Create base template for Go projects

This adds all the base functionality that other Go projects within
the Friendly FHIR organization use, so that this can be leveraged as
a starting point for future projects.

Author: bitwizeshift

.github/workflows/code-scanning.yaml

@@ -0,0 +1,33 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Scheduled Code-Scanning
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+
+jobs:
+  vulnerability-scanning:
+    name: Vulnerability Scanning
+    uses: friendly-fhir/.github/.github/workflows/go-vulnerability-scanning.yaml@master
+    with:
+      govulncheck-version: latest
+      go-version-file: go.mod
+      packages: ./...
+    permissions:
+      contents: read
+      security-events: write
+
+  codeql-analysis:
+    name: CodeQL Analysis
+    uses: friendly-fhir/.github/.github/workflows/go-codeql.yaml@master
+    with:
+      go-version-file: go.mod
+    permissions:
+      contents: read
+      security-events: write
+      actions: read

.github/workflows/community-greet-new-contributor.yaml

@@ -0,0 +1,22 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Greet new contributor
+
+on:
+  pull_request:
+    types: [opened]
+  issues:
+    types: [opened]
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  greet:
+    uses: friendly-fhir/.github/.github/workflows/community-greet-new-contributor.yaml@master
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    secrets: inherit

.github/workflows/community-stale-check.yaml

@@ -0,0 +1,20 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Check for Stale Issues and Pull Requests
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  greet:
+    uses: friendly-fhir/.github/.github/workflows/community-stale-check.yaml@master
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    secrets: inherit

.github/workflows/deploy-github-pages.yaml

@@ -0,0 +1,65 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Deploy Github Pages
+on:
+  push:
+    branches: [master]
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+jobs:
+  docs:
+    name: Generate Documentation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10"
+
+      - name: Install dependencies
+        run: |
+          pip install mkdocs
+          pip install mkdocs-mermaid2-plugin
+          pip install mkdocs-coverage
+
+      - name: Generate Documentation
+        run: mkdocs build
+
+      # Some of the doc generation steps above create the directories with
+      # 0750 for permissions -- which is triggering warning annotations in the
+      # workflow summaries. Manually converting this to 0755 helps to suppress
+      # this.
+      - name: Fix permissions
+        run: |
+          find ./dist -type d -exec chmod 0755 {} \;
+          find ./dist -type f -name '.lock' -delete
+
+      - name: Upload Pages Artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: dist/
+
+  deploy:
+    name: Deploy to GH Pages
+    runs-on: ubuntu-latest
+    needs: docs
+
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    steps:
+      - name: Upload GH Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/postsubmit.yaml

@@ -0,0 +1,59 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Postsubmit
+
+on:
+  workflow_call:
+  push:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  security-events: write
+  id-token: write
+  actions: read
+
+jobs:
+  build-and-test:
+    name: Build and Test
+    uses: friendly-fhir/.github/.github/workflows/go-build-and-test.yaml@master
+    with:
+      packages: ./...
+      go-version-file: go.mod
+      short-test: false
+    permissions:
+      contents: read
+      id-token: write
+
+  snapshot-release:
+    name: Snapshot Release
+    uses: friendly-fhir/.github/.github/workflows/go-release.yaml@master
+    with:
+      snapshot: true
+    permissions:
+      contents: write
+      attestations: write
+      id-token: write
+
+  email-on-failure:
+    name: Email on Failure
+    runs-on: ubuntu-latest
+    needs:
+      - build-and-test
+      - snapshot-release
+    if: always() && failure()
+    continue-on-error: true
+    steps:
+      - name: Send email
+        uses: friendly-fhir/.github/actions/community/send-email@master
+        with:
+          recipient: [email protected]
+          api-key: ${{ secrets.MAILGUN_API_KEY }}
+          subject: ${{ github.repository}} Post-submit failed
+          body: |
+            The post-submit workflow for ${{ github.repository }} failed.
+            Please see ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} for details.

.github/workflows/presubmit.yaml

@@ -0,0 +1,88 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Presubmit
+
+on:
+  workflow_call:
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read
+  security-events: write
+  id-token: write
+  actions: read
+
+jobs:
+  build-and-test:
+    name: Build and Test
+    uses: friendly-fhir/.github/.github/workflows/go-build-and-test.yaml@master
+    with:
+      packages: ./...
+      go-version-file: go.mod
+      short-test: true
+    permissions:
+      contents: read
+      id-token: write
+
+  license-manifest:
+    name: License Manifest
+    uses: friendly-fhir/.github/.github/workflows/go-license.yaml@master
+    with:
+      go-version-file: go.mod
+      packages: ./...
+      artifact-name: license-report
+      go-licenses-version: latest
+      license-file-name: license-report.csv
+    permissions:
+      contents: read
+
+  vulnerability-scanning:
+    name: Vulnerability Scanning
+    uses: friendly-fhir/.github/.github/workflows/go-vulnerability-scanning.yaml@master
+    with:
+      go-version-file: go.mod
+      packages: ./...
+      govulncheck-version: latest
+    permissions:
+      contents: read
+      security-events: write
+
+  go-lint:
+    name: Go Lint
+    uses: friendly-fhir/.github/.github/workflows/go-lint.yaml@master
+    with:
+      go-version-file: go.mod
+    permissions:
+      contents: read
+
+  markdown-lint:
+    name: Markdown Lint
+    uses: friendly-fhir/.github/.github/workflows/markdown-lint.yaml@master
+    with:
+      config: .markdownlint.jsonc
+      globs: |
+        README.md
+        docs/**/*.md
+        .github/**/*.md
+    permissions:
+      contents: read
+
+  # This check is a no-op that exists so that GitHub has a check to mark as
+  # required and successful.
+  check-success:
+    name: Check Success
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    needs:
+      - build-and-test
+      - license-manifest
+      - vulnerability-scanning
+      - go-lint
+      - markdown-lint
+    steps:
+      - name: Success
+        run: echo "All checks passed"
+        shell: bash
+    permissions:
+      contents: read

.github/workflows/promote-branch.yaml

@@ -0,0 +1,39 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Promote Branch
+
+on:
+  push:
+    branches:
+      - develop
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+  security-events: write
+  id-token: write
+  actions: read
+
+jobs:
+  presubmit:
+    name: Presubmit
+    uses: ./.github/workflows/presubmit.yaml
+    permissions:
+      contents: read
+      id-token: write
+      security-events: write
+      actions: read
+    secrets: inherit
+
+  promote:
+    name: Promote to Master
+    needs: presubmit
+    uses: friendly-fhir/.github/.github/workflows/promote-branch.yaml@master
+    with:
+      branch: master
+    secrets: inherit
+    permissions:
+      contents: write
+      id-token: write

.github/workflows/release.yaml

@@ -0,0 +1,34 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+  security-events: write
+  id-token: write
+  actions: read
+
+jobs:
+  continuous-integration:
+    name: Continuous Integration
+    uses: ./.github/workflows/presubmit.yaml
+    permissions:
+      contents: read
+      security-events: write
+      id-token: write
+      actions: read
+
+  release:
+    name: Release
+    needs: continuous-integration
+    uses: friendly-fhir/.github/.github/workflows/go-release.yaml@master
+    with:
+      snapshot: false
+    permissions:
+      contents: write
+      attestations: write
+      id-token: write

.golanglint.yaml

@@ -0,0 +1,4 @@
+# yaml-language-server: $schema=https://golangci-lint.run/jsonschema/golangci.jsonschema.json
+
+linters:
+  enable-all: true