Merge pull request #1 from negz/main

Scaffold out the project

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug Report
+about: Help us diagnose and fix bugs in Crossplane
+labels: bug
+---
+<!--
+Thank you for helping to improve Crossplane!
+
+Please be sure to search for open issues before raising a new one. We use issues
+for bug reports and feature requests. Please find us at https://slack.crossplane.io
+for questions, support, and discussion.
+-->
+
+### What happened?
+<!--
+Please let us know what behaviour you expected and how Crossplane diverged from
+that behaviour.
+-->
+
+
+### How can we reproduce it?
+<!--
+Help us to reproduce your bug as succinctly and precisely as possible. Artifacts
+such as example manifests or a script that triggers the issue are highly
+appreciated!
+-->
+
+### What environment did it happen in?
+Crossplane version: 
+
+<!--
+Include at least the version or commit of Crossplane you were running. Consider
+also including your:
+
+* Cloud provider or hardware configuration
+* Kubernetes version (use `kubectl version`)
+* Kubernetes distribution (e.g. Tectonic, GKE, OpenShift)
+* OS (e.g. from /etc/os-release)
+* Kernel (e.g. `uname -a`)
+-->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,24 @@
+---
+name: Feature Request
+about: Help us make Crossplane more useful
+labels: enhancement
+---
+<!--
+Thank you for helping to improve Crossplane!
+
+Please be sure to search for open issues before raising a new one. We use issues
+for bug reports and feature requests. Please find us at https://slack.crossplane.io
+for questions, support, and discussion.
+-->
+
+### What problem are you facing?
+<!--
+Please tell us a little about your use case - it's okay if it's hypothetical!
+Leading with this context helps frame the feature request so we can ensure we
+implement it sensibly.
+--->
+
+### How could Crossplane help solve your problem?
+<!--
+Let us know how you think Crossplane could help with your use case. 
+-->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,35 @@
+<!--
+Thank you for helping to improve Crossplane!
+
+Please read through https://git.io/fj2m9 if this is your first time opening a
+Crossplane pull request. Find us in https://slack.crossplane.io/messages/dev if
+you need any help contributing.
+-->
+
+### Description of your changes
+
+<!--
+Briefly describe what this pull request does. Be sure to direct your reviewers'
+attention to anything that needs special consideration.
+
+We love pull requests that resolve an open Crossplane issue. If yours does, you
+can uncomment the below line to indicate which issue your PR fixes, for example
+"Fixes #500":
+
+-->
+Fixes #
+
+I have:
+
+- [ ] Read and followed Crossplane's [contribution process].
+- [ ] Run `make reviewable` to ensure this PR is ready for review.
+
+### How has this code been tested
+
+<!--
+Before reviewers can be confident in the correctness of this pull request, it
+needs to tested and shown to be correct. Briefly describe the testing that has
+already been done or which is planned for this change.
+-->
+
+[contribution process]: https://git.io/fj2m9

.github/renovate.json5

@@ -0,0 +1,104 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "config:base",
+ "helpers:pinGitHubActionDigests"
+ ],
+// We only want renovate to rebase PRs when they have conflicts,
+// default "auto" mode is not required.
+ "rebaseWhen": "conflicted",
+// The maximum number of PRs to be created in parallel
+ "prConcurrentLimit": 5,
+ "postUpdateOptions": ["gomodTidy"],
+// By default renovate will auto detect whether semantic commits have been used
+// in the recent history and comply with that, we explicitly disable it
+ "semanticCommits": "disabled",
+// All PRs should have a label
+ "labels": ["automated"],
+ "regexManagers": [
+ {
+ "description": "Bump Go version ued in workflows",
+ "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$"],
+ "matchStrings": [
+ "GO_VERSION: '(?<currentValue>.*?)'\\n"
+ ],
+ "datasourceTemplate": "golang-version",
+ "depNameTemplate": "golang"
+ }, {
+ "description": "Bump golangci-lint version in workflows and the Makefile",
+ "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$","^Makefile$"],
+ "matchStrings": [
+ "GOLANGCI_VERSION: 'v(?<currentValue>.*?)'\\n",
+ "GOLANGCILINT_VERSION = (?<currentValue>.*?)\\n"
+ ],
+ "datasourceTemplate": "github-tags",
+ "depNameTemplate": "golangci/golangci-lint",
+ "extractVersionTemplate": "^v(?<version>.*)$"
+ }, {
+ "description": "Bump Go required version in workflows and the Makefile",
+ "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$", "^Makefile$"],
+ "matchStrings": [
+ "GO_REQUIRED_VERSION = (?<currentValue>.*?)\\n",
+ ],
+ "datasourceTemplate": "golang-version",
+ "depNameTemplate": "golang",
+ "versioningTemplate": "loose",
+ "extractVersionTemplate": "^(?<version>\\d+\\.\\d+)"
+ }
+ ],
+// PackageRules disabled below should be enabled in case of vulnerabilities
+ "vulnerabilityAlerts": {
+ "enabled": true
+ },
+ "osvVulnerabilityAlerts": true,
+ "packageRules": [
+ {
+ "description": "Only get docker image updates every 2 weeks to reduce noise",
+ "matchDatasources": ["docker"],
+ "schedule": ["every 2 week on monday"],
+ "enabled": true,
+ }, {
+ "description": "Ignore k8s.io/client-go older versions, they switched to semantic version and old tags are still available in the repo",
+ "matchDatasources": [
+ "go"
+ ],
+ "matchDepNames": [
+ "k8s.io/client-go"
+ ],
+ "allowedVersions": "<1.0"
+ }, {
+ "description": "Only get dependency digest updates every month to reduce noise",
+ "matchDatasources": [
+ "go"
+ ],
+ "matchUpdateTypes": [
+ "digest",
+ ],
+ "extends": ["schedule:monthly"],
+ }, {
+ "description": "Single PR for all kubernetes dependency updates, as they usually are all linked",
+ "matchDatasources": [
+ "go"
+ ],
+ "groupName": "kubernetes deps",
+ "matchUpdateTypes": [
+ "major",
+ "minor",
+ "patch"
+ ],
+ "matchPackagePrefixes": [
+ "k8s.io",
+ "sigs.k8s.io"
+ ]
+ }, {
+ "description": "Ignore oss-fuzz, it's not using tags, we'll stick to master",
+ "matchDepTypes": [
+ "action"
+ ],
+ "matchDepNames": [
+ "google/oss-fuzz"
+ ],
+ "enabled": false
+ }
+ ]
+}

.github/stale.yml

@@ -0,0 +1,38 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 90
+
+# Number of days of inactivity before a stale Issue or Pull Request is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 7
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+ - security
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Label to use when marking as stale
+staleLabel: wontfix
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+ This issue has been automatically marked as stale because it has not had
+ recent activity. It will be closed if no further activity occurs. Thank you
+ for your contributions.
+
+# Comment to post when closing a stale Issue or Pull Request.
+closeComment: >
+ This issue has been automatically closed due to inactivity. Please re-open
+ if this still requires investigation.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+# Limit to only `issues` or `pulls`
+only: issues

.github/workflows/backport.yml

@@ -0,0 +1,33 @@
+name: Backport
+
+on:
+ # NOTE(negz): This is a risky target, but we run this action only when and if
+ # a PR is closed, then filter down to specifically merged PRs. We also don't
+ # invoke any scripts, etc from within the repo. I believe the fact that we'll
+ # be able to review PRs before this runs makes this fairly safe.
+ # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+ pull_request_target:
+ types: [closed]
+ # See also commands.yml for the /backport triggered variant of this workflow.
+
+jobs:
+ # NOTE(negz): I tested many backport GitHub actions before landing on this
+ # one. Many do not support merge commits, or do not support pull requests with
+ # more than one commit. This one does. It also handily links backport PRs with
+ # new PRs, and provides commentary and instructions when it can't backport.
+ # The main gotchas with this action are that it _only_ supports merge commits,
+ # and that PRs _must_ be labelled before they're merged to trigger a backport.
+ open-pr:
+ runs-on: ubuntu-22.04
+ if: github.event.pull_request.merged
+ steps:
+ - name: Checkout
+ uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+ with:
+ fetch-depth: 0
+
+ - name: Open Backport PR
+ uses: zeebe-io/backport-action@bd68141f079bd036e45ea8149bc9d174d5a04703 # v1.4.0
+ with:
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ github_workspace: ${{ github.workspace }}