-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 9193460
Showing
11 changed files
with
329 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
### Summary | ||
|
||
SUMMARY_GOES_HERE | ||
|
||
### Full changelog | ||
|
||
* [Implement ...] | ||
* [Fix ...] | ||
|
||
### Issues resolved | ||
|
||
Fix #XXX | ||
|
||
### Documentation | ||
|
||
- [ ] Link to the website [documentation PR](https://github.com/Kong/docs.konghq.com/pull/XXX) | ||
|
||
### Testing | ||
|
||
- [ ] Unit tests | ||
- [ ] E2E tests | ||
- [ ] Manual testing on Universal | ||
- [ ] Manual testing on Kubernetes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
# File is synced from Kong/template-generic and will be overwritten | ||
version: 2 | ||
updates: | ||
- package-ecosystem: docker | ||
directory: / | ||
schedule: | ||
interval: daily | ||
|
||
- package-ecosystem: github-actions | ||
directory: / | ||
schedule: | ||
interval: daily |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
additional: | ||
- anchore-helm | ||
- docker-fpm | ||
- lacework-manifest | ||
- kong-build-tools-base-images | ||
- kong-internal-unstable-helm | ||
- template-github-release | ||
|
||
files: | ||
- '!README.md' | ||
- '!.pre-commit-config.yaml' | ||
- '!.secrets.baseline' | ||
- '!**/template-sync.yml' | ||
- '!.github/workflows/sync.yml' | ||
- '!.github/PULL_REQUEST_TEMPLATE.md' | ||
- '!**/CODEOWNERS' | ||
- '!.yamllint' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
# File is synced from Kong/template-generic and will be overwritten | ||
name: Auto Actions | ||
|
||
on: pull_request_target # yamllint disable-line rule:truthy | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
|
||
|
||
jobs: | ||
dependabot-automerge: | ||
runs-on: ubuntu-latest | ||
if: ${{ github.actor == 'dependabot[bot]' }} | ||
steps: | ||
- name: Gather Dependabot metadata | ||
id: metadata | ||
uses: dependabot/[email protected] | ||
with: | ||
github-token: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Approve PR | ||
run: gh pr review --approve "$PR_URL" | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
- name: Enable auto-merge | ||
run: gh pr merge --auto --squash "$PR_URL" | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
# File is synced from Kong/template-generic and will be overwritten | ||
name: pre-commit | ||
|
||
on: # yamllint disable-line rule:truthy | ||
pull_request: | ||
|
||
jobs: | ||
pre-commit: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
- uses: actions/[email protected] | ||
- name: install shfmt | ||
run: | | ||
mkdir -p $GITHUB_WORKSPACE/bin | ||
curl -L -s -o $GITHUB_WORKSPACE/bin/shfmt https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 | ||
chmod +x $GITHUB_WORKSPACE/bin/shfmt | ||
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | ||
- name: pre-commit github auth | ||
env: | ||
TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
git version | ||
git config --global url."https://${TOKEN}:[email protected]/".insteadOf "[email protected]:" | ||
- uses: pre-commit/[email protected] | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
extra_args: --from-ref origin/${{ github.base_ref }} --to-ref ${{github.event.pull_request.head.sha}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
--- | ||
name: Sync the template repository | ||
|
||
on: # yamllint disable-line rule:truthy | ||
pull_request: | ||
push: | ||
branches: main | ||
workflow_dispatch: | ||
|
||
jobs: | ||
metadata: | ||
runs-on: ubuntu-latest | ||
|
||
outputs: | ||
repository: ${{ steps.metadata.outputs.repository }} | ||
dockerfile: ${{ steps.dockerfile.outputs.exists }} | ||
|
||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- id: metadata | ||
uses: ahmadnassri/action-metadata@v1 | ||
|
||
sync: | ||
|
||
needs: | ||
- metadata | ||
|
||
# only runs if the repository is a template | ||
if: ${{ fromJSON(needs.metadata.outputs.repository).is_template }} | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Queue | ||
uses: ahmadnassri/[email protected] | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Sync | ||
uses: ahmadnassri/[email protected] | ||
with: | ||
github-token: ${{ secrets.GH_TOKEN_PRIVATE_READ }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
# File is synced from Kong/template-generic and will be overwritten | ||
repos: | ||
- repo: meta | ||
hooks: | ||
- id: check-hooks-apply | ||
- id: check-useless-excludes | ||
- repo: https://github.com/pre-commit/pre-commit-hooks | ||
rev: v4.4.0 | ||
hooks: | ||
- id: end-of-file-fixer | ||
- id: trailing-whitespace | ||
- id: mixed-line-ending | ||
- id: check-yaml | ||
- id: check-byte-order-marker | ||
- id: check-merge-conflict | ||
- id: end-of-file-fixer | ||
- id: check-added-large-files | ||
- repo: https://github.com/Lucas-C/pre-commit-hooks | ||
rev: v1.4.2 | ||
hooks: | ||
- id: forbid-crlf | ||
- id: remove-crlf | ||
- id: forbid-tabs | ||
- id: remove-tabs | ||
- repo: https://github.com/Yelp/detect-secrets | ||
rev: v1.4.0 | ||
hooks: | ||
- id: detect-secrets | ||
args: [--baseline, .secrets.baseline] | ||
- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt | ||
rev: 0.2.2 | ||
hooks: | ||
- id: yamlfmt | ||
args: [--mapping, '2', --sequence, '2', --offset, '0', --width, '150'] | ||
- repo: https://github.com/adrienverge/yamllint | ||
rev: v1.29.0 | ||
hooks: | ||
- id: yamllint | ||
args: [--format, parsable, --strict] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
{ | ||
"version": "1.1.0", | ||
"plugins_used": [ | ||
{ | ||
"name": "ArtifactoryDetector" | ||
}, | ||
{ | ||
"name": "AWSKeyDetector" | ||
}, | ||
{ | ||
"name": "AzureStorageKeyDetector" | ||
}, | ||
{ | ||
"name": "Base64HighEntropyString", | ||
"limit": 4.5 | ||
}, | ||
{ | ||
"name": "BasicAuthDetector" | ||
}, | ||
{ | ||
"name": "CloudantDetector" | ||
}, | ||
{ | ||
"name": "HexHighEntropyString", | ||
"limit": 3.0 | ||
}, | ||
{ | ||
"name": "IbmCloudIamDetector" | ||
}, | ||
{ | ||
"name": "IbmCosHmacDetector" | ||
}, | ||
{ | ||
"name": "JwtTokenDetector" | ||
}, | ||
{ | ||
"name": "KeywordDetector", | ||
"keyword_exclude": "" | ||
}, | ||
{ | ||
"name": "MailchimpDetector" | ||
}, | ||
{ | ||
"name": "NpmDetector" | ||
}, | ||
{ | ||
"name": "PrivateKeyDetector" | ||
}, | ||
{ | ||
"name": "SlackDetector" | ||
}, | ||
{ | ||
"name": "SoftlayerDetector" | ||
}, | ||
{ | ||
"name": "SquareOAuthDetector" | ||
}, | ||
{ | ||
"name": "StripeDetector" | ||
}, | ||
{ | ||
"name": "TwilioKeyDetector" | ||
} | ||
], | ||
"filters_used": [ | ||
{ | ||
"path": "detect_secrets.filters.allowlist.is_line_allowlisted" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", | ||
"min_level": 2 | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_indirect_reference" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_likely_id_string" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_lock_file" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_potential_uuid" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_sequential_string" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_swagger_file" | ||
}, | ||
{ | ||
"path": "detect_secrets.filters.heuristic.is_templated_secret" | ||
} | ||
], | ||
"results": {}, | ||
"generated_at": "2022-01-17T17:08:21Z" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
# File is synced from Kong/template-generic and will be overwritten | ||
extends: default | ||
rules: | ||
line-length: disable | ||
comments: disable | ||
indentation: | ||
spaces: 2 | ||
indent-sequences: consistent |
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# Default to review by | ||
|
||
|
||
# Add additional directory-specific reviewers later in the file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# Generic Github Repository Template | ||
|
||
Generic github repository template that keeps child repositories sync'd | ||
|
||
Use this template as a sensible baseline for new github repositories. | ||
|
||
## Instructions | ||
|
||
- Create template from repository | ||
- From the new repository settings page enable "Automatically delete head branches" as well as "Allow auto-merge" | ||
- From the new repository branches page create branch protection rule for `main` that requires "pre-commit" to pass as well as "Require a pull request before merging" | ||
- Following the [CODEOWNERS SYNTAX](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax) guidelines, update the new repository CODEOWNERS file | ||
- Following our [Github bot guidline documentation](https://konghq.atlassian.net/wiki/spaces/ENGEN/pages/2720268304/How+To+-+Github+Automation+Guidelines) add a github and dependabot secret for AUTO_MERGE_TOKEN | ||
- Open a pull request on the new repository that seeds the secret baseline file `detect-secrets scan > .secrets.baseline` as well as a sensible README.md | ||
- **Update** the .github/template-sync.yml file in [kong/template-generic](https://github.com/Kong/template-generic) repository with the **cloned repository name** to enable template sync changes |