{"id":28487840,"url":"https://github.com/rios0rios0/pipelines","last_synced_at":"2026-04-20T13:13:31.535Z","repository":{"id":197511814,"uuid":"687797685","full_name":"rios0rios0/pipelines","owner":"rios0rios0","description":"Production‑ready SDLC pipelines for every language, every stage, and every DevOps ecosystem.","archived":false,"fork":false,"pushed_at":"2026-04-14T14:37:46.000Z","size":6465,"stargazers_count":22,"open_issues_count":9,"forks_count":7,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-04-14T16:26:33.001Z","etag":null,"topics":["azure-devops","ci-cd","devops","github-actions","gitlab-ci"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rios0rios0.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"rios0rios0"}},"created_at":"2023-09-06T02:59:15.000Z","updated_at":"2026-04-14T14:37:49.000Z","dependencies_parsed_at":"2026-01-03T02:08:00.886Z","dependency_job_id":null,"html_url":"https://github.com/rios0rios0/pipelines","commit_stats":null,"previous_names":["rios0rios0/pipelines"],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/rios0rios0/pipelines","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fpipelines","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fpipelines/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fpipelines/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fpipelines/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rios0rios0","download_url":"https://codeload.github.com/rios0rios0/pipelines/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fpipelines/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32048540,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-20T11:35:06.609Z","status":"ssl_error","status_checked_at":"2026-04-20T11:34:48.899Z","response_time":94,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure-devops","ci-cd","devops","github-actions","gitlab-ci"],"created_at":"2025-06-08T05:08:02.978Z","updated_at":"2026-04-20T13:13:31.530Z","avatar_url":"https://github.com/rios0rios0.png","language":"Shell","readme":"\u003ch1 align=\"center\"\u003ePipelines\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/rios0rios0/pipelines/releases/latest\"\u003e\n \u003cimg src=\"https://img.shields.io/github/release/rios0rios0/pipelines.svg?style=for-the-badge\u0026logo=github\" alt=\"Latest Release\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/rios0rios0/pipelines/blob/main/LICENSE\"\u003e\n \u003cimg src=\"https://img.shields.io/github/license/rios0rios0/pipelines.svg?style=for-the-badge\u0026logo=github\" alt=\"License\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/rios0rios0/pipelines/actions/workflows/ci.yaml\"\u003e\n \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/rios0rios0/pipelines/ci.yaml?branch=main\u0026style=for-the-badge\u0026logo=github\" alt=\"Build Status\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://sonarcloud.io/summary/overall?id=rios0rios0_pipelines\"\u003e\n \u003cimg src=\"https://img.shields.io/sonar/coverage/rios0rios0_pipelines?server=https%3A%2F%2Fsonarcloud.io\u0026style=for-the-badge\u0026logo=sonarqubecloud\" alt=\"Coverage\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://sonarcloud.io/summary/overall?id=rios0rios0_pipelines\"\u003e\n \u003cimg src=\"https://img.shields.io/sonar/quality_gate/rios0rios0_pipelines?server=https%3A%2F%2Fsonarcloud.io\u0026style=for-the-badge\u0026logo=sonarqubecloud\" alt=\"Quality Gate\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://www.bestpractices.dev/projects/12028\"\u003e\n \u003cimg src=\"https://img.shields.io/cii/level/12028?style=for-the-badge\u0026logo=opensourceinitiative\" alt=\"OpenSSF Best Practices\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nComprehensive, enterprise-grade SDLC pipeline templates for **GitHub Actions**, **GitLab CI**, and **Azure DevOps** with security scanning (SAST), dependency analysis (SCA), supply chain security (SSCA), testing, and deployment automation for multiple programming languages.\n\n## Supported Platforms \u0026 Languages\n\n### Platforms\n\n| Platform | Status | Documentation |\n|--------------------|--------------|--------------------------------|\n| **GitHub Actions** | Full Support | [Usage Guide](#github-actions) |\n| **GitLab CI** | Full Support | [Usage Guide](#gitlab-ci) |\n| **Azure DevOps** | Full Support | [Usage Guide](#azure-devops) |\n\n### Programming Languages\n\n| Language | GitHub Actions | GitLab CI | Azure DevOps | Features |\n|------------------------|----------------|-----------|--------------|-----------------------------------|\n| **GoLang** | yes | yes | yes | Binary, Docker, ARM deployment |\n| **Python** | yes | yes | yes | PDM, Docker, K8s deployment |\n| **Java** | yes | yes | yes | Maven, Gradle, Docker |\n| **JavaScript/Node.js** | yes | yes | yes | npm, Yarn, Docker, K8s deployment |\n| **PHP** | yes | no | no | Composer, Docker |\n| **Ruby** | yes | no | no | Bundler, Docker |\n| **.NET/C#** | yes | yes | yes | Framework, Core, Docker |\n| **Terraform** | no | yes | yes | Infrastructure as Code |\n| **Terra CLI** | yes | yes | yes | Terraform/Terragrunt wrapper |\n\n## Project Structure\n\n```\npipelines/\n├── .github/workflows/ # GitHub Actions reusable workflows\n│ ├── go-docker.yaml # Go with Docker delivery\n│ ├── go-binary.yaml # Go binary compilation\n│ ├── pdm-docker.yaml # Python/PDM with Docker\n│ ├── gradle-docker.yaml # Java/Gradle with Docker delivery\n│ ├── maven-docker.yaml # Java/Maven with Docker delivery\n│ ├── yarn-docker.yaml # JavaScript/Yarn with Docker delivery\n│ ├── npm-docker.yaml # JavaScript/npm with Docker delivery\n│ ├── composer-docker.yaml # PHP/Composer with Docker delivery\n│ ├── bundler-docker.yaml # Ruby/Bundler with Docker delivery\n│ ├── dotnet-docker.yaml # .NET with Docker delivery\n│ └── ...\n├── gitlab/ # GitLab CI pipeline templates\n│ ├── golang/ # Go language pipelines\n│ ├── java/ # Java language pipelines\n│ ├── python/ # Python language pipelines\n│ ├── javascript/ # JavaScript/Node.js pipelines\n│ ├── dotnet/ # .NET language pipelines\n│ ├── terraform/ # Terraform pipelines (raw terraform/terragrunt)\n│ ├── terra/ # Terra CLI pipelines (terraform/terragrunt wrapper)\n│ └── global/ # Shared GitLab configurations\n├── azure-devops/ # Azure DevOps pipeline templates\n│ ├── golang/ # Go language pipelines\n│ ├── java/ # Java language pipelines\n│ ├── python/ # Python language pipelines\n│ ├── javascript/ # JavaScript/Node.js pipelines\n│ ├── dotnet/ # .NET language pipelines\n│ ├── terraform/ # Terraform pipelines (raw terraform/terragrunt)\n│ ├── terra/ # Terra CLI pipelines (terraform/terragrunt wrapper)\n│ └── global/ # Shared Azure DevOps templates\n├── global/ # Shared resources across platforms\n│ ├── scripts/ # Automation scripts\n│ │ ├── tools/ # Language-agnostic tools\n│ │ │ ├── codeql/ # SAST security scanning (CodeQL)\n│ │ │ ├── gitleaks/ # Secret scanning\n│ │ │ ├── hadolint/ # Dockerfile linting\n│ │ │ ├── semgrep/ # Static analysis\n│ │ │ ├── sonarqube/ # Code quality\n│ │ │ ├── trivy/ # IaC misconfiguration scanning\n│ │ │ └── dependency-track/ # SCA analysis\n│ │ ├── languages/ # Language-specific scripts\n│ │ │ ├── golang/ # Go scripts (test, cyclonedx, golangci-lint, init)\n│ │ │ └── python/ # Python scripts (cyclonedx)\n│ │ └── shared/ # Common utilities\n│ ├── containers/ # Custom Docker images\n│ │ ├── golang.*/ # Go development images\n│ │ ├── python.*/ # Python development images\n│ │ ├── awscli.latest/ # AWS CLI tools\n│ │ └── tor-proxy.latest/ # Network proxy tools\n│ └── configs/ # Configuration files\n├── makefiles/ # Includable Makefile fragments for local usage\n│ ├── common.mk # Security tools (sast) and setup\n│ ├── golang.mk # Go targets (lint, test)\n│ ├── python.mk # Python/PDM targets (lint, test)\n│ ├── java.mk # Java/Gradle targets (lint, test)\n│ ├── javascript.mk # JavaScript/Yarn targets (lint, test)\n│ ├── dotnet.mk # .NET/C# targets (lint, test)\n│ ├── terraform.mk # Terraform targets (lint, test)\n│ └── terra.mk # Terra CLI targets (lint, test)\n├── .docs/ # Documentation and examples\n│ └── examples/ # Per-provider usage examples\n└── .github/tests/ # Validation scripts for this repository\n```\n\n### Pipeline Architecture\n\nEach platform follows a consistent **5-stage pipeline architecture**:\n\n1. **Code Check (Style/Quality)** - Linting, formatting, code quality, basic checks (rebase verification, changelog validation)\n2. **Security (SCA/SAST)** - Vulnerability scanning, secret detection\n3. **Tests** - Unit tests, integration tests, coverage reporting\n4. **Management** - Dependency tracking, SBOM generation\n5. **Delivery** - Build artifacts, container images, deployments\n\n## Installation\n\n### Quick Installation\n\n```bash\ncurl -sSL https://raw.githubusercontent.com/rios0rios0/pipelines/main/clone.sh | bash\n```\n\nYou can override the installation location with the `PIPELINES_HOME` environment variable:\n\n```bash\nPIPELINES_HOME=/opt/pipelines curl -sSL https://raw.githubusercontent.com/rios0rios0/pipelines/main/clone.sh | bash\n```\n\n### Manual Installation\n\n```bash\nmkdir -p $HOME/Development/github.com/rios0rios0\ncd $HOME/Development/github.com/rios0rios0\ngit clone https://github.com/rios0rios0/pipelines.git\n```\n\n## Platform Usage\n\n### GitHub Actions\n\nGitHub Actions workflows are located in `.github/workflows/` and can be used as reusable workflows.\n\n#### Available Workflows\n\n| Workflow | Purpose | Languages |\n|------------------------------|--------------------------------------------|---------------|\n| `go.yaml` | Go testing and quality checks | Go |\n| `go-docker.yaml` | Go with Docker image delivery | Go |\n| `go-binary.yaml` | Go binary compilation and release | Go |\n| `pdm.yaml` | Python/PDM testing and quality checks | Python |\n| `pdm-docker.yaml` | Python/PDM with Docker image delivery | Python |\n| `gradle.yaml` | Java/Gradle testing and quality checks | Java |\n| `gradle-docker.yaml` | Java/Gradle with Docker image delivery | Java |\n| `yarn.yaml` | JavaScript/Yarn testing and quality checks | JavaScript |\n| `yarn-docker.yaml` | JavaScript/Yarn with Docker image delivery | JavaScript |\n| `dotnet.yaml` | .NET testing and quality checks | C# |\n| `dotnet-docker.yaml` | .NET with Docker image delivery | C# |\n| `npm.yaml` | JavaScript/npm testing and quality checks | JavaScript |\n| `npm-docker.yaml` | JavaScript/npm with Docker image delivery | JavaScript |\n| `maven.yaml` | Java/Maven testing and quality checks | Java |\n| `maven-docker.yaml` | Java/Maven with Docker image delivery | Java |\n| `composer.yaml` | PHP/Composer testing and quality checks | PHP |\n| `composer-docker.yaml` | PHP/Composer with Docker image delivery | PHP |\n| `bundler.yaml` | Ruby/Bundler testing and quality checks | Ruby |\n| `bundler-docker.yaml` | Ruby/Bundler with Docker image delivery | Ruby |\n| `terra.yaml` | Terra CLI quality, security, and tests | Terraform/HCL |\n\n#### Usage Example (Go with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n checks: write # Required for test results\n contents: write # Required for releases\n packages: write # Required for container registry\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/go-docker.yaml@main'\n```\n\n#### Usage Example (Python/PDM with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n security-events: 'write'\n contents: 'write'\n packages: 'write'\n\njobs:\n default:\n uses: 'rios0rios0/pipelines/.github/workflows/pdm-docker.yaml@main'\n```\n\n#### Usage Example (Java with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n security-events: write\n contents: write\n packages: write\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/gradle-docker.yaml@main'\n```\n\n#### Usage Example (JavaScript/Yarn with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n security-events: write\n contents: write\n packages: write\n pull-requests: write\n checks: write\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/yarn-docker.yaml@main'\n```\n\n#### Usage Example (.NET with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n security-events: write\n contents: write\n packages: write\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/dotnet-docker.yaml@main'\n```\n\n#### Usage Example (JavaScript/npm with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n security-events: write\n contents: write\n packages: write\n pull-requests: write\n checks: write\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/npm-docker.yaml@main'\n```\n\n#### Usage Example (Java/Maven with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n security-events: write\n contents: write\n packages: write\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/maven-docker.yaml@main'\n```\n\n#### Usage Example (PHP with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n contents: write\n packages: write\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/composer-docker.yaml@main'\n```\n\n#### Usage Example (Ruby with Docker)\n\n```yaml\nname: 'CI/CD Pipeline'\n\non:\n push:\n branches: [ main ]\n tags: [ '*' ]\n pull_request:\n branches: [ main ]\n\npermissions:\n security-events: write\n contents: write\n packages: write\n\njobs:\n pipeline:\n uses: 'rios0rios0/pipelines/.github/workflows/bundler-docker.yaml@main'\n```\n\n![GitHub Actions Example](.docs/github-golang.png)\n\n### GitLab CI\n\nGitLab CI templates use remote includes and are organized by language in the `gitlab/` directory.\n\n#### Available Templates\n\n| Language | Template | Purpose |\n|-----------------|----------------------|----------------------------|\n| **Go** | `go-docker.yaml` | Go with Docker delivery |\n| **Go** | `go-binary.yaml` | Go binary pipeline |\n| **Go** | `go-sam.yaml` | Go with AWS SAM deployment |\n| **Java** | `gradle-docker.yaml` | Gradle with Docker |\n| **Java** | `maven-docker.yaml` | Maven with Docker |\n| **Python** | `pdm-docker.yaml` | Python PDM with Docker |\n| **JavaScript** | `yarn-docker.yaml` | Node.js Yarn with Docker |\n| **.NET** | `framework.yaml` | .NET Framework pipeline |\n| **Terraform** | `terra.yaml` | Terraform IaC pipeline |\n\n#### Usage Example (Go with Docker)\n\n```yaml\ninclude:\n - remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/main/gitlab/golang/go-docker.yaml'\n\n# Optional: Override delivery stage for custom Docker build\n.delivery:\n script:\n - docker build -t \"$REGISTRY_PATH$IMAGE_SUFFIX:$TAG\" -f .ci/stages/40-delivery/Dockerfile .\n cache:\n key: 'test:all'\n paths: !reference [ .go, cache, paths ]\n policy: 'pull'\n```\n\n#### Usage Example (Python PDM)\n\n```yaml\ninclude:\n - remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/main/gitlab/python/pdm-docker.yaml'\n\nvariables:\n PYTHON_VERSION: \"3.11\" # Optional: specify a Python version\n```\n\n#### Usage Example (Terraform -- raw terraform/terragrunt)\n\n```yaml\ninclude:\n - remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/main/gitlab/terraform/terra.yaml'\n```\n\n#### Usage Example (Terra CLI)\n\nThe [terra CLI](https://github.com/rios0rios0/terra) wraps Terraform and Terragrunt with a simplified interface, auto-answering prompts, and parallel execution. The terra pipeline provides code check, security, tests, and management stages. Delivery is intentionally excluded because it is project-specific (plan/apply targets, environments, stack ordering). See examples for all providers in the Azure DevOps section below.\n\n#### Required GitLab Variables\n\nConfigure these in your GitLab project settings:\n\n| Variable | Description | Required For |\n|-------------------|--------------------------------|-----------------|\n| `SONAR_HOST_URL` | SonarQube server URL | Code quality |\n| `SONAR_TOKEN` | SonarQube authentication token | Code quality |\n| `DOCKER_REGISTRY` | Container registry URL | Docker delivery |\n| `DOCKER_USERNAME` | Registry username | Docker delivery |\n| `DOCKER_PASSWORD` | Registry password | Docker delivery |\n\n![GitLab CI Example](.docs/gitlab-java.png)\n\n### Azure DevOps\n\nAzure DevOps templates are located in the `azure-devops/` directory and use template references.\n\n#### Available Templates\n\n| Language | Template | Purpose |\n|-----------------|------------------------|-----------------------------------|\n| **Go** | `go-docker.yaml` | Go with Docker delivery |\n| **Go** | `go-arm.yaml` | Go with Azure ARM deployment |\n| **Go** | `go-function-arm.yaml` | Go Azure Functions |\n| **Go** | `go-lambda.yaml` | Go AWS Lambda deployment (ZIP) |\n| **Go** | `go-lambda-sam.yaml` | Go AWS Lambda deployment (SAM) |\n| **Java** | `kotlin-gradle.yaml` | Kotlin/Gradle with Docker |\n| **Python** | `pdm-docker.yaml` | Python PDM with Docker |\n| **JavaScript** | `yarn-docker.yaml` | Node.js Yarn with Docker |\n| **.NET** | `core.yaml` | .NET Core pipeline |\n| **Terraform** | `terra.yaml` | Infrastructure as Code pipeline |\n| **Terra CLI** | `terra/terra.yaml` | Terra CLI wrapper pipeline |\n\n#### Usage Example (Go with Docker)\n\n```yaml\ntrigger:\n branches:\n include: [ main ]\n tags:\n include: [ '*' ]\n\npool:\n vmImage: 'ubuntu-latest'\n\nvariables:\n - ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/') }}:\n - group: 'production-variables'\n - ${{ else }}:\n - group: 'development-variables'\n\nresources:\n repositories:\n - repository: 'pipelines'\n type: 'github'\n name: 'rios0rios0/pipelines'\n endpoint: 'YOUR_GITHUB_SERVICE_CONNECTION' # Configure this\n\nstages:\n - template: 'azure-devops/golang/go-docker.yaml@pipelines'\n```\n\n#### Usage Example (Go with ARM Deployment)\n\n```yaml\nresources:\n repositories:\n - repository: 'pipelines'\n type: 'github'\n name: 'rios0rios0/pipelines'\n endpoint: 'YOUR_GITHUB_SERVICE_CONNECTION'\n\nstages:\n - template: 'azure-devops/golang/go-arm.yaml@pipelines'\n parameters:\n DOCKER_BUILD_ARGS: '--build-arg VERSION=$(Build.BuildNumber)'\n RUN_BEFORE_BUILD: 'echo \"Preparing build environment\"'\n```\n\n#### Usage Example (Go with AWS Lambda)\n\n```yaml\ntrigger:\n branches:\n include: [ main ]\n tags:\n include: [ '*' ]\n\npool:\n vmImage: 'ubuntu-latest'\n\nvariables:\n - ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/') }}:\n - group: 'production-variables'\n - ${{ else }}:\n - group: 'development-variables'\n\nresources:\n repositories:\n - repository: 'pipelines'\n type: 'github'\n name: 'rios0rios0/pipelines'\n endpoint: 'YOUR_GITHUB_SERVICE_CONNECTION'\n\nstages:\n - template: 'azure-devops/golang/go-lambda.yaml@pipelines'\n parameters:\n LAMBDA_FUNCTION_NAME: 'my-go-lambda-function'\n AWS_REGION: 'us-east-1'\n AWS_SERVICE_CONNECTION: 'AWS-Service-Connection' # Configure in Azure DevOps\n DEPLOY_STRATEGY: 'zip' # or 'sam'\n GOARCH: 'amd64' # or 'arm64'\n LAMBDA_TIMEOUT: '30'\n LAMBDA_MEMORY_SIZE: '128'\n```\n\n**For SAM-based deployments:**\n\n```yaml\nstages:\n - template: 'azure-devops/golang/go-lambda-sam.yaml@pipelines'\n parameters:\n S3_BUCKET: 'my-deployment-bucket'\n AWS_REGION: 'us-east-1'\n AWS_SERVICE_CONNECTION: 'AWS-Service-Connection'\n SAM_CONFIG_ENV: 'default' # References samconfig.toml environment\n```\n\n#### Required Variable Groups\n\nCreate these variable groups in Azure DevOps Library:\n\n**Shared Variables (All Projects):**\n\n| Variable | Description |\n|------------------|--------------------------------|\n| `SONAR_HOST_URL` | SonarQube server URL |\n| `SONAR_TOKEN` | SonarQube authentication token |\n\n**Project-Specific Variables (.NET Example):**\n\n| Variable | Description |\n|----------------------|--------------------------------|\n| `SONAR_PROJECT_NAME` | SonarQube project display name |\n| `SONAR_PROJECT_KEY` | SonarQube project unique key |\n\n**AWS Lambda Deployment Variables (Optional):**\n\n| Variable | Description | Required For |\n|-------------------------|--------------------------------------------------|------------------------|\n| `AWS_ACCESS_KEY_ID` | AWS access key (if not using service connection) | Lambda deployment |\n| `AWS_SECRET_ACCESS_KEY` | AWS secret key (if not using service connection) | Lambda deployment |\n| `LAMBDA_ROLE_ARN` | IAM role ARN for Lambda function | Creating new functions |\n\n**Note:** For AWS deployments, it is recommended to use Azure DevOps AWS Service Connection instead of storing credentials in variable groups. Configure the service connection in Azure DevOps Project Settings \u003e Service Connections.\n\n![Azure DevOps Example](.docs/azure-devops-golang.png)\n\n## Available Tools \u0026 Scripts\n\n### Security \u0026 Analysis Tools\n\n#### SAST (Static Application Security Testing)\n\n| Tool | Purpose | Script Location | Configuration |\n|----------------------|-------------------------------|------------------------------------------|-----------------------|\n| **Gitleaks** | Secret detection | `global/scripts/tools/gitleaks/` | `.gitleaks.toml` |\n| **CodeQL** | SAST security scanning | `global/scripts/tools/codeql/` | Auto-configured |\n| **Semgrep** | Static analysis | `global/scripts/tools/semgrep/` | Auto-configured |\n| **Hadolint** | Dockerfile linting | `global/scripts/tools/hadolint/` | `.hadolint.yaml` |\n| **Trivy IaC** | IaC misconfiguration scanning | `global/scripts/tools/trivy/run.sh` | `.trivyignore` |\n\n#### SCA (Software Composition Analysis)\n\n| Tool | Purpose | Languages | Script / Integration |\n|----------------------------|-----------------------------------|------------|------------------------------------------------|\n| **Trivy SCA** | Dependency vulnerability scanning | All | `global/scripts/tools/trivy/run-sca.sh` |\n| **govulncheck** | Go vulnerability scanning | Go | `global/scripts/languages/golang/govulncheck/` |\n| **Safety** | Python dependency scanning | Python | `pdm run safety-scan` |\n| **OWASP Dependency-Check** | Java dependency scanning | Java | `./gradlew dependencyCheckAnalyze` |\n| **yarn npm audit** | JS/Node.js dependency scanning | JavaScript | `yarn npm audit --recursive` |\n| **npm audit** | JS/Node.js dependency scanning | JavaScript | `npm audit --audit-level=high` |\n| **Composer Audit** | PHP dependency scanning | PHP | `composer audit` |\n| **bundler-audit** | Ruby dependency scanning | Ruby | `bundle-audit check --update` |\n\n#### Quality \u0026 Management\n\n| Tool | Purpose | Script Location | Configuration |\n|----------------------|-----------------------------------------|---------------------------------------------------------------|-----------------------|\n| **Basic Checks** | PR/MR rebase and changelog verification | `global/scripts/shared/rebase-check.sh`, `changelog-check.sh` | Auto-configured |\n| **SonarQube** | Code quality \u0026 security | `global/scripts/tools/sonarqube/` | Project settings |\n| **Dependency Track** | SBOM tracking | `global/scripts/tools/dependency-track/` | Environment variables |\n\n### Basic Checks\n\nEvery pipeline includes **basic checks** that run in parallel with linting during the **Code Check** stage. These checks verify:\n\n1. **Rebase verification** — the PR/MR branch is rebased on top of the target branch (usually `main`). If the branch is behind, the pipeline fails with clear instructions to rebase. This enforces a linear commit history and prevents merge conflicts from reaching the test and delivery stages.\n2. **Changelog validation** — the `CHANGELOG.md` file was modified and new entries are placed under the `[Unreleased]` section. If entries appear below an existing version section (e.g., due to an erroneous rebase), the pipeline fails with instructions to fix the placement.\n\n### Language-Specific Tools\n\n#### Go Tools\n\n| Tool | Purpose | Script Location |\n|--------------------|-----------------------|--------------------------------------------------|\n| **golangci-lint** | Go linting suite | `global/scripts/languages/golang/golangci-lint/` |\n| **Go Test Runner** | Comprehensive testing | `global/scripts/languages/golang/test/` |\n| **CycloneDX** | SBOM generation | `global/scripts/languages/golang/cyclonedx/` |\n\n### Usage Examples\n\n#### Run Security Scanning Locally (via Makefile)\n\n```bash\nmake setup # Clone/update pipelines repo\nmake lint # Run golangci-lint\nmake test # Run Go tests with coverage\nmake security # Run all security tools (CodeQL, Gitleaks, Hadolint, Trivy, Semgrep)\n```\n\n#### Configure Go Linting Globally\n\n```bash\n# Symlink the shared golangci-lint config for IDE integration\nSCRIPTS_DIR=$HOME/Development/github.com/rios0rios0/pipelines\nln -s $SCRIPTS_DIR/global/scripts/languages/golang/golangci-lint/.golangci.yml ~/.golangci.yml\n```\n\n## Container Images\n\nPre-built container images optimized for CI/CD environments:\n\n| Image | Purpose | Registry |\n|----------------------------|---------------------------------|--------------------------------|\n| `golang.1.18-awscli` | Go 1.18 + AWS CLI | `ghcr.io/rios0rios0/pipelines` |\n| `golang.1.19-awscli` | Go 1.19 + AWS CLI | `ghcr.io/rios0rios0/pipelines` |\n| `python.3.9-pdm-buster` | Python 3.9 + PDM | `ghcr.io/rios0rios0/pipelines` |\n| `python.3.10-pdm-bullseye` | Python 3.10 + PDM | `ghcr.io/rios0rios0/pipelines` |\n| `awscli.latest` | AWS CLI tools | `ghcr.io/rios0rios0/pipelines` |\n| `tor-proxy.latest` | Network proxy with health check | `ghcr.io/rios0rios0/pipelines` |\n\n### Building Custom Images\n\n```bash\n# Build and push a custom container\nmake build-and-push NAME=awscli TAG=latest\n\n# Local build for testing\ndocker build -t my-image -f global/containers/awscli.latest/Dockerfile global/containers/awscli.latest/\n```\n\n## Makefile Integration\n\nThe recommended way to use this repository locally is through the includable `.mk` files. GNU Make's `-include` directive imports targets from the pipelines repository, so your project Makefile only needs to declare `SCRIPTS_DIR` and the includes:\n\n**Before** (repeated in every project):\n\n```makefile\nSCRIPTS_DIR = $(HOME)/Development/github.com/rios0rios0/pipelines\n\n.PHONY: lint\nlint:\n\t${SCRIPTS_DIR}/global/scripts/languages/golang/golangci-lint/run.sh --fix .\n\n.PHONY: test\ntest:\n\t${SCRIPTS_DIR}/global/scripts/languages/golang/test/run.sh .\n\n.PHONY: sast\nsast:\n\t${SCRIPTS_DIR}/global/scripts/tools/codeql/run.sh \"go\"\n```\n\n**After** (include once, get all targets):\n\n```makefile\n# Pipeline targets: setup, sast, lint, test\nSCRIPTS_DIR ?= $(HOME)/Development/github.com/rios0rios0/pipelines\n-include $(SCRIPTS_DIR)/makefiles/common.mk\n-include $(SCRIPTS_DIR)/makefiles/golang.mk\n\nbuild:\n\tgo build -o bin/app .\n\nrun:\n\tgo run .\n```\n\nThis gives you the following targets for free:\n\n| Target | Source | Description |\n|--------------|-------------------|------------------------------------------|\n| `make setup` | `common.mk` | Clone or update the pipelines repository |\n| `make sast` | `common.mk` | Run all security SAST tools |\n| `make lint` | `\u003clanguage\u003e.mk` | Run language-specific linter |\n| `make test` | `\u003clanguage\u003e.mk` | Run language-specific tests |\n\nAvailable language files:\n\n| File | Language | `lint` | `test` |\n|-----------------|-------------------|---------------------------------------|---------------------------------|\n| `golang.mk` | Go | `golangci-lint --fix` | Go test + coverage |\n| `python.mk` | Python (PDM) | `isort` + `black` + `flake8` + `mypy` | `pytest` |\n| `java.mk` | Java (Gradle) | `./gradlew check` | `./gradlew test` |\n| `javascript.mk` | JavaScript (Yarn) | `yarn lint` | `yarn test` |\n| `dotnet.mk` | .NET/C# | `dotnet format` | `dotnet test` |\n| `terraform.mk` | Terraform | `terraform fmt` + `validate` | `terraform plan` |\n| `terra.mk` | Terra CLI | `terra format` + git diff check | `terraform test` on all modules |\n\nThe `-include` prefix means Make silently skips the includes if the repository is not cloned yet. Run `make setup` (or `curl ... | bash`) to bootstrap.\n\nSee the [`.docs/examples/`](.docs/examples) directory for complete per-provider examples including Makefiles.\n\n### Direct Script Usage\n\nIf you prefer calling scripts directly without Makefile includes:\n\n```bash\nexport SCRIPTS_DIR=$HOME/Development/github.com/rios0rios0/pipelines\n\n# Go linting\n$SCRIPTS_DIR/global/scripts/languages/golang/golangci-lint/run.sh --fix\n\n# Go tests\n$SCRIPTS_DIR/global/scripts/languages/golang/test/run.sh\n\n# Security scans\n$SCRIPTS_DIR/global/scripts/tools/gitleaks/run.sh\n$SCRIPTS_DIR/global/scripts/tools/codeql/run.sh go\n$SCRIPTS_DIR/global/scripts/tools/hadolint/run.sh\n$SCRIPTS_DIR/global/scripts/tools/trivy/run.sh\n$SCRIPTS_DIR/global/scripts/tools/semgrep/run.sh\n```\n\n### Testing Pipeline Changes\n\nWhen developing pipeline modifications, you can test against development branches:\n\n#### Switch to Development Branch\n\n```bash\nexport BRANCH=your-feature-branch-name\n\n# Update all pipeline references to use your branch\nfind . -type f -name \"*.yaml\" -exec sed -i.bak -E \"s|(remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/)[^/]+(/.*)|\\\\1$BRANCH\\\\2|g\" {} +\n```\n\n#### Test Your Changes\n\n```bash\n# Update your project's pipeline reference\n# Before:\ninclude:\n - remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/main/gitlab/golang/go-docker.yaml'\n\n# After:\ninclude:\n - remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/your-feature-branch/gitlab/golang/go-docker.yaml'\n```\n\n## Troubleshooting\n\n### Common Issues \u0026 Solutions\n\n#### Pipeline Failures\n\n**Issue: \"No directories found to test it\" (Go projects)**\n\n- **Cause:** Go project structure does not match the expected layout\n- **Solution:** Ensure your project has `cmd/`, `pkg/`, or `internal/` directories\n- **Alternative:** Modify the test script to include your custom directories\n\n**Issue: \"golangci-lint: command not found\"**\n\n- **Cause:** golangci-lint not installed or not in PATH\n- **Solution:** The script automatically downloads golangci-lint, ensure Docker is available\n\n**Issue: Docker build fails with SSL certificate errors**\n\n- **Cause:** Network restrictions in CI environment\n- **Solution:** This is expected in restricted environments; contact your platform administrator\n\n#### Security Tool Issues\n\n**Issue: CodeQL analysis fails**\n\n- **Cause:** CodeQL CLI not installed or language not supported\n- **Solution:** Ensure network access to download CodeQL CLI bundle; supported languages: go, python, java, javascript, csharp, ruby (PHP is not supported)\n\n**Issue: Gitleaks takes too long or fails**\n\n- **Cause:** Large repository or network issues\n- **Solution:** Increase timeout values, ensure Docker daemon is accessible\n\n**Issue: Semgrep timeout or hangs**\n\n- **Cause:** Large codebase, downloading security rules\n- **Solution:** Allow 10+ minutes for completion, do not cancel the operation\n\n**Issue: Hadolint skips analysis**\n\n- **Cause:** No Dockerfiles found in the project\n- **Solution:** This is expected for projects without Dockerfiles; Hadolint auto-skips gracefully\n\n**Issue: Trivy IaC scan finds false positives**\n\n- **Cause:** Trivy flags misconfigurations in Terraform, Kubernetes, or Dockerfiles\n- **Solution:** Add entries to `.trivyignore` in the project root to suppress known false positives\n\n#### Platform-Specific Issues\n\n**GitHub Actions:**\n\n- **Issue:** Workflow does not trigger\n- **Solution:** Check repository permissions, ensure workflow file is in `.github/workflows/`\n\n**GitLab CI:**\n\n- **Issue:** \"Remote file could not be fetched\"\n- **Solution:** Verify the remote URL is accessible, check branch name in URL\n\n**Azure DevOps:**\n\n- **Issue:** \"Template not found\"\n- **Solution:** Ensure GitHub service connection is configured correctly\n\n### Environment Requirements\n\n**Minimum Requirements:**\n\n- Docker (for container builds and security tools)\n- Git (for repository operations)\n- Network access (for downloading tools and dependencies)\n\n**Language-Specific Requirements:**\n\n- **Go:** Go 1.18+ (automatically installed in CI)\n- **Python:** Python 3.8+ (automatically managed in CI)\n- **Java:** JDK 11+ (automatically managed in CI)\n- **Node.js:** Node 16+ (automatically managed in CI)\n\n### Performance Expectations\n\n| Operation | Expected Duration | Notes |\n|-------------------|-------------------|----------------------------------------|\n| Script downloads | 1-5 seconds | First-time tool downloads |\n| Go linting | 10-30 seconds | Depends on codebase size |\n| Security scanning | 2-10 minutes | Depends on tools and project size |\n| Container builds | 5-30 minutes | Depends on base image and dependencies |\n| Semgrep analysis | 5-15 minutes | Downloads large rule sets |\n\n**Important:** Never cancel operations that appear to be hanging - they may be downloading large Docker images or rule sets.\n\n## Contributing\n\nContributions are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## License\n\nThis project is licensed under the [MIT](LICENSE) License.\n\n---\n\n\u003e **Note:** This repository provides **pipeline templates and automation scripts**, not a runnable application. Users consume these templates in their own projects to establish comprehensive CI/CD pipelines with security, quality, and testing automation.\n","funding_links":["https://github.com/sponsors/rios0rios0"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frios0rios0%2Fpipelines","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frios0rios0%2Fpipelines","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frios0rios0%2Fpipelines/lists"}