Merge pull request #1 from DoodleScheduling/DK-5158-derp-server

feat: DK-5158 initial commit

.github/workflows/main.yaml

@@ -0,0 +1,35 @@
+name: main
+on:
+  push:
+    branches:
+      - master
+      - main
+      - beta
+      - next
+      - next-major
+jobs:
+  release:
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    runs-on:
+      labels:
+        - minimalistic-v2
+    concurrency: release
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        with:
+          fetch-depth: 0
+      - name: Get shared actions
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/release
+        with:
+          token: ${{ secrets.GH_ACTIONS }}
+    timeout-minutes: 45

.github/workflows/package-retention.yaml

@@ -0,0 +1,27 @@
+name: package-retention
+on:
+  schedule:
+    - cron: '0 11 * * *'
+jobs:
+  package-retention:
+    permissions:
+      packages: write
+    runs-on:
+      labels:
+        - minimalistic-v2
+    steps:
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/package-retention
+        name: Delete app images older than 90 days
+        with:
+          package-name: ${{ github.event.repository.name }}
+          package-type: container
+          age: 2160h
+          container-match-tags: "[0-9a-f]{8}"
+    timeout-minutes: 45

.github/workflows/pr-actions.yaml

@@ -0,0 +1,47 @@
+name: pr-actions
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+permissions: {}
+jobs:
+  validate-workflows:
+    permissions:
+      contents: read
+    runs-on:
+      labels:
+        - minimalistic-v2
+    if: ${{ github.event.pull_request.state == 'open' }}
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: './.actions/validate-workflow'
+    timeout-minutes: 45
+  ensure-pinned-actions:
+    permissions:
+      contents: read
+    runs-on:
+      labels:
+        - minimalistic-v2
+    if: ${{ github.event.pull_request.state == 'open' }}
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: './.actions/ensure-pinned-actions'
+    timeout-minutes: 45

.github/workflows/pr-build.yaml

@@ -0,0 +1,44 @@
+name: pr-build
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+jobs:
+  build:
+    permissions:
+      packages: write
+      contents: read
+      statuses: read
+      actions: write
+      id-token: write
+    runs-on:
+      labels:
+        - generic-v2
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        with:
+          fetch-depth: 0
+      - name: Get shared actions
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/short-sha
+        id: short-sha
+      - uses: ./.actions/container-image
+        with:
+          tags: ghcr.io/doodlescheduling/${{ github.event.repository.name }}:${{ steps.short-sha.outputs.ref }}
+          dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
+          ghcr-password: ${{ secrets.GITHUB_TOKEN }}
+          cosign-private-key: ${{ secrets.COSIGN_PRIV_KEY }}
+          platforms: linux/amd64,linux/arm64
+    timeout-minutes: 45
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/pr-close.yaml

@@ -0,0 +1,20 @@
+name: pr-close
+on:
+  pull_request:
+    types: [closed]
+jobs:
+  cleanup:
+    runs-on:
+      labels:
+        - minimalistic-v2
+    timeout-minutes: 3
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/cancel-workflow

.github/workflows/pr-command.yaml

@@ -0,0 +1,26 @@
+name: pr-command
+on:
+  pull_request:
+    types: [opened]
+  issue_comment:
+    types: [created]
+jobs:
+  slash-command:
+    runs-on:
+      labels: [minimalistic-v2]
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: 0
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/slash-command
+        with:
+          token: ${{ secrets.GH_ACTIONS }}
+    timeout-minutes: 45

.github/workflows/pr-gitleaks.yaml

@@ -0,0 +1,27 @@
+name: pr-gitleaks
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+jobs:
+  gitleaks:
+    runs-on:
+      labels:
+        - minimalistic-v2
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          fetch-depth: 0
+      - name: Get shared actions
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/gitleaks
+    timeout-minutes: 45

.github/workflows/pr-stale.yaml

@@ -0,0 +1,21 @@
+name: pr-stale
+on:
+  schedule:
+    - cron: '30 1 * * *'
+jobs:
+  stale:
+    runs-on:
+      labels:
+        - minimalistic-v2
+    steps:
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/stale
+        with:
+          repo-token: ${{ secrets.GH_ACTIONS }}
+    timeout-minutes: 45

.github/workflows/pr-verify.yaml

@@ -0,0 +1,64 @@
+name: pr-verify
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+jobs:
+  size-label:
+    runs-on:
+      labels:
+        - minimalistic-v2
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/pull-request-size
+        with:
+          token: ${{ secrets.GH_ACTIONS }}
+    timeout-minutes: 45
+  pr-title:
+    runs-on:
+      labels:
+        - minimalistic-v2
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/pull-request-title
+        with:
+          token: ${{ secrets.GH_ACTIONS }}
+    timeout-minutes: 45
+  release-label:
+    runs-on:
+      labels:
+        - minimalistic-v2
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/preview-release
+        with:
+          token: ${{ secrets.GH_ACTIONS }}
+    timeout-minutes: 45

.github/workflows/publish-release.yaml

@@ -0,0 +1,37 @@
+name: publish-release
+on:
+  release:
+    types: [published]
+jobs:
+  publish-release:
+    runs-on:
+      labels:
+        - generic-v2
+    concurrency: publish
+    steps:
+      - run: echo 'package ${{ github.ref_name }}'
+      - name: Checkout source
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        with:
+          fetch-depth: 0
+      - name: Get shared actions
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/container-image
+        with:
+          tags: ghcr.io/doodlescheduling/${{ github.event.repository.name }}:${{ github.ref_name }}
+          dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+          dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
+          ghcr-username: ${{ github.actor }}
+          ghcr-password: ${{ secrets.GITHUB_TOKEN }}
+          cosign-private-key: ${{ secrets.COSIGN_PRIV_KEY }}
+          platforms: linux/amd64,linux/arm64
+    permissions:
+      packages: write
+      contents: read
+      id-token: write
+    timeout-minutes: 45

.github/workflows/renovate.yaml

@@ -0,0 +1,37 @@
+name: renovate
+on:
+  schedule:
+    - cron: '0 */2 * * *'
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - beta
+      - next
+      - next-major
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  renovate:
+    runs-on:
+      labels:
+        - minimalistic-v2
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: 0
+      - name: Get shared actions
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          repository: 'DoodleScheduling/actions'
+          ref: v3
+          path: './.actions'
+          token: ${{ secrets.GH_ACTIONS }}
+      - uses: ./.actions/renovate
+        with:
+          lib-grafana-private-key: ${{ secrets.PRIVATE_SSH_KEY_LIB_GRAFANA }}
+          token: ${{ secrets.GH_ACTIONS }}
+    timeout-minutes: 45