Initial commit

.aicoe-ci.yaml

@@ -0,0 +1 @@
+check: []

.env.example

@@ -0,0 +1,9 @@
+# The ID of your GitHub App
+APP_ID=
+WEBHOOK_SECRET=development
+
+# Use `trace` to get verbose logging or `info` to show less
+LOG_LEVEL=debug
+
+# Go to https://smee.io/new set this to the URL that you are redirected to.
+WEBHOOK_PROXY_URL=

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,24 @@
+---
+name: Bug report
+about: Create a report to help us improve
+labels: kind/bug
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+labels: kind/feature
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/promote.md

@@ -0,0 +1,8 @@
+---
+name: Promote stage images to prod
+about: "⚠ Maintainers only. Schedule environment promotion."
+title: Promote `stage` environment to `prod`
+labels: kind/promote, bot
+---
+
+Promote `stage` to `prod`, please.

.github/ISSUE_TEMPLATE/release.md

@@ -0,0 +1,8 @@
+---
+name: Trigger a new release
+about: "⚠ Maintainers only. Schedule repo for a semantic release."
+title: New semantic release
+labels: kind/release, bot
+---
+
+Create a new release, please.

.github/ISSUE_TEMPLATE/security.md

@@ -0,0 +1,17 @@
+---
+name: Report vulnerability
+about: There's a security problem that requires our immediate attention
+labels: kind/security
+---
+
+**Describe how is our service vulnerable**
+A clear and concise description of what the problem is.
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/actions/build/action.yaml

@@ -0,0 +1,25 @@
+name: Build
+description: Build Probot controller container as an S2I image
+inputs:
+  tags:
+    type: string
+    default: ${{ github.sha }}
+  image:
+    type: string
+    default: controller
+runs:
+  using: "composite"
+  steps:
+    - name: Read S2I base image
+      id: s2ibase
+      uses: juliangruber/read-file-action@v1
+      with:
+        path: ./.s2ibase
+
+    - name: S2I Build
+      uses: redhat-actions/s2i-build@v2
+      with:
+        path_context: "."
+        builder_image: "${{ steps.s2ibase.outputs.content }}"
+        image: "${{ inputs.image }}"
+        tags: "${{ inputs.tags }}"

.github/actions/check-maintainer-role/action.yaml

@@ -0,0 +1,63 @@
+name: Check actor's maintainer role
+description: Check if actor is has write permission to the repo and report back in a comment
+inputs:
+  success:
+    required: true
+    type: string
+  failure:
+    required: true
+    type: string
+  label:
+    required: true
+    type: string
+  token:
+    required: true
+    type: string
+outputs:
+  comment-id:
+    description: "ID of the comment created on target issue"
+    value: ${{ steps.comment.outputs.comment-id }}
+runs:
+  using: "composite"
+  steps:
+    - name: Check if user has write access
+      uses: lannonbr/[email protected]
+      continue-on-error: true
+      id: access
+      with:
+        permission: write
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+
+    - name: Check issue label
+      if: ${{ !contains(github.event.issue.labels.*.name, inputs.label) }}
+      continue-on-error: true
+      id: releaseLabel
+      shell: bash
+      run: exit 1
+
+    - name: Close Issue
+      uses: peter-evans/close-issue@v2
+      if: ${{ !steps.access.outcome == 'failure' && steps.releaseLabel.outcome == 'success' }}
+      with:
+        issue-number: ${{ github.event.issue.number }}
+        body: |
+          ⛔ You're not a maintainer @${{ github.event.issue.user.id }}. ${{ inputs.failure }}
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+
+    - name: Exit on failure
+      if: ${{ steps.access.outcome == 'failure' || steps.releaseLabel.outcome == 'failure' }}
+      shell: bash
+      run: exit 1
+
+    - name: Create success comment
+      uses: peter-evans/create-or-update-comment@v2
+      if: ${{ success() }}
+      id: comment
+      with:
+        issue-number: ${{ github.event.issue.number }}
+        body: |
+          🚀 ${{ inputs.success }} from ${{ github.sha }}. Job started [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}).
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}

.github/actions/set-expiration/action.yaml

@@ -0,0 +1,26 @@
+name: Set Quay.io image expiration
+description: Set Quay.io image expiration
+inputs:
+  tag:
+    description: Tag to be updated
+    required: true
+  expiration:
+    description: Date parameter passed as date -d, set to false if you want to unset expiration
+  repository:
+    description: Quay.io repository in format org/repo
+    required: true
+  token:
+    description: Quay.io OAuth token
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Set Quay.io image expiration
+      shell: bash
+      run: |
+        [ "${{ inputs.expiration }}" = "false" ] && expiration=null || expiration=$(date +"%s" -d "${{ inputs.expiration }}")
+        curl -X PUT \
+             -d "{\"expiration\":$expiration}" \
+             -H 'Content-Type: application/json' \
+             -H "Authorization: Bearer ${{ inputs.token }}" \
+             https://quay.io/api/v1/repository/${{ inputs.repository }}/tag/${{ inputs.tag }}

.github/actions/test/action.yaml

@@ -0,0 +1,31 @@
+name: Test
+description: Test Node.js package
+runs:
+  using: "composite"
+  steps:
+    - name: Read Node.js version
+      id: node_version
+      uses: juliangruber/read-file-action@v1
+      with:
+        path: ./.nvmrc
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v3
+      with:
+        node-version: "${{ steps.node_version.outputs.content }}"
+
+    - name: Cache Node.js modules
+      uses: actions/cache@v3
+      with:
+        path: ~/.npm
+        key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.OS }}-node-
+
+    - name: Install dependencies
+      shell: bash
+      run: npm ci
+
+    - name: Run tests
+      shell: bash
+      run: npm test

.github/renovate.json

@@ -0,0 +1,26 @@
+{
+    "extends": [
+        "config:js-app",
+        ":gitSignOff",
+        "group:allNonMajor",
+        "group:linters",
+        "group:semantic-releaseMonorepo"
+    ],
+    "npm": {
+        "stabilityDays": 3
+    },
+    "packageRules": [
+        {
+            "matchManagers": [
+                "kustomize"
+            ],
+            "enabled": false
+        },
+        {
+            "matchManagers": [
+                "github-actions"
+            ],
+            "groupName": "GitHub Actions"
+        }
+    ]
+}

.github/workflows/pr.yaml

@@ -0,0 +1,24 @@
+name: Pull request
+
+on: pull_request
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Test
+        uses: ./.github/actions/test
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build
+        uses: ./.github/actions/build

.github/workflows/promote.yaml

@@ -0,0 +1,64 @@
+name: Promote
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  promote:
+    name: Promote
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Check actor's permissions
+        uses: ./.github/actions/check-maintainer-role
+        id: check-promote
+        with:
+          success: Promotion issue noticed. Promotion triggered
+          failure: You can't trigger a environment promotion
+          label: kind/promote
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get images used in stage
+        uses: mikefarah/yq@master
+        id: stage
+        with:
+          cmd: yq e ".images" manifests/overlays/stage/kustomization.yaml
+
+      - name: Use stage images in prod
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq e -i '.images=(strenv(IMAGES) | from_yaml)' manifests/overlays/prod/kustomization.yaml
+        env:
+          IMAGES: ${{ steps.stage.outputs.result }}
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        id: pr
+        with:
+          commit-message: "chore(manifests): Promote staging to prod"
+          title: "chore(manifests): Promote staging to prod"
+          branch: "promote/${{ github.event.issue.number }}"
+          delete-branch: true
+          author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
+          body: |
+            Closes: ${{ github.event.issue.html_url }}
+
+            :up: Bumps `prod` overlay to use new images (copied from `stage`):
+
+            ```yaml
+            ${{ steps.stage.outputs.result }}
+            ```
+
+      - name: Create success comment
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          comment-id: ${{ steps.check-promote.outputs.comment-id }}
+          body: |
+            🙏 Promote pull request created at ${{ steps.pr.outputs.pull-request-url }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}