Initial commit

Kong · Nov 8, 2023 · 9193460 · 9193460
commit 9193460
Show file tree

Hide file tree

Showing 11 changed files with 329 additions and 0 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,23 @@
+### Summary
+
+SUMMARY_GOES_HERE
+
+### Full changelog
+
+* [Implement ...]
+* [Fix ...]
+
+### Issues resolved
+
+Fix #XXX
+
+### Documentation
+
+- [ ] Link to the website [documentation PR](https://github.com/Kong/docs.konghq.com/pull/XXX)
+
+### Testing
+
+- [ ] Unit tests
+- [ ] E2E tests
+- [ ] Manual testing on Universal
+- [ ] Manual testing on Kubernetes
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+version: 2
+updates:
+- package-ecosystem: docker
+  directory: /
+  schedule:
+    interval: daily
+
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: daily
diff --git a/.github/template-sync.yml b/.github/template-sync.yml
@@ -0,0 +1,18 @@
+---
+additional:
+- anchore-helm
+- docker-fpm
+- lacework-manifest
+- kong-build-tools-base-images
+- kong-internal-unstable-helm
+- template-github-release
+
+files:
+- '!README.md'
+- '!.pre-commit-config.yaml'
+- '!.secrets.baseline'
+- '!**/template-sync.yml'
+- '!.github/workflows/sync.yml'
+- '!.github/PULL_REQUEST_TEMPLATE.md'
+- '!**/CODEOWNERS'
+- '!.yamllint'
diff --git a/.github/workflows/automerge-dependabot.yml b/.github/workflows/automerge-dependabot.yml
@@ -0,0 +1,31 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+name: Auto Actions
+
+on: pull_request_target # yamllint disable-line rule:truthy
+
+permissions:
+  contents: write
+  pull-requests: write
+
+
+jobs:
+  dependabot-automerge:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+    - name: Gather Dependabot metadata
+      id: metadata
+      uses: dependabot/[email protected]
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Approve PR
+      run: gh pr review --approve "$PR_URL"
+      env:
+        PR_URL: ${{github.event.pull_request.html_url}}
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+    - name: Enable auto-merge
+      run: gh pr merge --auto --squash "$PR_URL"
+      env:
+        PR_URL: ${{github.event.pull_request.html_url}}
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -0,0 +1,31 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+name: pre-commit
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - uses: actions/[email protected]
+    - name: install shfmt
+      run: |
+        mkdir -p $GITHUB_WORKSPACE/bin
+        curl -L -s -o $GITHUB_WORKSPACE/bin/shfmt https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64
+        chmod +x $GITHUB_WORKSPACE/bin/shfmt
+        echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
+    - name: pre-commit github auth
+      env:
+        TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        git version
+        git config --global url."https://${TOKEN}:[email protected]/".insteadOf "[email protected]:"
+    - uses: pre-commit/[email protected]
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        extra_args: --from-ref origin/${{ github.base_ref }} --to-ref ${{github.event.pull_request.head.sha}}
diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml
@@ -0,0 +1,42 @@
+---
+name: Sync the template repository
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+  push:
+    branches: main
+  workflow_dispatch:
+
+jobs:
+  metadata:
+    runs-on: ubuntu-latest
+
+    outputs:
+      repository: ${{ steps.metadata.outputs.repository }}
+      dockerfile: ${{ steps.dockerfile.outputs.exists }}
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - id: metadata
+      uses: ahmadnassri/action-metadata@v1
+
+  sync:
+
+    needs:
+    - metadata
+
+    # only runs if the repository is a template
+    if: ${{ fromJSON(needs.metadata.outputs.repository).is_template }}
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Queue
+      uses: ahmadnassri/[email protected]
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Sync
+      uses: ahmadnassri/[email protected]
+      with:
+        github-token: ${{ secrets.GH_TOKEN_PRIVATE_READ }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,40 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+repos:
+- repo: meta
+  hooks:
+  - id: check-hooks-apply
+  - id: check-useless-excludes
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+  - id: mixed-line-ending
+  - id: check-yaml
+  - id: check-byte-order-marker
+  - id: check-merge-conflict
+  - id: end-of-file-fixer
+  - id: check-added-large-files
+- repo: https://github.com/Lucas-C/pre-commit-hooks
+  rev: v1.4.2
+  hooks:
+  - id: forbid-crlf
+  - id: remove-crlf
+  - id: forbid-tabs
+  - id: remove-tabs
+- repo: https://github.com/Yelp/detect-secrets
+  rev: v1.4.0
+  hooks:
+  - id: detect-secrets
+    args: [--baseline, .secrets.baseline]
+- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
+  rev: 0.2.2
+  hooks:
+  - id: yamlfmt
+    args: [--mapping, '2', --sequence, '2', --offset, '0', --width, '150']
+- repo: https://github.com/adrienverge/yamllint
+  rev: v1.29.0
+  hooks:
+  - id: yamllint
+    args: [--format, parsable, --strict]
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -0,0 +1,103 @@
+{
+  "version": "1.1.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2022-01-17T17:08:21Z"
+}
diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,9 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+extends: default
+rules:
+  line-length: disable
+  comments: disable
+  indentation:
+    spaces: 2
+    indent-sequences: consistent
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1,4 @@
+# Default to review by
+
+
+# Add additional directory-specific reviewers later in the file
diff --git a/README.md b/README.md
@@ -0,0 +1,15 @@
+# Generic Github Repository Template
+
+Generic github repository template that keeps child repositories sync'd
+
+Use this template as a sensible baseline for new github repositories.
+
+## Instructions
+
+- Create template from repository
+- From the new repository settings page enable "Automatically delete head branches" as well as "Allow auto-merge"
+- From the new repository branches page create branch protection rule for `main` that requires "pre-commit" to pass as well as "Require a pull request before merging"
+- Following the [CODEOWNERS SYNTAX](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax) guidelines, update the new repository CODEOWNERS file
+- Following our [Github bot guidline documentation](https://konghq.atlassian.net/wiki/spaces/ENGEN/pages/2720268304/How+To+-+Github+Automation+Guidelines) add a github and dependabot secret for AUTO_MERGE_TOKEN
+- Open a pull request on the new repository that seeds the secret baseline file `detect-secrets scan > .secrets.baseline` as well as a sensible README.md
+- **Update** the .github/template-sync.yml file in [kong/template-generic](https://github.com/Kong/template-generic) repository with the **cloned repository name** to enable template sync changes