feat: base repo, dependabot config (#2)

.editorconfig

@@ -0,0 +1,15 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+max_line_length = 120
+
+[*.md]
+trim_trailing_whitespace = false

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @AliMD

.github/dependabot.yml

@@ -0,0 +1,34 @@
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    open-pull-requests-limit: 20
+    reviewers:
+      - AliMD
+    schedule:
+      interval: daily
+    labels:
+      - ci
+      - priority-low
+      - maintenance
+    groups:
+      github-actions:
+        patterns:
+          - '*'
+  - package-ecosystem: docker
+    directory: /
+    open-pull-requests-limit: 20
+    reviewers:
+      - AliMD
+    schedule:
+      interval: daily
+    labels:
+      - ci
+      - priority-low
+      - maintenance
+    # groups:
+    #   github-actions:
+    #     patterns:
+    #       - '*'

.github/labels.yml

@@ -0,0 +1,90 @@
+- name: 'bug-report'
+  color: ee0811
+  description: 'Inconsistencies or issues which will cause a problem for users or implementors.'
+- name: 'feature-request'
+  color: 0e9a26
+  description: 'Request new features or options.'
+
+- name: 'breaking-change'
+  color: ee0701
+  description: 'A change that changes the API or breaks backward compatibility for users.'
+- name: 'bugfix'
+  color: ee0701
+  description: 'Inconsistencies or issues which will cause a problem for users or implementors.'
+- name: 'documentation'
+  color: 0052cc
+  description: 'Solely about the documentation of the project.'
+- name: 'enhancement'
+  color: 1d76db
+  description: 'Enhancement of the code, not introducing new features.'
+- name: 'refactor'
+  color: 1d76db
+  description: 'Updating the code with simpler, easier to understand or more efficient syntax or methods.'
+- name: 'performance'
+  color: 1d76db
+  description: 'Improving performance of the project, not introducing new features.'
+- name: 'new-feature'
+  color: 0e8a16
+  description: 'New features or options.'
+- name: 'maintenance'
+  color: 2af79e
+  description: 'Generic maintenance tasks.'
+- name: 'ci'
+  color: 1d76db
+  description: 'Work that improves the continuous integration.'
+- name: 'dependencies'
+  color: 1d76db
+  description: 'Change in project dependencies.'
+
+- name: 'in-progress'
+  color: fbca04
+  description: 'Issue is currently being worked on by a developer.'
+- name: 'stale'
+  color: fef2c0
+  description: 'No activity for quite some time.'
+- name: 'no-stale'
+  color: fef2c0
+  description: 'This is exempt from the stale bot.'
+- name: 'auto-closed'
+  color: fef2c0
+  description: 'No activity for quite some time.'
+
+- name: 'security'
+  color: ee0701
+  description: 'Addressing a vulnerability or security risk in this project.'
+- name: 'incomplete'
+  color: fef2c0
+  description: 'Missing information.'
+- name: 'invalid'
+  color: fef2c0
+  description: "This is off-topic, spam, or otherwise doesn't apply to this project."
+
+- name: 'good first issue'
+  color: 0e8a16
+  description: 'Good first issue for people wanting to contribute to this project.'
+- name: 'help-wanted'
+  color: 0e8a16
+  description: 'We need some extra helping hands or expertise in order to resolve this!'
+
+- name: 'priority-critical'
+  color: ee0701
+  description: 'Must be addressed as soon as possible.'
+- name: 'priority-high'
+  color: b60205
+  description: 'After critical issues are fixed, these should be dealt with before any further issues.'
+- name: 'priority-medium'
+  color: 0e8a16
+  description: 'This issue may be useful, and needs some attention.'
+- name: 'priority-low'
+  color: e4ea8a
+  description: 'Nice addition, maybe... someday...'
+
+- name: 'major'
+  color: b60205
+  description: 'This PR causes a major bump in the version number.'
+- name: 'minor'
+  color: 0e8a16
+  description: 'This PR causes a minor bump in the version number.'
+- name: 'release'
+  color: 5319E7
+  description: 'Release PR from next to main.'

.github/pull_request_template.md

@@ -0,0 +1,3 @@
+## Description
+
+<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. -->

.github/workflows/publish-container.yml

@@ -0,0 +1,125 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+name: Build & Publish Containers
+
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - main
+
+  pull_request:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build:
+    if: github.repository_owner == 'Alwatr'
+
+    name: Build & Publish Containers
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: alpine
+            version:
+              short: 3
+              full: 3.17
+
+    permissions:
+      contents: read
+      packages: write
+      # actions: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+
+      - name: ❔ Check Container files changed
+        id: file_change
+        uses: dorny/[email protected]
+        with:
+          filters: |
+            container_folder:
+              ./${{ matrix.name }}/*
+
+      # - name: ❔ Stop if files not changed
+      #   if: ${{ steps.file_change.outputs.container_folder != 'true' }}
+      #   run: |
+      #     gh run cancel ${{ github.run_id }}
+      #     gh run watch ${{ github.run_id }}
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: ⤵️ Checkout repository
+        if: ${{ steps.file_change.outputs.container_folder == 'true' }}
+        uses: actions/[email protected]
+
+      - name: 🏗 Extract Docker metadata
+        id: meta
+        if: ${{ steps.file_change.outputs.container_folder == 'true' }}
+        uses: docker/[email protected]
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          images: name=${{env.REGISTRY}}/${{github.repository_owner}}/${{matrix.name}}
+          tags: |
+            type=raw,value=${{matrix.version.short}}
+            type=raw,value=${{matrix.version.full}}
+          labels: |
+            org.opencontainers.image.title="alwatr/${{matrix.name}}"
+            org.opencontainers.image.authors=S. Ali Mihandoost <[email protected]> (https://ali.mihandoost.com), S. Amir Mohammad Najafi <[email protected]> (https://njfamirm.ir/)
+            org.opencontainers.image.source="https://github.com/Alwatr/containers/tree/main/${{matrix.name}}"
+            org.opencontainers.image.licenses="MIT"
+            org.opencontainers.image.url="https://github.com/Alwatr/containers/tree/main/${{matrix.name}}"
+            org.opencontainers.image.documentation="https://github.com/Alwatr/containers/tree/main/${{matrix.name}}"
+            org.opencontainers.image.vendor="Alwatr"
+
+      - name: 🏗 Install cosign
+        if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }}
+        uses: sigstore/[email protected]
+
+      - name: 🏗 Setup Docker Buildx
+        if: ${{ steps.file_change.outputs.container_folder == 'true' }}
+        uses: docker/[email protected]
+
+      - name: 🏗 Cache Docker Layers
+        if: ${{ steps.file_change.outputs.container_folder == 'true' }}
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: container-${{ matrix.name }}
+
+      - name: 🏗 Log into registry ${{env.REGISTRY}}
+        if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }}
+        uses: docker/[email protected]
+        with:
+          registry: ${{env.REGISTRY}}
+          username: ${{github.repository_owner}}
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: 🚀 Build and push container image
+        if: ${{ steps.file_change.outputs.container_folder == 'true' }}
+        id: build_and_push
+        uses: docker/[email protected]
+        with:
+          context: ./${{matrix.name}}
+          push: ${{github.event_name != 'pull_request'}}
+          tags: ${{steps.meta.outputs.tags}}
+          labels: ${{steps.meta.outputs.labels}}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          # cache-from: type=gha
+          # cache-to: type=gha,mode=max
+
+      # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+      - name: 🏗 Sign the image with GitHub OIDC Token
+        if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }}
+        env:
+          DIGEST: ${{ steps.build_and_push.outputs.digest }}
+          TAGS: ${{ steps.meta.outputs.tags }}
+        run: cosign sign --yes "${TAGS}@${DIGEST}"

.github/workflows/sync-labels.yml

@@ -0,0 +1,30 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+name: Sync labels
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - next
+    paths:
+      - .github/labels.yml
+
+jobs:
+  labels:
+    name: Sync labels
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: ⤵️ Check out code from GitHub
+        uses: actions/[email protected]
+
+      - name: 🚀 Run Label Syncer
+        uses: micnncim/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,37 @@
+# Specifies intentionally untracked files to ignore when using Git
+# http://git-scm.com/docs/gitignore
+
+# OSX
+.DS_STORE
+.DS_Store
+._*
+
+# Windows
+Thumbs.db
+Desktop.ini
+
+# Logs
+*.log*
+
+# Build
+dist
+build
+.tsbuildinfo
+*.map
+*.d.ts
+*.js
+!*.config.js
+!**/res/*.js
+
+# Dependencies
+node_modules
+package-lock.json
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env

.prettierrc.json

@@ -0,0 +1,4 @@
+{
+  "singleQuote": true,
+  "bracketSpacing": false
+}

.vscode/extensions.json

@@ -0,0 +1,10 @@
+{
+  "recommendations": [
+    "davidanson.vscode-markdownlint",
+    "editorconfig.editorconfig",
+    "esbenp.prettier-vscode",
+    "jgclark.vscode-todo-highlight",
+    "streetsidesoftware.code-spell-checker-persian",
+    "streetsidesoftware.code-spell-checker"
+  ]
+}

.vscode/settings.json

@@ -0,0 +1,21 @@
+{
+  "editor.wordWrapColumn": 120,
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "prettier.useEditorConfig": true,
+  "files.associations": {
+    "*.mt": "routeros",
+    "*.conf.template": "nginx",
+    "ssh_config": "ssh_config",
+    "*.njk": "html",
+    "ssh-config": "ssh_config"
+  },
+  "markdownlint.ignore": [
+    "**/CHANGELOG.md"
+  ],
+  "cSpell.language": "en,fa,fa-IR",
+  "cSpell.words": [
+    "Alwatr"
+  ],
+  "git.autoStash": true,
+  "githubPullRequests.ignoredPullRequestBranches": ["main", "next"]
+}