Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
zabil authored Oct 17, 2024
0 parents commit 0029cac
Show file tree
Hide file tree
Showing 72 changed files with 4,836 additions and 0 deletions.
35 changes: 35 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<!--
Thank you for helping to improve Crossplane!
Please read through https://git.io/fj2m9 if this is your first time opening a
Crossplane pull request. Find us in https://slack.crossplane.io/messages/dev if
you need any help contributing.
-->

### Description of your changes

<!--
Briefly describe what this pull request does. Be sure to direct your reviewers'
attention to anything that needs special consideration.
We love pull requests that resolve an open Crossplane issue. If yours does, you
can uncomment the below line to indicate which issue your PR fixes, for example
"Fixes #500":
-->
Fixes #

I have:

- [ ] Read and followed Crossplane's [contribution process].
- [ ] Run `make reviewable test` to ensure this PR is ready for review.

### How has this code been tested

<!--
Before reviewers can be confident in the correctness of this pull request, it
needs to tested and shown to be correct. Briefly describe the testing that has
already been done or which is planned for this change.
-->

[contribution process]: https://git.io/fj2m9
139 changes: 139 additions & 0 deletions .github/renovate.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
],
// The maximum number of PRs to be created in parallel
"prConcurrentLimit": 5,
// The branches renovate should target
"baseBranches": ["main"],
"ignorePaths": ["design/**"],
"postUpdateOptions": ["gomodTidy"],
// By default renovate will auto detect whether semantic commits have been used
// in the recent history and comply with that, we explicitly disable it
"semanticCommits": "disabled",
// All PRs should have a label
"labels": ["automated"],
"regexManagers": [
{
// We want a PR to bump Go versions used through env variables in any Github
// Actions, taking it from the official Github repository.
"fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$"],
"matchStrings": [
"GO_VERSION: '(?<currentValue>.*?)'\\n"
],
"datasourceTemplate": "golang-version",
"depNameTemplate": "golang"
}, {
// We want a PR to bump golangci-lint versions used through env variables in
// any Github Actions, taking it from the official Github repository tags.
"fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$"],
"matchStrings": [
"GOLANGCI_VERSION: '(?<currentValue>.*?)'\\n"
],
"datasourceTemplate": "github-tags",
"depNameTemplate": "golangci/golangci-lint"
}
],
// PackageRules disabled below should be enabled in case of vulnerabilities
"vulnerabilityAlerts": {
"enabled": true
},
"packageRules": [
{
// We need to ignore k8s.io/client-go older versions as they switched to
// semantic version and old tags are still available in the repo.
"matchDatasources": [
"go"
],
"matchDepNames": [
"k8s.io/client-go"
],
"allowedVersions": "<1.0"
}, {
// We want a single PR for all the patches bumps of kubernetes related
// dependencies, as most of the times these are all strictly related.
"matchDatasources": [
"go"
],
"groupName": "kubernetes patches",
"matchUpdateTypes": [
"patch",
"digest"
],
"matchPackagePrefixes": [
"k8s.io",
"sigs.k8s.io"
]
}, {
// We want dedicated PRs for each minor and major bumps to kubernetes related
// dependencies.
"matchDatasources": [
"go"
],
"matchUpdateTypes": [
"major",
"minor"
],
"matchPackagePrefixes": [
"k8s.io",
"sigs.k8s.io"
]
}, {
// We want dedicated PRs for each bump to non-kubernetes Go dependencies, but
// only if there are known vulnerabilities in the current version.
"matchDatasources": [
"go"
],
"matchPackagePatterns": [
"*"
],
"enabled": false,
"excludePackagePrefixes": [
"k8s.io",
"sigs.k8s.io"
],
"matchUpdateTypes": [
"major",
],
}, {
// We want a single PR for all minor and patch bumps to non-kubernetes Go
// dependencies, but only if there are known vulnerabilities in the current
// version.
"matchDatasources": [
"go"
],
"matchPackagePatterns": [
"*"
],
"enabled": false,
"excludePackagePrefixes": [
"k8s.io",
"sigs.k8s.io"
],
"matchUpdateTypes": [
"minor",
"patch",
"digest"
],
"groupName": "all non-major go dependencies"
}, {
// We want a single PR for all minor and patch bumps of Github Actions
"matchDepTypes": [
"action"
],
"matchUpdateTypes": [
"minor",
"patch"
],
"groupName": "all non-major github action",
"pinDigests": true
},{
// We want dedicated PRs for each major bump to Github Actions
"matchDepTypes": [
"action"
],
"pinDigests": true
}
]
}
15 changes: 15 additions & 0 deletions .github/workflows/backport.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Backport

on:
# NOTE(negz): This is a risky target, but we run this action only when and if
# a PR is closed, then filter down to specifically merged PRs. We also don't
# invoke any scripts, etc from within the repo. I believe the fact that we'll
# be able to review PRs before this runs makes this fairly safe.
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
pull_request_target:
types: [closed]
# See also commands.yml for the /backport triggered variant of this workflow.

jobs:
backport:
uses: upbound/official-providers-ci/.github/workflows/provider-backport.yml@standard-runners
Loading

0 comments on commit 0029cac

Please sign in to comment.