From 4b9e22e96ea03d9b80dcefe73d7046f5009d40ea Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <git@dw1.io>
Date: Tue, 11 Jun 2024 07:48:41 +0700
Subject: [PATCH 1/4] chore(make): add `ci` command

---
 Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Makefile b/Makefile
index be3e5fe..f43daec 100644
--- a/Makefile
+++ b/Makefile
@@ -54,4 +54,6 @@ clean:
 
 teler-proxy: build
 
+ci: vet build clean
+
 all: test report build
\ No newline at end of file

From e9743495a7b3efbbb79e0c638b003b64821edb31 Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <git@dw1.io>
Date: Tue, 11 Jun 2024 07:49:02 +0700
Subject: [PATCH 2/4] ci: remove codeql workflow

Signed-off-by: Dwi Siswanto <git@dw1.io>
---
 .github/workflows/codeql.yaml | 32 --------------------------------
 1 file changed, 32 deletions(-)
 delete mode 100644 .github/workflows/codeql.yaml

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
deleted file mode 100644
index 086c35c..0000000
--- a/.github/workflows/codeql.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: "CodeQL"
-
-on:
-  schedule:
-    - cron: '37 11 * * 3'
-  workflow_call:
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: go
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:go"
\ No newline at end of file

From 89868ed5357d3d2c4fd020e2d6fc5212143a234b Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <git@dw1.io>
Date: Tue, 11 Jun 2024 07:50:28 +0700
Subject: [PATCH 3/4] ci(auto-merge): use composite actions

Signed-off-by: Dwi Siswanto <git@dw1.io>
---
 .github/workflows/auto-merge.yaml | 55 +++----------------------------
 1 file changed, 4 insertions(+), 51 deletions(-)

diff --git a/.github/workflows/auto-merge.yaml b/.github/workflows/auto-merge.yaml
index 61a0d2e..7772d24 100644
--- a/.github/workflows/auto-merge.yaml
+++ b/.github/workflows/auto-merge.yaml
@@ -2,7 +2,7 @@ name: Auto Merge PR
 
 on:
   pull_request:
-    types: [labeled, unlabeled]
+    types: [labeled, unlabeled, opened, reopened]
   pull_request_review:
     types: [submitted]
   workflow_call:
@@ -15,53 +15,6 @@ jobs:
   auto-merge:
     runs-on: ubuntu-latest
     steps:
-      - name: Is PR ready?
-        id: is-ready
-        if: >
-          (
-            (
-              !github.event.pull_request.draft &&
-              github.event.pull_request.mergeable
-            ) ||
-            contains(github.event.pull_request.labels.*.name, 'ready')
-          )
-        run: true
-
-      - name: Is Dependabot?
-        id: is-dependabot
-        if: github.event.pull_request.user.login == 'dependabot[bot]'
-        run: true
-
-      - name: Is patch update?
-        id: patch-update
-        if: >
-          steps.is-dependabot.outcome == 'success' && contains(
-            github.event.head_commit.message, 'version-update:semver-patch'
-          )
-        run: true
-
-      - name: Auto merge PR
-        if: >
-          (
-            steps.is-ready.outcome == 'success' ||
-            steps.is-dependabot.outcome == 'success'
-          )
-        uses: pascalgn/automerge-action@v0.16.3
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          MERGE_LABELS: ""
-          MERGE_METHOD: "squash"
-          MERGE_COMMIT_MESSAGE: "automatic"
-          MERGE_FILTER_AUTHOR: "dependabot[bot]"
-          MERGE_FORKS: "true"
-          MERGE_RETRIES: "6"
-          MERGE_RETRY_SLEEP: "10000"
-          MERGE_REQUIRED_APPROVALS: "${{
-            (
-              steps.is-ready.outcome == 'success' ||
-              steps.patch-update.outcome == 'success'
-            ) &&
-            0 || 1
-          }}"
-          UPDATE_LABELS: ""
-          UPDATE_METHOD: "rebase"
+      - uses: teler-sh/actions/auto-merge@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From f1af8c89669a24b561ed2aeac23e3b4d53e58dd2 Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <git@dw1.io>
Date: Tue, 11 Jun 2024 07:50:38 +0700
Subject: [PATCH 4/4] ci(tests): use composite actions

Signed-off-by: Dwi Siswanto <git@dw1.io>
---
 .github/workflows/tests.yaml | 92 +++++++++++++++++-------------------
 1 file changed, 43 insertions(+), 49 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 09c0e30..a44f0c8 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -1,5 +1,3 @@
-name: "Tests"
-
 on:
   push:
     branches:
@@ -10,69 +8,65 @@ on:
   pull_request:
     branches:
       - "**"
+    paths:
+      - "**.go"
+      - "go.mod"
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  actions: read
+  contents: read
+  pull-requests: write
+  security-events: write
+
+name: tests
 jobs:
   tests:
+    strategy:
+      matrix:
+        go-version: [1.20.x, 1.21.x, 1.22.x]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v5
+      - uses: actions/checkout@v4
+      - uses: teler-sh/actions/setup-go@v1
         with:
-          go-version-file: 'go.mod'
-          cache-dependency-path: '**/go.sum'
-      - name: Vetting
-        run: make vet
-      - name: Build
-        run: make build
-      - name: Clean up
-        run: make clean
+          go-version: '${{ matrix.go-version }}'
+      - uses: teler-sh/actions/resources@v1
+      - run: make ci
+        if: (github.event_name != 'workflow_dispatch')
+
+  sast:
+    runs-on: ubuntu-latest
+    needs: tests
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: teler-sh/actions/dependency-review@v1
+        if: (github.event_name == 'push')
+      - uses: teler-sh/actions/golangci-lint@v1
+      - uses: teler-sh/actions/semgrep@v1
+      - uses: teler-sh/actions/codeql@v1
+        with:
+          lang: go
 
   codecov:
     runs-on: ubuntu-latest
     needs: tests
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 2
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          cache-dependency-path: '**/go.sum'
+      - uses: teler-sh/actions/setup-go@v1
+      - uses: teler-sh/actions/resources@v1
       - run: make cover
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          files: /tmp/teler-coverage.out
-
-  golangci:
-    runs-on: ubuntu-latest
-    needs: tests
-    steps:
-      - uses: actions/checkout@v3
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v4
-        with:
-          args: --timeout=5m --tests=false
-        
-  semgrep:
-    runs-on: ubuntu-latest
-    needs: tests
-    container:
-      image: returntocorp/semgrep
-    if: (github.actor != 'dependabot[bot]')
-    steps:
-      - uses: actions/checkout@v3
-      - run: semgrep ci
-        env:
-           SEMGREP_RULES: auto
-
-  codeql:
-    needs: tests
-    uses: ./.github/workflows/codeql.yaml
-
-  auto-merge:
-    if: (github.event_name == 'pull_request')
-    uses: ./.github/workflows/auto-merge.yaml
\ No newline at end of file
+          file: /tmp/teler-coverage.out
+          verbose: true
+          fail_ci_if_error: true
\ No newline at end of file