Merge branch 'main' into broadcast-cla-workflow

Author: PavelYadrov

.github/charts-values-update-config.yaml

@@ -14,4 +14,5 @@ charts:
       - ghcr.io/netcracker/qubership-docker-zookeeper:${release}
       - ghcr.io/netcracker/qubership-zookeeper-monitoring:${release}
       - ghcr.io/netcracker/qubership-zookeeper-backup-daemon:${release}
-      - ghcr.io/netcracker/qubership-zookeeper-integration-tests:${release}
+      - ghcr.io/netcracker/qubership-zookeeper-integration-tests:${release}
+      - ghcr.io/netcracker/qubership-docker-kubectl:#latest

.github/release-drafter-config.yml

@@ -45,4 +45,4 @@ version-resolver:
   patch:
     labels:
       - patch
-  default: patch
+  default: patch

.github/workflows/automatic-pr-labeler.yaml

@@ -24,15 +24,17 @@ jobs:
     if: (github.event.pull_request.merged == false) && (github.event.pull_request.user.login != 'dependabot[bot]') && (github.event.pull_request.user.login != 'github-actions[bot]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: "Execute assign labels"
         id: action-assign-labels
         uses: mauroalderete/action-assign-labels@v1
         with:
           pull-request-number: ${{ github.event.pull_request.number }}
           github-token: ${{ github.token }}
-          conventional-commits: ".github/workflows/automatic-pr-labeler.yaml"
+          conventional-commits: "./.github/auto-labeler-config.yaml"
           maintain-labels-not-matched: true
           apply-changes: ${{ github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
       - name: "Drop warning if PR from fork"
@@ -42,4 +44,4 @@ jobs:
             echo "⚠️ Pull request from fork! ⚠️";
             echo "Labels will not be applied to PR. Assign them manually please.";
             echo "Labels to assign: ${{ steps.action-assign-labels.outputs.labels-next }}";
-          } >> $GITHUB_STEP_SUMMARY
+          } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/cla.yaml

@@ -11,6 +11,7 @@ permissions:
 
 jobs:
   CLAAssistant:
+    if: github.event.pull_request.draft == false
     permissions:
       actions: write
       contents: write

.github/workflows/link-checker.yaml

@@ -0,0 +1,47 @@
+---
+name: Link Checker
+
+on:
+  push: null
+  repository_dispatch: null
+  workflow_dispatch: null
+  pull_request:
+    branches: [main]
+    types:
+      [opened, reopened, synchronize]
+permissions:
+  contents: read
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Restore lychee cache
+        uses: actions/cache@v4
+        id: restore-cache
+        with:
+          path: .lycheecache
+          key: cache-lychee-${{ github.sha }}
+          restore-keys: cache-lychee-
+
+      - name: Link Checker
+        id: lychee
+        uses: lycheeverse/lychee-action@v2
+        with:
+          args: >-
+            './**/*.md'
+            --verbose
+            --no-progress
+            --user-agent 'Mozilla/5.0 (X11; Linux x86_64) Chrome/134.0.0.0'
+            --retry-wait-time 60
+            --max-retries 8
+            --accept 100..=103,200..=299,429
+            --cookie-jar cookies.json
+            --exclude-all-private
+            --max-concurrency 4
+            --cache
+            --cache-exclude-status '429, 500..502'
+            --max-cache-age 1d
+          format: markdown
+          fail: true

.github/workflows/pr-conventional-commits.yaml

@@ -0,0 +1,23 @@
+---
+
+name: Conventional Commits PR Check
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+jobs:
+  build:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - uses: webiny/action-conventional-commits@v1.3.0

.github/workflows/pr-lint-title.yaml

@@ -0,0 +1,23 @@
+---
+
+name: "Lint PR Title"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v6
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/profanity-filter.yaml

@@ -0,0 +1,29 @@
+---
+name: Profanity filter
+
+on:
+  issue_comment:
+    types: [created, edited]
+  issues:
+    types: [opened, edited, reopened]
+  pull_request:
+    types: [opened, edited, reopened]
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  apply-filter:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Scan issue or pull request for profanity
+      # Conditionally run the step if the actor isn't a bot
+      if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'github-actions[bot]' }}
+      uses: IEvangelist/profanity-filter@9.07
+      id: profanity-filter
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        # See https://bit.ly/potty-mouth-replacement-strategies
+        replacement-strategy: middle-asterisk # See Replacement strategy
+        custom-profane-words-url: https://github.com/Hesham-Elbadawi/list-of-banned-words/raw/refs/heads/master/ru

.github/workflows/push.yml

@@ -27,6 +27,10 @@ on:
       - 'README.md'
       - 'SECURITY.md'
 
+env:
+  TAG_NAME: ${{ github.event.release.tag_name || github.ref }}
+  GITHUB_GROUP: ${{ github.repository_owner }}
+
 concurrency:
   # On main/release, we don't want any jobs cancelled so the sha is used to name the group
   # On PR branches, we cancel the job if new commits are pushed
@@ -60,19 +64,9 @@ jobs:
             file: docker-zookeeper/docker/Dockerfile
             context: docker-zookeeper
     runs-on: ubuntu-latest
-    name: ${{ matrix.component.name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ghcr.io/${{ github.repository_owner }}/${{ matrix.component.name }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
@@ -81,14 +75,18 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${GITHUB_ACTOR}
+          password: ${{secrets.GITHUB_TOKEN}}
+      - name: Prepare Tag
+        run: echo "TAG_NAME=$(echo ${TAG_NAME} | sed 's@refs/tags/@@;s@refs/heads/@@;s@/@_@g')" >> $GITHUB_ENV
+      - name: Prepare Group
+        run: echo "GITHUB_GROUP=${GITHUB_GROUP,,}" >> $GITHUB_ENV
       - name: Get package IDs for delete
         id: get-ids-for-delete
         uses: Netcracker/get-package-ids@v0.0.1
         with:
           component-name: ${{ matrix.component.name }}
-          component-tag: ${{ steps.meta.outputs.tags }}
+          component-tag: ${{ env.TAG_NAME }}
           access-token: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push
         uses: docker/build-push-action@v6
@@ -97,8 +95,6 @@ jobs:
           context: ${{ matrix.component.context }}
           file: ${{ matrix.component.file }}
           platforms: linux/amd64,linux/arm64
-          # See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#fetching-metadata-about-a-pull-request
           push: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }}
-          provenance: false
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ghcr.io/${{ env.GITHUB_GROUP }}/${{ matrix.component.name }}:${{ env.TAG_NAME }}
+          provenance: false

.github/workflows/run_tests.yaml

@@ -8,12 +8,11 @@ on:
 
 jobs:
   Zookeeper-Pipeline:
-    if: github.event.pull_request.user.login != 'dependabot[bot]'
-    uses: Netcracker/qubership-test-pipelines/.github/workflows/zookeeper.yaml@f6104d86e08ccf5c490e8dc6396b51585d03538a
+    uses: Netcracker/qubership-test-pipelines/.github/workflows/zookeeper.yaml@80631034d5b75e978dfb4fdd300ec729b9e86ab4
     with:
       service_branch: '${{ github.head_ref || github.ref_name }}'
       versions_file: '.github/versions.yaml'
-      pipeline_branch: 'f6104d86e08ccf5c490e8dc6396b51585d03538a' #this value must match the value after '@' in 'uses'
+      pipeline_branch: '80631034d5b75e978dfb4fdd300ec729b9e86ab4' #this value must match the value after '@' in 'uses'
     secrets:
       AWS_S3_ACCESS_KEY_ID: ${{secrets.AWS_S3_ACCESS_KEY_ID}}
       AWS_S3_ACCESS_KEY_SECRET: ${{secrets.AWS_S3_ACCESS_KEY_SECRET}}