add Stanford NLP Stanza

Signed-off-by: Steve Taylor <[email protected]>

.dockerignore

@@ -0,0 +1,6 @@
+nlp-test-models
+.git
+.github
+.ruff_cache
+megalinter-reports
+.mega-linter.yml

.github/linters/.checkov.yml

@@ -0,0 +1 @@
+skip-check: CKV_OPENAPI_3,CKV_OPENAPI_4,CKV_OPENAPI_5

.github/linters/.flake8

@@ -0,0 +1,5 @@
+[flake8]
+ignore = E203, E266, E501, W503, F403, F401
+max-line-length = 200
+max-complexity = 30
+select = B,C,E,F,W,T4,B9

.github/linters/.jscpd.json

@@ -0,0 +1,15 @@
+{
+  "threshold": 0,
+  "reporters": ["html", "markdown"],
+  "ignore": [
+    "**/node_modules/**",
+    "**/.git/**",
+    "**/.rbenv/**",
+    "**/.venv/**",
+    "**/*cache*/**",
+    "**/.github/**",
+    "**/.idea/**",
+    "**/report/**",
+    "**/*.svg"
+  ]
+}

.github/linters/.python-black

@@ -0,0 +1,2 @@
+[tool.black]
+line-length = 200

.github/linters/.ruff.toml

@@ -0,0 +1 @@
+line-length = 200

.github/workflows/build-push-chart.yml

@@ -0,0 +1,93 @@
+name: Build/Push Image and Release Charts
+"on":
+  pull_request:
+    paths-ignore:
+      - chart/**/Chart.yaml
+      - chart/**/values.yaml
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - chart/**/Chart.yaml
+      - chart/**/values.yaml
+permissions: read-all
+jobs:
+  setenv:
+    uses: ortelius/workflow-toolkit/.github/workflows/env-config-workflow.yml@fae1fbc2332578c7177c218279e6f2ab082bb3f8
+    with:
+      gh_head_ref: ${{ github.head_ref }}
+      gh_ref_name: ${{ github.ref_name }}
+      gh_event_repo_name: ${{ github.event.repository.name }}
+      gh_sha: ${{ github.sha }}
+      gh_repo: ${{ github.repository }}
+      gh_run_number: ${{ github.run_number }}
+  release:
+    uses: ortelius/workflow-toolkit/.github/workflows/container-release-workflow.yml@fae1fbc2332578c7177c218279e6f2ab082bb3f8
+    needs: setenv
+    with:
+      gh_repository_owner: ${{ github.repository_owner }}
+      gh_event_name: ${{ github.event_name }}
+      gh_ref: ${{ github.ref }}
+      registry: ${{ needs.setenv.outputs.registry }}
+      image_repo_tag: ${{ needs.setenv.outputs.image_repo_tag }}
+    secrets:
+      QUAY_USERID: ${{ secrets.QUAY_USERID }}
+      QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+    permissions:
+      id-token: write
+  trivy:
+    permissions:
+      security-events: write
+      statuses: write
+    uses: ortelius/workflow-toolkit/.github/workflows/trivy-scan-workflow.yml@fae1fbc2332578c7177c218279e6f2ab082bb3f8
+    needs:
+      - setenv
+      - release
+    with:
+      gh_repository_owner: ${{ github.repository_owner }}
+      gh_event_name: ${{ github.event_name }}
+      gh_ref: ${{ github.ref }}
+      image_repo_tag: ${{ needs.setenv.outputs.image_repo_tag }}
+  helm:
+    permissions:
+      contents: write
+    uses: ortelius/workflow-toolkit/.github/workflows/helm-release-workflow.yml@fae1fbc2332578c7177c218279e6f2ab082bb3f8
+    needs:
+      - setenv
+      - release
+    with:
+      gh_repository_owner: ${{ github.repository_owner }}
+      gh_event_name: ${{ github.event_name }}
+      gh_ref: ${{ github.ref }}
+      gh_handle: ${{ needs.setenv.outputs.gh_handle }}
+      chart: chart/${{ needs.setenv.outputs.compname }}
+      chart_version: ${{ needs.setenv.outputs.chart_version }}
+      image_repository: ${{ needs.setenv.outputs.image_repository }}
+      image_tag: ${{ needs.setenv.outputs.image_tag }}
+      image_digest: ${{ needs.release.outputs.digest }}
+    secrets:
+      GPG_KEYRING_BASE64: ${{ secrets.GPG_KEYRING_BASE64 }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      GPG_KEY: ${{ secrets.GPG_KEY }}
+      gh_token: ${{ secrets.HELM_INDEXER_TOKEN }}
+  sbom:
+    uses: ortelius/workflow-toolkit/.github/workflows/sbom-generation-workflow.yml@fae1fbc2332578c7177c218279e6f2ab082bb3f8
+    needs:
+      - setenv
+      - release
+    with:
+      gh_repository_owner: ${{ github.repository_owner }}
+      gh_event_name: ${{ github.event_name }}
+      gh_ref: ${{ github.ref }}
+      dhurl: ${{ needs.setenv.outputs.dhurl }}
+      compname: ${{ needs.setenv.outputs.compname }}
+      chart_version: ${{ needs.setenv.outputs.chart_version }}
+      branch: ${{ needs.setenv.outputs.branch }}
+      digest: ${{ needs.release.outputs.digest }}
+      image_repo_tag: ${{ needs.setenv.outputs.image_repo_tag }}
+      image_repository: ${{ needs.setenv.outputs.image_repository }}
+      image_tag: ${{ needs.setenv.outputs.image_tag }}
+      image_version: ${{ needs.setenv.outputs.image_version }}
+    secrets:
+      DHPASS: ${{ secrets.DHPASS }}
+      DHUSER: ${{ secrets.DHUSER }}

.github/workflows/codeql.yml

@@ -0,0 +1,39 @@
+---
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  schedule:
+    - cron: "30 1 * * *"
+
+permissions: read-all
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
+        with:
+          languages: "go"
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
+        with:
+          category: "/language:go"

.github/workflows/mega-linter.yml

@@ -0,0 +1,81 @@
+---
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.io
+name: MegaLinter
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+
+env: # Comment env block if you do not want to apply fixes
+  # Apply linter fixes configuration
+  APPLY_FIXES: none # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: read-all
+
+jobs:
+  build:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
+
+      # MegaLinter
+      - name: MegaLinter
+        id: ml
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.io/latest/flavors/
+        uses: oxsecurity/megalinter/flavors/go@7e042c726c68415475b05a65a686c612120a1232 # v7
+        env:
+          # All available variables are described in documentation
+          # https://megalinter.io/latest/config-file/
+          VALIDATE_ALL_CODEBASE: true # Set ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} to validate only diff with main branch
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        if: ${{ success() || failure() }}
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
+        with:
+          name: MegaLinter reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request if applicable (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        id: cpr
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply linters automatic fixes"
+          title: "[MegaLinter] Apply linters automatic fixes"
+          labels: bot
+      - name: Create PR output
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        run: |
+          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        run: sudo chown -Rc $UID .git/
+      - name: Commit and push applied linter fixes
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
+        with:
+          branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
+          commit_message: "[MegaLinter] Apply linters fixes"

.github/workflows/scorecard.yml

@@ -0,0 +1,49 @@
+---
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    # Weekly on Saturdays.
+    - cron: "30 1 * * 6"
+  push:
+    branches: [main, master]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      actions: read
+      contents: read
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
+        with:
+          sarif_file: results.sarif