Adding github templates and workflow

Signed-off-by: oumkale <[email protected]>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,90 @@
+---
+name: "🐛 Bug Report"
+description: Create a report to help us improve
+labels: [bug]
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the bug
+      description: What is the problem? A clear and concise description of the bug.
+    validations:
+      required: true
+
+  - type: textarea
+    id: current
+    attributes:
+      label: Current behavior
+      description: |
+        Please include full errors, uncaught exceptions, screenshots, and relevant logs.
+        Using environment variable JFROG_CLI_LOG_LEVEL="DEBUG" upon running the command will provide more log information.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Reproduction steps
+      description: |
+        Provide steps to reproduce the behavior.
+    validations:
+      required: false
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: |
+        What did you expect to happen?
+    validations:
+      required: false
+
+  - type: input
+    id: jfrog-registry-operator-version
+    attributes:
+      label: JFrog registry operator version
+    validations:
+      required: true
+
+  - type: input
+    id: package-manager
+    attributes:
+      label: Package manager info
+      description: |
+        Which package manager name and version is used to build the project?
+        What's the name and path of the descriptor file (package.json, pom.xml, etc)?
+    validations:
+      required: true
+
+  - type: dropdown
+    id: git-provider
+    attributes:
+      label: Git provider
+      options:
+        - GitHub
+        - Bitbucket Server
+        - GitLab
+        - Azure DevOps
+    validations:
+      required: true
+
+  - type: textarea
+    id: jfrog-registry-operator-yaml
+    attributes:
+      label: JFrog registry operator configuration yaml file
+    validations:
+      required: false
+
+  - type: input
+    id: os-version
+    attributes:
+      label: Operating system type and version
+    validations:
+      required: true
+
+  - type: input
+    id: xr-version
+    attributes:
+      label: JFrog Xray version
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: ⭐️ Feature request
+about: Suggest an idea for this project
+title: ""
+labels: feature request
+assignees: ""
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like to see**
+A clear and concise description of the new feature.
+
+**Describe alternatives you've considered**
+If applicable, a clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,7 @@
+---
+name: ❓ Question
+about: Ask a question
+title: ""
+labels: question
+assignees: ""
+---

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,5 @@
+- [ ] All [tests](https://github.com/jfrog/jfrog-registry-operator#tests) passed. If this feature is not already covered by the tests, I added new tests.
+- [ ] This pull request is on the dev branch.
+- [ ] I used gofmt for formatting the code before submitting the pull request.
+---
+

.github/release.yml

@@ -0,0 +1,20 @@
+changelog:
+  exclude:
+    labels:
+      - ignore for release
+  categories:
+    - title: Breaking Changes 🚨
+      labels:
+        - breaking change
+    - title: Exciting New Features 🎉
+      labels:
+        - new feature
+    - title: Improvements 🌱
+      labels:
+        - improvement
+    - title: Bug Fixes 🛠
+      labels:
+        - bug
+    - title: Other Changes 📚
+      labels:
+        - "*"

.github/workflows/frogbot-scan-pull-request.yml

@@ -0,0 +1,123 @@
+name: "Jfrog Registry Operator Scan Pull Request"
+on:
+  pull_request_target:
+    types: [ opened, synchronize ]
+permissions:
+  pull-requests: write
+  contents: read
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    # A pull request needs to be approved before jfrog-registry-operator scans it. Any GitHub user who is associated with the
+    # "jfrog-registry-operator" GitHub environment can approve the pull request to be scanned.
+    environment: jfrog-registry-operator
+    steps:
+      - uses: jfrog/jfrog-registry-operator@v2
+        env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+          # [Mandatory]
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+          JF_URL: ${{ secrets.OPERATOR_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token is automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Optional, default: https://api.github.com]
+          # API endpoint to GitHub
+          # JF_GIT_API_ENDPOINT: https://github.example.com
+
+          # [Optional]
+          # By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools
+          # needed from https://releases.jfrog.io
+          # If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the
+          # executable to be downloaded from an Artifactory instance, which the machine has access to:
+          #
+          # 1. Login to the Artifactory UI, with a user who has admin credentials.
+          # 2. Create a Remote Repository with the following properties set.
+          #    Under the 'Basic' tab:
+          #       Package Type: Generic
+          #       URL: https://releases.jfrog.io
+          #    Under the 'Advanced' tab:
+          #       Uncheck the 'Store Artifacts Locally' option
+          # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
+          # JF_RELEASES_REPO: ""
+
+          # [Optional]
+          # Configure the SMTP server to enable jfrog-registry-operator to send emails with detected secrets in pull request scans.
+          # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
+          JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }}
+
+          # [Mandatory if JF_SMTP_SERVER is set]
+          # The username required for authenticating with the SMTP server.
+          JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }}
+
+          # [Mandatory if JF_SMTP_SERVER is set]
+          # The password associated with the username required for authentication with the SMTP server.
+          JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }}
+
+          # [Optional]
+          # List of comma separated email addresses to receive email notifications about secrets
+          # detected during pull request scanning. The notification is also sent to the email set
+          # in the committer git profile regardless of whether this variable is set or not.
+          JF_EMAIL_RECEIVERS: "[email protected]"
+
+          ##########################################################################
+          ##   If your project uses a 'jfrog-registry-operator-config.yml' file, you can define   ##
+          ##   the following variables inside the file, instead of here.          ##
+          ##########################################################################
+
+          # [Mandatory if the two conditions below are met]
+          # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies
+          # 2. The `installCommand` variable isn't set in your jfrog-registry-operator-config.yml file.
+          #
+          # The command that installs the project dependencies (e.g "nuget restore")
+          # JF_INSTALL_DEPS_CMD: ""
+
+          # [Optional, default: "."]
+          # Relative path to the root of the project in the Git repository
+          # JF_WORKING_DIR: path/to/project/dir
+
+          # [Optional]
+          # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
+          # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
+
+          # [Optional]
+          # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
+          # JF_PROJECT: <project-key>
+
+          # [Optional, default: "FALSE"]
+          # Displays all existing vulnerabilities, including the ones that were added by the pull request.
+          # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"
+
+          # [Optional, default: "FALSE"]
+          # When adding new comments on pull requests, keep old comments that were added by previous scans.
+          # JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE"
+
+          # [Optional, default: "TRUE"]
+          # Fails the jfrog-registry-operator task if any security issue is found.
+          # JF_FAIL: "FALSE"
+
+          # [Optional]
+          # Jfrog-registry-operator will download the project dependencies if they're not cached locally. To download the
+          # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
+          # need to set this value, if it is set in the jfrog-registry-operator-config.yml file.
+          # JF_DEPS_REPO: ""
+
+          # [Optional, Default: "FALSE"]
+          # If TRUE, Jfrog-registry-operator creates a single pull request with all the fixes.
+          # If false, Jfrog-registry-operator creates a separate pull request for each fix.
+          # JF_GIT_AGGREGATE_FIXES: "FALSE"
+
+          # [Optional, Default: "FALSE"]
+          # Handle vulnerabilities with fix versions only
+          # JF_FIXABLE_ONLY: "TRUE"
+
+          # [Optional]
+          # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
+          # The following values are accepted: Low, Medium, High or Critical
+          # JF_MIN_SEVERITY: ""

.github/workflows/frogbot-scan-repository.yml

@@ -0,0 +1,118 @@
+name: "Jfrog Registry Operator Scan Repository"
+on:
+  workflow_dispatch:
+  schedule:
+    # The repository will be scanned once a day at 00:00 GMT.
+    - cron: "0 0 * * *"
+permissions:
+  contents: write
+  pull-requests: write
+  security-events: write
+jobs:
+  scan-repository:
+    runs-on: ubuntu-latest
+    name: Scan Repository (${{ matrix.branch }} branch)
+    strategy:
+      matrix:
+        # The repository scanning will be triggered periodically on the following branches.
+        branch: [ "dev" ]
+    steps:
+      - uses: jfrog/jfrog-registry-operator@v2
+        env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+          # [Mandatory]
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+          JF_URL: ${{ secrets.OPERATOR_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token is automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Mandatory]
+          # The name of the branch on which jfrog-registry-operator will perform the scan
+          JF_GIT_BASE_BRANCH: ${{ matrix.branch }}
+
+          # [Optional, default: https://api.github.com]
+          # API endpoint to GitHub
+          # JF_GIT_API_ENDPOINT: https://github.example.com
+
+          # [Optional]
+          # By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools
+          # needed from https://releases.jfrog.io
+          # If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the
+          # executable to be downloaded from an Artifactory instance, which the machine has access to:
+          #
+          # 1. Login to the Artifactory UI, with a user who has admin credentials.
+          # 2. Create a Remote Repository with the following properties set.
+          #    Under the 'Basic' tab:
+          #       Package Type: Generic
+          #       URL: https://releases.jfrog.io
+          #    Under the 'Advanced' tab:
+          #       Uncheck the 'Store Artifacts Locally' option
+          # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
+          # JF_RELEASES_REPO: ""
+
+          ##########################################################################
+          ##   If your project uses a 'jfrog-registry-operator-config.yml' file, you can define   ##
+          ##   the following variables inside the file, instead of here.          ##
+          ##########################################################################
+
+          # [Optional, default: "."]
+          # Relative path to the root of the project in the Git repository
+          # JF_WORKING_DIR: path/to/project/dir
+
+          # [Optional]
+          # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
+          # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
+
+          # [Optional]
+          # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
+          # JF_PROJECT: <project-key>
+
+          # [Optional, default: "TRUE"]
+          # Fails the jfrog-registry-operator task if any security issue is found.
+          # JF_FAIL: "FALSE"
+
+          # [Optional]
+          # jfrog-registry-operator will download the project dependencies, if they're not cached locally. To download the
+          # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
+          # need to set this value, if it is set in the jfrog-registry-operator-config.yml file.
+          # JF_DEPS_REPO: ""
+
+          # [Optional]
+          # Template for the branch name generated by jfrog-registry-operator when creating pull requests with fixes.
+          # The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
+          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
+          # JF_BRANCH_NAME_TEMPLATE: "jfrog-registry-operator-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}"
+
+          # [Optional]
+          # Template for the commit message generated by jfrog-registry-operator when creating pull requests with fixes
+          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
+          # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+
+          # [Optional]
+          # Template for the pull request title generated by jfrog-registry-operator when creating pull requests with fixes.
+          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
+          # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Jfrog Registry Operator] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+
+          # [Optional, Default: "FALSE"]
+          # If TRUE, jfrog-registry-operator creates a single pull request with all the fixes.
+          # If FALSE, jfrog-registry-operator creates a separate pull request for each fix.
+          # JF_GIT_AGGREGATE_FIXES: "FALSE"
+
+          # [Optional, Default: "FALSE"]
+          # Handle vulnerabilities with fix versions only
+          # JF_FIXABLE_ONLY: "TRUE"
+
+          # [Optional]
+          # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
+          # The following values are accepted: Low, Medium, High or Critical
+          # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: [email protected]]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""