Skip to content

Commit

Permalink
Adding github templates and workflow
Browse files Browse the repository at this point in the history
Signed-off-by: oumkale <[email protected]>
  • Loading branch information
oumkale committed Dec 7, 2023
1 parent ed35c6d commit b7ac714
Show file tree
Hide file tree
Showing 13 changed files with 682 additions and 1 deletion.
90 changes: 90 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
---
name: "🐛 Bug Report"
description: Create a report to help us improve
labels: [bug]
body:
- type: textarea
id: description
attributes:
label: Describe the bug
description: What is the problem? A clear and concise description of the bug.
validations:
required: true

- type: textarea
id: current
attributes:
label: Current behavior
description: |
Please include full errors, uncaught exceptions, screenshots, and relevant logs.
Using environment variable JFROG_CLI_LOG_LEVEL="DEBUG" upon running the command will provide more log information.
validations:
required: true

- type: textarea
id: reproduction
attributes:
label: Reproduction steps
description: |
Provide steps to reproduce the behavior.
validations:
required: false

- type: textarea
id: expected
attributes:
label: Expected behavior
description: |
What did you expect to happen?
validations:
required: false

- type: input
id: jfrog-registry-operator-version
attributes:
label: JFrog registry operator version
validations:
required: true

- type: input
id: package-manager
attributes:
label: Package manager info
description: |
Which package manager name and version is used to build the project?
What's the name and path of the descriptor file (package.json, pom.xml, etc)?
validations:
required: true

- type: dropdown
id: git-provider
attributes:
label: Git provider
options:
- GitHub
- Bitbucket Server
- GitLab
- Azure DevOps
validations:
required: true

- type: textarea
id: jfrog-registry-operator-yaml
attributes:
label: JFrog registry operator configuration yaml file
validations:
required: false

- type: input
id: os-version
attributes:
label: Operating system type and version
validations:
required: true

- type: input
id: xr-version
attributes:
label: JFrog Xray version
validations:
required: false
19 changes: 19 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
name: ⭐️ Feature request
about: Suggest an idea for this project
title: ""
labels: feature request
assignees: ""
---

**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

**Describe the solution you'd like to see**
A clear and concise description of the new feature.

**Describe alternatives you've considered**
If applicable, a clear and concise description of any alternative solutions or features you've considered.

**Additional context**
Add any other context or screenshots about the feature request here.
7 changes: 7 additions & 0 deletions .github/ISSUE_TEMPLATE/question.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
name: ❓ Question
about: Ask a question
title: ""
labels: question
assignees: ""
---
5 changes: 5 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
- [ ] All [tests](https://github.com/jfrog/jfrog-registry-operator#tests) passed. If this feature is not already covered by the tests, I added new tests.
- [ ] This pull request is on the dev branch.
- [ ] I used gofmt for formatting the code before submitting the pull request.
---

20 changes: 20 additions & 0 deletions .github/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
changelog:
exclude:
labels:
- ignore for release
categories:
- title: Breaking Changes 🚨
labels:
- breaking change
- title: Exciting New Features 🎉
labels:
- new feature
- title: Improvements 🌱
labels:
- improvement
- title: Bug Fixes 🛠
labels:
- bug
- title: Other Changes 📚
labels:
- "*"
32 changes: 32 additions & 0 deletions .github/workflows/action-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: "GitHub Action Test"
on:
push:
tags-ignore:
- '**'
pull_request:
jobs:
test:
runs-on: ${{ matrix.os }}
defaults:
run:
working-directory: action
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macOS-latest]
fail-fast: false
steps:
# Checkout and install prerequisites
- name: Checkout
uses: actions/checkout@v4
- name: Setup NodeJS
uses: actions/setup-node@v3
with:
node-version: "16.x"

# Install and run tests
- name: Install
run: npm i
- name: Lint
run: npm run lint
- name: Unit tests
run: npm t
66 changes: 66 additions & 0 deletions .github/workflows/analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
name: "Static Analysis"
on:
push:
tags-ignore:
- '**'
pull_request:
jobs:
Static-Check:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.20.x

- name: Go Cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-

# Generate mocks
- name: Generate mocks
run: go generate ./...

- name: Static Code Analysis
uses: golangci/golangci-lint-action@v3
with:
args: |
--timeout 5m --out-${NO_FUTURE}format colored-line-number --enable errcheck,gosimple,govet,ineffassign,staticcheck,typecheck,unused,gocritic,asasalint,asciicheck,errchkjson,exportloopref,forcetypeassert,makezero,nilerr,unparam,unconvert,wastedassign,usestdlibvars
Go-Sec:
runs-on: ubuntu-latest
env:
GOFLAGS: -buildvcs=false
steps:
- name: Checkout Source
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.20.x

- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: -exclude=G204,G301,G302,G304,G306 -exclude-dir=\.*test\.* ./...

ShellCheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v4

- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
with:
ignore_paths:
.husky
*test*
123 changes: 123 additions & 0 deletions .github/workflows/frogbot-scan-pull-request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
name: "Jfrog Registry Operator Scan Pull Request"
on:
pull_request_target:
types: [ opened, synchronize ]
permissions:
pull-requests: write
contents: read
jobs:
scan-pull-request:
runs-on: ubuntu-latest
# A pull request needs to be approved before jfrog-registry-operator scans it. Any GitHub user who is associated with the
# "jfrog-registry-operator" GitHub environment can approve the pull request to be scanned.
environment: jfrog-registry-operator
steps:
- uses: jfrog/jfrog-registry-operator@v2
env:
JFROG_CLI_LOG_LEVEL: "DEBUG"
# [Mandatory]
# JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
JF_URL: ${{ secrets.OPERATOR_URL }}

# [Mandatory if JF_USER and JF_PASSWORD are not provided]
# JFrog access token with 'read' permissions on Xray service
JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }}

# [Mandatory]
# The GitHub token is automatically generated for the job
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# [Optional, default: https://api.github.com]
# API endpoint to GitHub
# JF_GIT_API_ENDPOINT: https://github.example.com

# [Optional]
# By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools
# needed from https://releases.jfrog.io
# If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the
# executable to be downloaded from an Artifactory instance, which the machine has access to:
#
# 1. Login to the Artifactory UI, with a user who has admin credentials.
# 2. Create a Remote Repository with the following properties set.
# Under the 'Basic' tab:
# Package Type: Generic
# URL: https://releases.jfrog.io
# Under the 'Advanced' tab:
# Uncheck the 'Store Artifacts Locally' option
# 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
# JF_RELEASES_REPO: ""

# [Optional]
# Configure the SMTP server to enable jfrog-registry-operator to send emails with detected secrets in pull request scans.
# SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }}

# [Mandatory if JF_SMTP_SERVER is set]
# The username required for authenticating with the SMTP server.
JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }}

# [Mandatory if JF_SMTP_SERVER is set]
# The password associated with the username required for authentication with the SMTP server.
JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }}

# [Optional]
# List of comma separated email addresses to receive email notifications about secrets
# detected during pull request scanning. The notification is also sent to the email set
# in the committer git profile regardless of whether this variable is set or not.
JF_EMAIL_RECEIVERS: "[email protected]"

##########################################################################
## If your project uses a 'jfrog-registry-operator-config.yml' file, you can define ##
## the following variables inside the file, instead of here. ##
##########################################################################

# [Mandatory if the two conditions below are met]
# 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies
# 2. The `installCommand` variable isn't set in your jfrog-registry-operator-config.yml file.
#
# The command that installs the project dependencies (e.g "nuget restore")
# JF_INSTALL_DEPS_CMD: ""

# [Optional, default: "."]
# Relative path to the root of the project in the Git repository
# JF_WORKING_DIR: path/to/project/dir

# [Optional]
# Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
# JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

# [Optional]
# JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
# JF_PROJECT: <project-key>

# [Optional, default: "FALSE"]
# Displays all existing vulnerabilities, including the ones that were added by the pull request.
# JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"

# [Optional, default: "FALSE"]
# When adding new comments on pull requests, keep old comments that were added by previous scans.
# JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE"

# [Optional, default: "TRUE"]
# Fails the jfrog-registry-operator task if any security issue is found.
# JF_FAIL: "FALSE"

# [Optional]
# Jfrog-registry-operator will download the project dependencies if they're not cached locally. To download the
# dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
# need to set this value, if it is set in the jfrog-registry-operator-config.yml file.
# JF_DEPS_REPO: ""

# [Optional, Default: "FALSE"]
# If TRUE, Jfrog-registry-operator creates a single pull request with all the fixes.
# If false, Jfrog-registry-operator creates a separate pull request for each fix.
# JF_GIT_AGGREGATE_FIXES: "FALSE"

# [Optional, Default: "FALSE"]
# Handle vulnerabilities with fix versions only
# JF_FIXABLE_ONLY: "TRUE"

# [Optional]
# Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
# The following values are accepted: Low, Medium, High or Critical
# JF_MIN_SEVERITY: ""
Loading

0 comments on commit b7ac714

Please sign in to comment.