diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 0000000..c14e6a7
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,59 @@
+# Copyright (C) 2024 Alexandre Nicolaie (xunleii@users.noreply.github.com)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+
+# Define automatically the `kind` label based on the changed files and the head branch
+kind::dependencies:
+ - head-branch:
+ - ^renovate\/.+$
+
+kind:documentation:
+ - changed-files:
+ - any-glob-to-any-file: [README.md, LICENSE, docs/**]
+
+kind::kubevault:
+ - all:
+ - changed-files:
+ - any-glob-to-any-file: [Cargo.lock, Cargo.toml, src/**]
+ - head-branch:
+ - ^(?!renovate\/).+$
+
+kind::tests:
+ - all:
+ - changed-files:
+ - any-glob-to-any-file: [tests/**]
+ - head-branch:
+ - ^(?!renovate\/).+$
+
+kind::workflows:
+ - all:
+ - changed-files:
+ - any-glob-to-any-file: [.github/workflows/**]
+ - head-branch:
+ - ^(?!renovate\/).+$
+
+kind::others:
+ - changed-files:
+ - any-glob-to-any-file: "**"
+ - all-globs-to-all-files:
+ - "!.github/workflows/**"
+ - "!Cargo.lock"
+ - "!Cargo.toml"
+ - "!docs/**"
+ - "!LICENSE"
+ - "!README.md"
+ - "!src/**"
+ - "!tests/**"
+ - head-branch:
+ - ^(?!renovate\/).+$
diff --git a/.github/labels.yaml b/.github/labels.yaml
new file mode 100644
index 0000000..e04fea6
--- /dev/null
+++ b/.github/labels.yaml
@@ -0,0 +1,77 @@
+# Copyright (C) 2024 Alexandre Nicolaie (xunleii@users.noreply.github.com)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+
+- name: kind::dependencies
+ description: Dependencies upgrade
+ color: 2B098D
+- name: kind::documentation
+ description: Improvements or additions to documentation
+ color: 0075CA
+- name: kind::kubevault
+ description: Changes on how `kubevault` works (enhancements, bug fixes, etc.)
+ color: A2EEEF
+- name: kind::tests
+ description: Anything related to tests
+ color: 4D76A1
+- name: kind::workflows
+ description: Changes on workflows
+ color: 6A5ACD
+- name: kind::others
+ description: Anything else
+ color: DEDB26
+
+- name: size::XS
+ color: 008000
+- name: size::S
+ color: 008000
+- name: size::M
+ color: FFFF00
+- name: size::L
+ color: FF0000
+- name: size::XL
+ color: FF0000
+
+- name: bug
+ description: Something isn't working
+ color: D73A4A
+- name: duplicate
+ description: This doesn't seem right
+ color: CFD3D7
+- name: good first issue
+ description: Good for newcomers
+ color: 7057FF
+- name: help wanted
+ description: Extra attention is needed
+ color: 008672
+- name: invalid
+ description: This doesn't seem right
+ color: E4E669
+- name: question
+ description: Further information is requested
+ color: D876E3
+- name: wontfix
+ description: This will not be worked on
+ color: FFFFFF
+
+- name: 💖 sponsor
+ description: This issue comes from a sponsor
+ color: FFDBF0
+
+- name: stale
+ description: This issue has not had recent activity
+ color: 6A5ACD
+- name: no-stale
+ description: This issue cannot be marked as stale
+ color: 6A5ACD
diff --git a/.github/workflows/pull_request.automations.yaml b/.github/workflows/pull_request.automations.yaml
new file mode 100644
index 0000000..48bf2c7
--- /dev/null
+++ b/.github/workflows/pull_request.automations.yaml
@@ -0,0 +1,49 @@
+# Copyright (C) 2024 Alexandre Nicolaie (xunleii@users.noreply.github.com)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+---
+name: 🤖 Issue/PR Automation
+on:
+ pull_request:
+ issues:
+ types: [opened]
+
+permissions: {}
+
+jobs:
+ labeler:
+ name: 🏷️ Labeler
+ if: github.event_name == 'pull_request'
+ permissions:
+ contents: read
+ pull-requests: write
+
+ runs-on: ubuntu-latest
+ steps:
+ - name: 🏷️ Apply label on PR
+ uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+
+ sponsor:
+ name: 💖 Sponsor
+ if: github.event.action == 'opened'
+ permissions:
+ pull-requests: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: 💖 Add sponsor label
+ uses: JasonEtco/is-sponsor-label-action@70b4efb770e0ea4a7e9d4eff63bb5c89732a7819 # main
+ with:
+ labels: 💖 sponsor
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/push,schedule.sync-labels.yaml b/.github/workflows/push,schedule.sync-labels.yaml
new file mode 100644
index 0000000..917a712
--- /dev/null
+++ b/.github/workflows/push,schedule.sync-labels.yaml
@@ -0,0 +1,42 @@
+# Copyright (C) 2024 Alexandre Nicolaie (xunleii@users.noreply.github.com)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+---
+name: 🏷️ Sync Github labels
+
+on:
+ push:
+ branches: [master]
+ paths: [.github/labels.yaml, .github/workflows/sync-labels.yaml]
+ schedule:
+ - cron: 0 0 * * *
+
+permissions: {}
+
+jobs:
+ labeler:
+ name: 🏷️ Labeler
+ runs-on: ubuntu-latest
+ steps:
+ - name: ⬇️ Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ with:
+ fetch-depth: 0
+ - name: 🏷️ Sync Github labels with the definition
+ uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ manifest: .github/labels.yaml
+ prune: true
diff --git a/.github/workflows/push.trunk_merge.yaml b/.github/workflows/push.trunk_merge.yaml
new file mode 100644
index 0000000..9cedc6c
--- /dev/null
+++ b/.github/workflows/push.trunk_merge.yaml
@@ -0,0 +1,56 @@
+# Copyright (C) 2024 Alexandre Nicolaie (xunleii@users.noreply.github.com)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+---
+name: ⛔ Trunk validation for Rust
+on:
+ push:
+ branches:
+ - trunk-merge/**
+
+permissions: {}
+
+jobs:
+ trunk:
+ name: ✅ Validate code quality
+ permissions:
+ contents: read
+ checks: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: ⬇️ Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ # - name: ✏️ Overrides Trunk configuration for Github Action
+ # run: mv .trunk/gha.yaml .trunk/user.yaml
+ - name: ⚡️ Run `trunk check`
+ uses: trunk-io/trunk-action@86b68ffae610a05105e90b1f52ad8c549ef482c2 # v1.1.16
+ ci_harden_security:
+ name: 🔒️ Github Action security hardening
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ steps:
+ - name: ⬇️ Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ - name: 📄 Lint Github Actions
+ run: |
+ curl -O https://raw.githubusercontent.com/rhysd/actionlint/4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3/.github/actionlint-matcher.json
+
+ echo "::add-matcher::actionlint-matcher.json"
+ bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3/scripts/download-actionlint.bash)
+ ./actionlint -color
+
+ - name: ✅ Ensure SHA pinned actions
+ uses: zgosalvez/github-actions-ensure-sha-pinned-actions@40e45e738b3cad2729f599d8afc6ed02184e1dbd # v3.0.5
diff --git a/.trunk/configs/svgo.config.js b/.trunk/configs/svgo.config.js
new file mode 100644
index 0000000..b257d13
--- /dev/null
+++ b/.trunk/configs/svgo.config.js
@@ -0,0 +1,14 @@
+module.exports = {
+ plugins: [
+ {
+ name: "preset-default",
+ params: {
+ overrides: {
+ removeViewBox: false, // https://github.com/svg/svgo/issues/1128
+ sortAttrs: true,
+ removeOffCanvasPaths: true,
+ },
+ },
+ },
+ ],
+};
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
index 0b47091..3c5a5ed 100644
--- a/.trunk/trunk.yaml
+++ b/.trunk/trunk.yaml
@@ -14,21 +14,25 @@ runtimes:
enabled:
- node@18.12.1
- python@3.10.8
+
# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
lint:
disabled:
- checkov
+ - trufflehog # hang unexpectedly and trivy is already enabled
- vale
enabled:
+ - actionlint@1.7.1
+ - clippy@1.80.0
+ - svgo@3.3.2
- git-diff-check
- hadolint@2.12.0
- markdownlint@0.41.0
- osv-scanner@1.8.2
- prettier@3.3.3
- - rustfmt@1.65.0
+ - rustfmt@1.80.0
- taplo@0.9.3
- trivy@0.54.1
- - trufflehog@3.80.5
- yamllint@1.35.1
ignore:
- linters: [ALL]
@@ -40,3 +44,8 @@ actions:
- trunk-check-pre-push
- trunk-fmt-pre-commit
- trunk-upgrade-available
+
+merge:
+ required_statuses:
+ - ✅ Validate code quality
+ - 🔒️ Github Action security hardening
diff --git a/docs/assets/kubevault.svg b/docs/assets/kubevault.svg
index 86dfacd..4eb2fca 100644
--- a/docs/assets/kubevault.svg
+++ b/docs/assets/kubevault.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
\ No newline at end of file