Merge branch 'main' into fix/resolve_vulnerabilities

Author: PhBouzid

.editorconfig

@@ -0,0 +1,35 @@
+root = true
+
+[{*,.*}]
+charset = utf-8
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.sh]
+end_of_line = lf
+
+[{*.bat,*.cmd}]
+end_of_line = crlf
+
+[*.go]
+# gofmt defaults to LF for all the platforms: https://github.com/golang/go/issues/16355
+end_of_line = lf
+
+[*.md]
+# Trailing whitespace is important in Markdown (they distinguish a new line from a new paragraph)
+eclint_indent_style = unset
+trim_trailing_whitespace = false
+
+[{go.mod,go.sum,*.go,.gitmodules}]
+indent_size = 4
+indent_style = tab
+
+[Dockerfile]
+indent_size = 4
+
+[*.py]
+profile = black
+
+[*.sh]
+indent_size = 4

.gitattributes

@@ -0,0 +1,126 @@
+###############################
+# Qubership common            #
+###############################
+.editorconfig text
+.flake8 text
+.gitattributes text
+.gitignore text
+.helmignore text
+.prettierignore text
+
+*.env text eol=lf
+*.json text
+*.md text
+*.mod text
+*.robot text
+*.sum text
+*.tpl text
+*.txt text
+*.yaml text
+*.yml text
+
+LICENSE text
+Dockerfile text
+
+/CHANGELOG.md merge=union
+/contributors.json merge=union
+/CODE-OF-CONDUCT.md text
+/CONTRIBUTING.md text
+/README.md text
+/SECURITY.md text
+
+###############################
+# Git Line Endings            #
+###############################
+
+# Set default behaviour to automatically normalize line endings.
+* text=auto
+
+
+# Force batch scripts to always use CRLF line endings so that if a repo is accessed
+# in Windows via a file share from Linux, the scripts will work.
+*.{cmd,[cC][mM][dD]} text eol=crlf
+*.{bat,[bB][aA][tT]} text eol=crlf
+
+# Force bash scripts to always use LF line endings so that if a repo is accessed
+# in Unix via a file share from Windows, the scripts will work.
+*.sh text eol=lf
+# gofmt defaults to LF for all the platforms: https://github.com/golang/go/issues/16355
+*.go text eol=lf
+
+##########################################
+# Basic .gitattributes for a Java repo.#
+##########################################
+
+# Java sources
+*.java          text diff=java
+*.kt            text diff=kotlin
+*.groovy        text diff=java
+*.scala         text diff=java
+*.gradle        text diff=java
+*.gradle.kts    text diff=kotlin
+
+# These files are text and should be normalized (Convert crlf => lf)
+*.css           text diff=css
+*.scss          text diff=css
+*.sass          text
+*.df            text
+*.htm           text diff=html
+*.html          text diff=html
+*.js            text
+*.mjs           text
+*.cjs           text
+*.jsp           text
+*.jspf          text
+*.jspx          text
+*.properties    text
+*.tld           text
+*.tag           text
+*.tagx          text
+*.xml           text
+
+# These files are binary and should be left untouched
+# (binary is a macro for -text -diff)
+*.class         binary
+*.dll           binary
+*.ear           binary
+*.jar           binary
+*.so            binary
+*.war           binary
+*.jks           binary
+
+# Common build-tool wrapper scripts ('.cmd' versions are handled by 'Common.gitattributes')
+mvnw            text eol=lf
+gradlew         text eol=lf
+
+##########################################
+# Basic .gitattributes for a python repo.#
+##########################################
+
+# Source files
+# ============
+*.pxd    text diff=python
+*.py     text diff=python
+*.py3    text diff=python
+*.pyw    text diff=python
+*.pyx    text diff=python
+*.pyz    text diff=python
+*.pyi    text diff=python
+
+# Binary files
+# ============
+*.db     binary
+*.p      binary
+*.pkl    binary
+*.pickle binary
+*.pyc    binary export-ignore
+*.pyo    binary export-ignore
+*.pyd    binary
+
+# Jupyter notebook
+*.ipynb  text eol=lf
+
+# Note: .db, .p, and .pkl files are associated
+# with the python modules ``pickle``, ``dbm.*``,
+# ``shelve``, ``marshal``, ``anydbm``, & ``bsddb``
+# (among others).

.github/auto-labeler-config.yaml

@@ -0,0 +1,23 @@
+---
+conventional-commits:
+  - type: 'fix'
+    nouns: ['FIX', 'Fix', 'fix', 'FIXED', 'Fixed', 'fixed']
+    labels: ['bug']
+  - type: 'feature'
+    nouns: ['FEATURE', 'Feature', 'feature', 'FEAT', 'Feat', 'feat']
+    labels: ['enhancement']
+  - type: 'breaking_change'
+    nouns: ['BREAKING CHANGE', 'BREAKING', 'MAJOR']
+    labels: ['breaking-change']
+  - type: 'refactor'
+    nouns: ['refactor', 'Refactor']
+    labels: ['refactor']
+  - type: 'documentation'
+    nouns: ['docs', 'doc', 'document', 'documentation']
+    labels: ['documentation']
+  - type: 'build'
+    nouns: ['build', 'rebuild']
+    labels: ['build']
+  - type: 'config'
+    nouns: ['config', 'conf', 'configuration', 'configure']
+    labels: ['config']

.github/linters/.checkov.yaml

@@ -0,0 +1,22 @@
+---
+
+quiet: true
+
+skip-check:
+# https://www.checkov.io/5.Policy%20Index/kubernetes.html
+- CKV_K8S_15 # Image Pull Policy should be Always
+- CKV_K8S_21 # The default namespace should not be used
+- CKV_K8S_22 # Use read-only filesystem for containers where possible
+- CKV_K8S_35 # Prefer using secrets as files over secrets as environment variables
+- CKV_K8S_38 # Ensure that Service Account Tokens are only mounted where necessary
+- CKV_K8S_40 # Containers should run as a high UID to avoid host conflict
+- CKV_K8S_43 # Image should use digest
+- CKV2_K8S_5 # No ServiceAccount/Node should be able to read all secrets
+- CKV2_K8S_6 # Minimize the admission of pods which lack an associated NetworkPolicy
+# https://www.checkov.io/5.Policy%20Index/dockerfile.html
+- CKV_DOCKER_2 # Ensure that HEALTHCHECK instructions have been added to container images
+# https://www.checkov.io/5.Policy%20Index/secrets.html
+- CKV_SECRET_6 # Base64 High Entropy String
+# https://www.checkov.io/5.Policy%20Index/github_actions.html
+- CKV2_GHA_1 # Ensure top-level permissions are not set to write-all
+- CKV_GHA_7 # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty.

.github/linters/.yaml-lint.yml

@@ -0,0 +1,66 @@
+---
+#### Config file for yamllint
+# Rules: https://yamllint.readthedocs.io/en/stable/rules.html
+
+# Exclude not required files
+# ignore-from-file:
+# - .gitignore
+# - .yamlignore
+
+rules:
+  braces:
+    min-spaces-inside: 1
+    max-spaces-inside: 1
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: -1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    level: warning
+    require-starting-space: true
+    min-spaces-from-content: 1
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start: disable
+  # level: warning
+  # present: false
+  empty-lines:
+    level: warning
+    max: 2
+    max-start: 0
+    max-end: 2
+  empty-values:
+    forbid-in-block-mappings: true
+    forbid-in-flow-mappings: true
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    level: warning
+    spaces: 2
+    indent-sequences: true
+    check-multi-line-strings: false
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  # max: 100
+  # allow-non-breakable-words: true
+  # allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  octal-values:
+    forbid-implicit-octal: false
+    forbid-explicit-octal: false
+  trailing-spaces: enable
+  truthy: disable

.github/linters/actionlint.yml

@@ -0,0 +1,13 @@
+paths:
+  .github/workflows/**/*.{yml,yaml}:
+    ignore:
+      - 'shellcheck reported issue in this script: SC2086:info.+'
+      - 'shellcheck reported issue in this script: SC2002:style.+'
+  workflows-templates/**/*.{yml,yaml}:
+    ignore:
+      - 'shellcheck reported issue in this script: SC2086:info.+'
+      - 'shellcheck reported issue in this script: SC2002:style.+'
+  actions/**/*.{yml,yaml}:
+    ignore:
+      - 'shellcheck reported issue in this script: SC2086:info.+'
+      - 'shellcheck reported issue in this script: SC2002:style.+'

.github/release-drafter-config.yml

@@ -0,0 +1,50 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+
+
+categories:
+  - title: '💥 Breaking Changes'
+    labels:
+      - breaking-change
+  - title: '💡 New Features'
+    labels:
+      - feature
+      - enhancement
+  - title: '🐞 Bug Fixes'
+    labels:
+      - bug
+      - fix
+      - bugfix
+  - title: '⚙️ Technical Debt'
+    labels:
+      - refactor
+  - title: '📝 Documentation'
+    labels:
+      - documentation
+
+change-template: |
+  - (#$NUMBER) $TITLE by @$AUTHOR
+
+no-changes-template: 'No significant changes'
+
+template: |
+  ## 🚀 Release
+
+  ### What's Changed
+  $CHANGES
+
+  ---
+
+  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION
+
+version-resolver:
+  major:
+    labels:
+      - major
+  minor:
+    labels:
+      - minor
+  patch:
+    labels:
+      - patch
+  default: patch

.github/super-linter.env

@@ -0,0 +1,20 @@
+# File will be loaded as environment variables
+# It must contain strings like:
+# name=value
+
+GITLEAKS_LOG_LEVEL=warn
+VALIDATE_JAVASCRIPT_PRETTIER=false
+VALIDATE_JAVASCRIPT_STANDARD=false
+VALIDATE_JSCPD=false
+VALIDATE_JSON_PRETTIER=false
+VALIDATE_KUBERNETES_KUBECONFORM=false
+VALIDATE_MARKDOWN_PRETTIER=false
+VALIDATE_YAML_PRETTIER=false
+
+# TODO: fix python files and enable the check again
+VALIDATE_PYTHON_BLACK=false
+VALIDATE_PYTHON_FLAKE8=false
+VALIDATE_PYTHON_ISORT=false
+VALIDATE_PYTHON_MYPY=false
+VALIDATE_PYTHON_PYINK=false
+VALIDATE_PYTHON_PYLINT=false