From 91934601e619cdd131ed45ac6bbd9d049dde9e8b Mon Sep 17 00:00:00 2001
From: Travis Raines <571832+rainest@users.noreply.github.com>
Date: Wed, 8 Nov 2023 15:36:25 -0800
Subject: [PATCH] Initial commit

---
 .github/PULL_REQUEST_TEMPLATE.md           |  23 +++++
 .github/dependabot.yml                     |  13 +++
 .github/template-sync.yml                  |  18 ++++
 .github/workflows/automerge-dependabot.yml |  31 +++++++
 .github/workflows/pre-commit.yml           |  31 +++++++
 .github/workflows/sync.yml                 |  42 +++++++++
 .pre-commit-config.yaml                    |  40 ++++++++
 .secrets.baseline                          | 103 +++++++++++++++++++++
 .yamllint                                  |   9 ++
 CODEOWNERS                                 |   4 +
 README.md                                  |  15 +++
 11 files changed, 329 insertions(+)
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/template-sync.yml
 create mode 100644 .github/workflows/automerge-dependabot.yml
 create mode 100644 .github/workflows/pre-commit.yml
 create mode 100644 .github/workflows/sync.yml
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 .secrets.baseline
 create mode 100644 .yamllint
 create mode 100644 CODEOWNERS
 create mode 100644 README.md

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..7039468
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,23 @@
+### Summary
+
+SUMMARY_GOES_HERE
+
+### Full changelog
+
+* [Implement ...]
+* [Fix ...]
+
+### Issues resolved
+
+Fix #XXX
+
+### Documentation
+
+- [ ] Link to the website [documentation PR](https://github.com/Kong/docs.konghq.com/pull/XXX)
+
+### Testing
+
+- [ ] Unit tests
+- [ ] E2E tests
+- [ ] Manual testing on Universal
+- [ ] Manual testing on Kubernetes
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..a95e890
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+version: 2
+updates:
+- package-ecosystem: docker
+  directory: /
+  schedule:
+    interval: daily
+
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: daily
diff --git a/.github/template-sync.yml b/.github/template-sync.yml
new file mode 100644
index 0000000..8bb9cd2
--- /dev/null
+++ b/.github/template-sync.yml
@@ -0,0 +1,18 @@
+---
+additional:
+- anchore-helm
+- docker-fpm
+- lacework-manifest
+- kong-build-tools-base-images
+- kong-internal-unstable-helm
+- template-github-release
+
+files:
+- '!README.md'
+- '!.pre-commit-config.yaml'
+- '!.secrets.baseline'
+- '!**/template-sync.yml'
+- '!.github/workflows/sync.yml'
+- '!.github/PULL_REQUEST_TEMPLATE.md'
+- '!**/CODEOWNERS'
+- '!.yamllint'
diff --git a/.github/workflows/automerge-dependabot.yml b/.github/workflows/automerge-dependabot.yml
new file mode 100644
index 0000000..ed7d1a1
--- /dev/null
+++ b/.github/workflows/automerge-dependabot.yml
@@ -0,0 +1,31 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+name: Auto Actions
+
+on: pull_request_target # yamllint disable-line rule:truthy
+
+permissions:
+  contents: write
+  pull-requests: write
+
+
+jobs:
+  dependabot-automerge:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+    - name: Gather Dependabot metadata
+      id: metadata
+      uses: dependabot/fetch-metadata@v1.3.6
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Approve PR
+      run: gh pr review --approve "$PR_URL"
+      env:
+        PR_URL: ${{github.event.pull_request.html_url}}
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+    - name: Enable auto-merge
+      run: gh pr merge --auto --squash "$PR_URL"
+      env:
+        PR_URL: ${{github.event.pull_request.html_url}}
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
new file mode 100644
index 0000000..d9bb088
--- /dev/null
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,31 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+name: pre-commit
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - uses: actions/setup-python@v4.5.0
+    - name: install shfmt
+      run: |
+        mkdir -p $GITHUB_WORKSPACE/bin
+        curl -L -s -o $GITHUB_WORKSPACE/bin/shfmt https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64
+        chmod +x $GITHUB_WORKSPACE/bin/shfmt
+        echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
+    - name: pre-commit github auth
+      env:
+        TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        git version
+        git config --global url."https://${TOKEN}:x-oauth-basic@github.com/".insteadOf "git@github.com:"
+    - uses: pre-commit/action@v3.0.0
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        extra_args: --from-ref origin/${{ github.base_ref }} --to-ref ${{github.event.pull_request.head.sha}}
diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml
new file mode 100644
index 0000000..5ef5a5e
--- /dev/null
+++ b/.github/workflows/sync.yml
@@ -0,0 +1,42 @@
+---
+name: Sync the template repository
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+  push:
+    branches: main
+  workflow_dispatch:
+
+jobs:
+  metadata:
+    runs-on: ubuntu-latest
+
+    outputs:
+      repository: ${{ steps.metadata.outputs.repository }}
+      dockerfile: ${{ steps.dockerfile.outputs.exists }}
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - id: metadata
+      uses: ahmadnassri/action-metadata@v1
+
+  sync:
+
+    needs:
+    - metadata
+
+    # only runs if the repository is a template
+    if: ${{ fromJSON(needs.metadata.outputs.repository).is_template }}
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Queue
+      uses: ahmadnassri/action-workflow-queue@v1.1
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Sync
+      uses: ahmadnassri/action-template-repository-sync@v2.3.4
+      with:
+        github-token: ${{ secrets.GH_TOKEN_PRIVATE_READ }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..4688283
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,40 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+repos:
+- repo: meta
+  hooks:
+  - id: check-hooks-apply
+  - id: check-useless-excludes
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+  - id: mixed-line-ending
+  - id: check-yaml
+  - id: check-byte-order-marker
+  - id: check-merge-conflict
+  - id: end-of-file-fixer
+  - id: check-added-large-files
+- repo: https://github.com/Lucas-C/pre-commit-hooks
+  rev: v1.4.2
+  hooks:
+  - id: forbid-crlf
+  - id: remove-crlf
+  - id: forbid-tabs
+  - id: remove-tabs
+- repo: https://github.com/Yelp/detect-secrets
+  rev: v1.4.0
+  hooks:
+  - id: detect-secrets
+    args: [--baseline, .secrets.baseline]
+- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
+  rev: 0.2.2
+  hooks:
+  - id: yamlfmt
+    args: [--mapping, '2', --sequence, '2', --offset, '0', --width, '150']
+- repo: https://github.com/adrienverge/yamllint
+  rev: v1.29.0
+  hooks:
+  - id: yamllint
+    args: [--format, parsable, --strict]
diff --git a/.secrets.baseline b/.secrets.baseline
new file mode 100644
index 0000000..badb637
--- /dev/null
+++ b/.secrets.baseline
@@ -0,0 +1,103 @@
+{
+  "version": "1.1.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2022-01-17T17:08:21Z"
+}
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..1ceaf66
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,9 @@
+---
+# File is synced from Kong/template-generic and will be overwritten
+extends: default
+rules:
+  line-length: disable
+  comments: disable
+  indentation:
+    spaces: 2
+    indent-sequences: consistent
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 0000000..f8ffeff
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,4 @@
+# Default to review by
+
+
+# Add additional directory-specific reviewers later in the file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..3f9641a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+# Generic Github Repository Template
+
+Generic github repository template that keeps child repositories sync'd
+
+Use this template as a sensible baseline for new github repositories.
+
+## Instructions
+
+- Create template from repository
+- From the new repository settings page enable "Automatically delete head branches" as well as "Allow auto-merge"
+- From the new repository branches page create branch protection rule for `main` that requires "pre-commit" to pass as well as "Require a pull request before merging"
+- Following the [CODEOWNERS SYNTAX](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax) guidelines, update the new repository CODEOWNERS file
+- Following our [Github bot guidline documentation](https://konghq.atlassian.net/wiki/spaces/ENGEN/pages/2720268304/How+To+-+Github+Automation+Guidelines) add a github and dependabot secret for AUTO_MERGE_TOKEN
+- Open a pull request on the new repository that seeds the secret baseline file `detect-secrets scan > .secrets.baseline` as well as a sensible README.md
+- **Update** the .github/template-sync.yml file in [kong/template-generic](https://github.com/Kong/template-generic) repository with the **cloned repository name** to enable template sync changes