refactor: initial refactor based on developers-italia-api

Refactor the whole API using github.com/italia/developers-italia-api
as a new starting point.

Author: bfabio

.github/dependabot.yml

@@ -0,0 +1,8 @@
+# Set update schedule for GitHub Actions
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/go.yml

@@ -0,0 +1,18 @@
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  linters:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 1.24.x
+      - uses: golangci/golangci-lint-action@v9
+        with:
+          version: v2.4.0
+          args: --timeout 3m --verbose

.github/workflows/lint.yml

@@ -1,39 +1,36 @@
-name: goreleaser
-
 on:
   push:
     tags:
-      - '*'
+      - v*
+
+permissions:
+  # To upload archives as GitHub Releases
+  contents: write
+  # To push Docker images to GitHub
+  packages: write
 
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Set up Go
-        uses: actions/setup-go@v2
+      - uses: actions/setup-go@v6
         with:
-          go-version: ^1.15
-        id: go
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Unshallow
-        run: git fetch --prune --unshallow
-      -
-        name: Docker Login
-        if: success() && startsWith(github.ref, 'refs/tags/v')
+          go-version: 1.24.x
+      - uses: actions/checkout@v6
+        with:
+          # All history, required for goreleaser
+          fetch-depth: 0
+      - # For TagBody, TagSubject or TagContents fields in goreleaser's templates
+        run: git fetch --force --tags
+      - # FIXME: goreleaser should already take care of the login
+        # (see https://github.com/goreleaser/goreleaser/blame/02a3486d4ba59505113a57b438ae567351ed3dab/scripts/entrypoint.sh#L17)
+        # but it doesn't work for some reason.
+        run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u docker --password-stdin
         env:
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-        run: |
-          echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
-      -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: goreleaser/goreleaser-action@v6
         with:
-          version: latest
+          version: v1.9.2
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/oas-linter.yml

@@ -0,0 +1,21 @@
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  checks: write
+
+jobs:
+  spectral:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - run: curl --fail -L https://github.com/italia/api-oas-checker-rules/releases/download/1.1/spectral-full.yml > .spectral.yml
+
+      # Get additional module required by spectral-full
+      - run: mkdir functions
+      - run: curl --fail -L https://raw.githubusercontent.com/italia/api-oas-checker/f6f4e6e360b2ce9816dcca29396571dda1c6027d/security/functions/checkSecurity.js > functions/checkSecurity.js
+
+      - uses: stoplightio/spectral-action@v0.8.13

.github/workflows/release.yml

@@ -1,2 +1,7 @@
-app.log
-publiccode-validator
+dist/
+tmp/
+.idea/
+.vscode
+
+# Compiled binary
+/publiccode-validator-api

.github/workflows/spectral.yaml

@@ -0,0 +1,102 @@
+version: "2"
+run:
+  # If set, we pass it to "go list -mod={option}". From "go help modules":
+  # If invoked with -mod=readonly, the go command is disallowed from the implicit
+  # automatic updating of go.mod described above. Instead, it fails when any changes
+  # to go.mod are needed. This setting is most useful to check that go.mod does
+  # not need updates, such as in a continuous integration and testing system.
+  # If invoked with -mod=vendor, the go command assumes that the vendor
+  # directory holds the correct copies of dependencies and ignores
+  # the dependency descriptions in go.mod.
+  #
+  # Allowed values: readonly|vendor|mod
+  # Default: ""
+  modules-download-mode: readonly
+
+  # Include test files or not.
+  # Default: true
+  tests: false
+
+linters:
+  default: all
+
+  disable:
+    # We don't want to limit dependencies
+    - depguard
+    # Not terribly useful and ends up in too much boilerplate
+    - exhaustruct
+
+    # Not useful
+    - depguard
+    # Not terribly useful and ends up in too much boilerplate
+    - exhaustruct
+
+    # Seems excessive
+    - tagalign
+
+    # More false positive than actual issues
+    - mnd
+
+    - noinlineerr
+    # Annyoing sometimes
+    - revive
+
+  settings:
+    wrapcheck:
+      ignore-sigs:
+        # Fiber takes care of unwrapping the error
+        - func (*github.com/gofiber/fiber/v2.Ctx)
+
+        # No point in wrapping these
+        - func encoding/json.Marshal(v any)
+        - func encoding/json.UnmarshalJSON(v any)
+
+        # Defaults
+        - .Errorf(
+        - errors.New(
+        - errors.Unwrap(
+        - .Wrap(
+        - .Wrapf(
+        - .WithMessage(
+        - .WithMessagef(
+        - .WithStack(
+    funlen:
+      # Increase the number of lines, considering funlen counts comments as well
+      # (https://github.com/ultraware/funlen/issues/12)
+      #
+      # default: 60
+      lines: 80
+    usetesting:
+      context-background: true
+      context-todo: true
+      os-chdir: true
+      os-mkdir-temp: true
+      os-setenv: true
+      os-create-temp: true
+      os-temp-dir: false
+
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$ # fast: true

.gitignore

@@ -0,0 +1,37 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+  - env:
+      - CGO_ENABLED=0
+    ldflags:
+      - -s -w
+    goos:
+      - linux
+archives:
+  - replacements:
+      darwin: Darwin
+      linux: Linux
+      windows: Windows
+      386: i386
+      amd64: x86_64
+checksum:
+  name_template: "checksums.txt"
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+dockers:
+  - dockerfile: Dockerfile.goreleaser
+    image_templates:
+      - "ghcr.io/italia/publiccode-validator-api:{{ .Tag }}"
+      - "ghcr.io/italia/publiccode-validator-api:latest"