chore: synced file(s) with honestbank/.github

.github/CODEOWNERS

@@ -8,4 +8,6 @@
 # the repo. Unless a later match takes precedence,
 # @global-owner1 and @global-owner2 will be requested for
 # review when someone opens a pull request.
-*       @honestbank/backend-engineers @honestbank/honestbank-engineers
+*                @honestbank/backend-engineers @honestbank/l3-backend-engineers
+graph/*.graphqls @honestbank/graphql-admins
+graph/*.graphql  @honestbank/graphql-admins

.github/pull_request_template.md

@@ -0,0 +1,20 @@
+<!--
+# Pull Request Instructions
+
+* All PRs should reference an issue in our issue tracker. If one doesn't exist, please create one!
+* PR titles should follow https://www.conventionalcommits.org.
+
+-->
+
+### Pull Request Submission Checklist
+
+Please confirm that you have done the following before requesting reviews:
+
+- [ ] I have confirmed that the PR type is appropriate for the change I am making according to the [Honest Pull Request and Commit Message Naming Conventions](https://www.notion.so/honestbank/Pull-Request-and-Commit-Message-Naming-Conventions-bd97f2cbb34c4c73b1ff3a3e384b850c).
+- [ ] I have typed an adequate description that explains **why** I am making this change.
+- [ ] I have installed and run standard pre-commit hooks that lints and validates my code.
+- [ ] All entities that I am working with are up-to-date in Backstage; if updates are needed, I have linked the relevant PRs. [Backstage guide](https://www.notion.so/honestbank/How-to-Write-a-Backstage-Service-Catalog-Entry-a-catalog-info-yaml-file-21845ff72e404b14aed2ac989fb202cf?pvs=4)
+
+### Description
+
+* <!-- WRITE A SHORT DESCRIPTION OF CHANGES -->

.github/workflows/build.yaml

@@ -1,79 +1,24 @@
-# This is managed workflow, do not change this file in downstream repo
+# DO NOT CHANGE. This file is being managed from a central repository
+# To know more simply visit https://github.com/honestbank/.github/blob/main/docs/about.md
 
 name: go-tests
 
 on:
   push:
-    branches: [main]
+    branches: [main, master]
   pull_request:
-    branches: [main]
-
-env:
-  GOPRIVATE: github.com/honestbank
+    branches: [main, master]
 
 jobs:
-  build:
-    name: go-tests
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go: ["1.16"]
-    steps:
-      - name: Set up Golang
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go }}
-        id: go
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Setup go modules
-        run: go clean -modcache;go mod tidy; go mod download; go mod verify;
+  load-secrets:
+    uses: "./.github/workflows/secrets-loader.yaml"
+    secrets: inherit
 
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
-        with:
-          version: latest
-          args: --timeout=5m --modules-download-mode=readonly
-          skip-pkg-cache: true
-          skip-build-cache: true
-
-      - name: Test and generate code coverage
-        run: go test -v -race --tags=integration_test -coverprofile=coverage.txt -covermode=atomic ./...
-
-      - name: sonarcloud-scan
-        uses: sonarsource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        continue-on-error: true
-  release:
-    name: semantic-release
-    runs-on: ubuntu-latest
-    needs: [build]
-    steps:
-      - name: Set up Golang
-        uses: actions/setup-go@v2
-        with:
-          go-version: "1.16"
-        id: go
-      - uses: actions/setup-node@v2
-        with:
-          node-version: '17'
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: release
-        uses: cycjimmy/semantic-release-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          semantic_version: 18
-          extra_plugins: |
-            @semantic-release/git@10.0.1
-            @semantic-release/exec@6.0.2
-            @semantic-release/changelog@6.0.1
+  go-tests:
+    name: go-tests
+    needs:
+      - load-secrets
+    uses: honestbank/workflows/.github/workflows/shared-build-go-sdk-template.yaml@main
+    secrets: inherit
+    with:
+      encrypted_secrets : ${{ needs.load-secrets.outputs.encrypted_secrets }}

.github/workflows/repository-experiment-verification.yaml

@@ -0,0 +1,17 @@
+# yamllint disable rule:line-length
+# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows
+---
+name: "repository-experiment-verification"
+permissions: read-all
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    branches: [main]
+
+jobs:
+  repository-experiment-verification:
+    name: repository-experiment-verification
+    uses: honestbank/workflows/.github/workflows/shared-experiment-verification.yaml@main
+    secrets: inherit
+    with:
+      experiment_required: false

.github/workflows/semantic-pr.yaml

@@ -1,18 +1,24 @@
-name: "Semantic Pull Request"
+# DO NOT CHANGE. This file is being managed from a central repository
+# To know more simply visit https://github.com/honestbank/.github/blob/main/docs/about.md
 
-on:
+# yamllint disable rule:line-length
+# Use template from https://github.com/honestbank/workflows/tree/main/examples/repository-workflows
+---
+name: "repository-semantic-pr"
+permissions:
+  contents: write
+  pull-requests: write
+
+on: # yamllint disable-line rule:truthy
   pull_request:
     types:
       - opened
       - edited
+      - reopened
       - synchronize
 
 jobs:
-  main:
-    name: Semantic Pull Request
-    runs-on: ubuntu-latest
-    steps:
-      - uses: amannn/action-semantic-pull-request@v4
-        name: Semantic Pull Request
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  repository-semantic-pr:
+    name: repository-semantic-pr
+    uses: honestbank/workflows/.github/workflows/shared-semantic-pr.yaml@main
+    secrets: inherit

.gitignore

@@ -34,6 +34,7 @@
 
 # NUCLEAR OPTION - EXCLUDES ALL JETBRAINS IDE FILES
 **/.idea/**
+.idea/**
 
 # User-specific stuff
 .idea/**/workspace.xml

.golangci.json

@@ -10,41 +10,44 @@
         "skip-dirs-use-default": true,
         "tests": true
     },
+    "issues":  {
+        "exclude-rules": {
+            "path": "_test.go",
+            "linters": ["errcheck"]
+        }
+    },
     "linters": {
         "enable": [
-            "deadcode",
-            "errcheck",
-            "gosimple",
-            "govet",
-            "ineffassign",
-            "staticcheck",
-            "structcheck",
-            "typecheck",
-            "unused",
-            "varcheck",
-            "gofmt",
-            "goimports",
-            "nestif",
-            "ifshort",
             "asciicheck",
+            "errcheck",
             "exhaustive",
             "exportloopref",
             "forbidigo",
             "gocyclo",
             "gofmt",
             "goimports",
-            "ifshort",
+            "gosimple",
+            "govet",
+            "ineffassign",
             "makezero",
             "misspell",
             "nakedret",
             "nestif",
             "nilerr",
             "nlreturn",
             "nolintlint",
+            "staticcheck",
             "testpackage",
+            "typecheck",
             "unconvert",
+            "unused",
             "wastedassign",
             "whitespace"
         ]
+    },
+    "linters-settings": {
+        "errcheck": {
+            "check-blank": true
+        }
     }
 }

.pre-commit-config.yaml

@@ -1,20 +1,54 @@
 # DO NOT CHANGE. This file is being managed from a central repository
 # To know more simply visit https://github.com/honestbank/.github/blob/main/docs/about.md
 
+default_install_hook_types: [ pre-commit, commit-msg ]
+
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+    rev: v4.5.0
     hooks:
       - id: end-of-file-fixer
+        stages: [commit]
       - id: trailing-whitespace
+        stages: [commit]
       - id: check-yaml
+        stages: [commit]
+        args: ["--allow-multiple-documents"]
       - id: detect-aws-credentials
-        args: [ '--allow-missing-credentials' ]
+        stages: [commit]
+        args: ["--allow-missing-credentials"]
   - repo: https://github.com/golangci/golangci-lint
-    rev: v1.45.2
+    rev: v1.57.2
     hooks:
       - id: golangci-lint
+        stages: [commit]
   - repo: https://github.com/TekWizely/pre-commit-golang
-    rev: v0.8.2
+    rev: v1.0.0-rc.1
     hooks:
       - id: go-imports
+        stages: [commit]
+  - repo: https://github.com/gitguardian/ggshield
+    rev: v1.26.0
+    hooks:
+      - id: ggshield
+        language: python
+        stages: [commit]
+        args: ["secret", "scan", "pre-commit"]
+  - repo: local
+    hooks:
+      - id: generate-secrets-loader
+        name: generate-secrets-loader
+        entry: ./secrets-loader.generator.sh
+        language: script
+        stages: [commit]
+      - id: generate-catalog
+        name: generate-catalog
+        entry: ./catalog-info.generator.sh
+        language: script
+        pass_filenames: false
+        stages: [commit]
+      - id: commit-msg-spell-check
+        name: commit-msg-spell-check
+        entry: ./spell-check.sh
+        language: script
+        stages: ["commit-msg"]