+          npm install -g csv-to-markdown-table
+      
+      - name: Run scan
+        shell: bash
+        run: infisical scan --redact -f csv -r secrets-result-raw.csv 2>&1 | tee >(sed -r 's/\x1b\[[0-9;]*m//g' >secrets-result.log)
+
+      - name: Generate report
+        shell: bash
+        if: failure()
+        run: |
+          if [[ -s secrets-result-raw.csv ]]; then
+            csvformat -M $'\r' secrets-result-raw.csv | sed -e ':a' -e 'N;$!ba' -e 's/\n/\\n/g' | tr '\r' '\n' | head -n 11 >secrets-result.csv
+            csv-to-markdown-table --delim , --headers <secrets-result.csv >secrets-result.md
+          fi
+
+      - name: Upload artifacts secrets-result.log
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: report-log
+          path: secrets-result.log
+
+      - name: Upload artifacts secrets-result.csv
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: report-csv
+          path: secrets-result.csv
+
+      - name: Upload artifacts secrets-result.md
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: report-md
+          path: secrets-result.md
+
+      - name: Read secrets-result.log
+        uses: guibranco/[email protected]
+        if: always()
+        id: log
+        with:
+         path: secrets-result.log
+
+      - name: Read secrets-result.md
+        uses: guibranco/[email protected]
+        if: failure()
+        id: report
+        with:
+         path: secrets-result.md
+
+      - name: Update PR with comment
+        uses: mshick/add-pr-comment@v2
+        if: always()
+        with:
+          refresh-message-position: true
+          message-id: 'secrets-result'
+          message: |
+            **Infisical secrets check:** :white_check_mark: No secrets leaked!
+
+            **Scan results:**
+            ```
+            ${{ steps.log.outputs.contents }}
+            ```
+          message-failure: |
+            **Infisical secrets check:** :rotating_light: Secrets leaked!     
+            
+            **Scan results:**
+            ```
+            ${{ steps.log.outputs.contents }}
+            ```
+
+            <details>
+              <summary>🔎 Detected secrets in your GIT history</summary>
+            
+              ${{ steps.report.outputs.contents }}
+            
+            </details>
+          message-cancelled: |
+            **Infisical secrets check:** :o: Secrets check cancelled!

.github/workflows/linter.yml

@@ -0,0 +1,24 @@
+name: Linter check
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  linter-check:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+
+      - name: Dotnet restore
+        run: dotnet tool restore
+
+      - name: CSharpier format check
+        run: |
+          dotnet csharpier . --check
+          echo "run 'dotnet build' to fix the formatting of the code automatically"

.github/workflows/size-label.yml

@@ -0,0 +1,17 @@
+name: Label based on PR size
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  size-label:
+    permissions: write-all
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: size-label
+        uses: "pascalgn/[email protected]"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"