ci: copy default workflows from template repository (#5)

.config/cspell.json

@@ -0,0 +1,37 @@
+{
+  "version": "0.2",
+  "language": "en",
+  "words": [
+    "cpus",
+    "Hapag",
+    "Infracost",
+    "oidc",
+    "Repology",
+    "tflint",
+    "tfsec"
+  ],
+  "ignoreWords": [
+    "amannn",
+    "baumato",
+    "codeowners",
+    "codeql",
+    "datasource",
+    "dekarti",
+    "dorny",
+    "hmarr",
+    "ibiqlik",
+    "kayman",
+    "ludeeus",
+    "markdownlint",
+    "mktemp",
+    "noxone",
+    "rhysd",
+    "rosczja",
+    "ruleset",
+    "sarif",
+    "shellcheck",
+    "shuf",
+    "shunsuke",
+    "signoff"
+  ]
+}

.config/markdownlint.yml

@@ -0,0 +1,12 @@
+---
+# Default state for all rules
+default: true
+
+# MD013/line-length - Line length
+MD013:
+  # Number of characters
+  line_length: 132
+  # Number of characters for headings
+  heading_line_length: 132
+  # Number of characters for code blocks
+  code_block_line_length: 132

.config/yamllint.yml

@@ -0,0 +1,8 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 132
+  comments:
+    min-spaces-from-content: 1

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug report
+about: Found a bug? Report it!
+title: ''
+labels: new, bug
+assignees: ''
+---
+
+<!-- Before submitting a bug, make sure that you meet the following requirements:
+  1. use the latest version of the module
+  2. read the documentation
+-->
+
+# Describe the bug
+
+A clear and concise description of what the bug is.
+
+# To Reproduce
+
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+# Expected behavior
+
+A clear and concise description of what you expected to happen.
+
+# Additional context
+
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,39 @@
+---
+name: Feature Request
+about: Propose a new feature
+title: ''
+labels: new, enhancement
+assignees: ''
+---
+
+# Describe the solution you'd like
+
+<!--
+  Provide a clear and concise description of what you want to happen. Add some sentences to describe the use case
+  to be solved by this feature.
+-->
+
+# Describe alternatives you've considered
+
+<!--
+  Let us know about other solutions you've tried or researched.
+-->
+
+# Suggest a solution
+
+<!--
+Things to include:
+
+- details of the technical implementation
+- tradeoffs made in design decisions
+ -caveats and considerations for the future
+
+If there are multiple solutions, please present each one separately. Save comparisons for the very end.
+-->
+
+# Additional context
+
+<!--
+  Is there anything else you can add about the proposal?
+  You might want to link to related issues here, if you haven't already.
+-->

.github/pull_request_template.md

@@ -0,0 +1,21 @@
+# Description
+
+What is the overall goal of your PR? Which problem does it solve? Please also include relevant motivation and context.
+List any dependencies that are required for this change.
+
+Fixes #(issue number)
+
+# Migrations required
+
+yes: please describe the migration
+no: please delete the whole paragraph
+
+# Verification
+
+Please describe the test cases you used to verify your code. Did you check the change in your environment?
+
+# Checklist
+
+- [ ] My code follows the style guidelines of the project
+- [ ] I have performed a self-review of my own code
+- [ ] I have made corresponding changes to the documentation

.github/workflows/linter.yml

@@ -0,0 +1,111 @@
+---
+name: Lint files
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+
+jobs:
+  find-changes:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+        id: changes
+        with:
+          filters: |
+            json:
+              - '**/*.json'
+
+            markdown:
+              - '**/*.md'
+
+            renovate-config:
+              - 'renovate.json'
+              - 'default.json'
+
+            workflow:
+              - '.github/workflows/*.yml'
+              - '.github/workflows/*.yaml'
+
+            yaml:
+              - '**/*.yaml'
+              - '**/*.yml'
+    outputs:
+      json: ${{ steps.changes.outputs.json }}
+      markdown: ${{ steps.changes.outputs.markdown }}
+      renovate-config: ${{ steps.changes.outputs.renovate-config }}
+      workflow: ${{ steps.changes.outputs.workflow }}
+      yaml: ${{ steps.changes.outputs.yaml }}
+
+  lint-json:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    if: needs.find-changes.outputs.json == 'true'
+    needs: find-changes
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Run JSON Lint
+        run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/json-lint/master/pipeline.sh)
+
+  lint-markdown:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    if: needs.find-changes.outputs.markdown == 'true'
+    needs: find-changes
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Validate Markdown file
+        run: |
+          npm install -g markdownlint-cli
+          markdownlint -c .config/markdownlint.yml -i CHANGELOG.md "**/*.md"
+
+  lint-renovate:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    if: needs.find-changes.outputs.renovate-config == 'true'
+    needs: find-changes
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: suzuki-shunsuke/github-action-renovate-config-validator@7657f9865bd2d5fba0cc0fc12cb692e42fbde1e2 # v1.0.0
+
+  lint-shell:
+    name: Check shell scripts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: ShellCheck
+        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
+
+  lint-workflow:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: find-changes
+    if: needs.find-changes.outputs.workflow == 'true'
+    container:
+      image: rhysd/actionlint:1.6.26@sha256:2362769b1d75056da70e7af1b12d9e52746f3a123b8f22a4322869e8f2cd45f2
+      options: --cpus 1 --user root
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Validate Github workflows
+        run: |
+          mkdir .git
+          actionlint -color
+
+  lint-yaml:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: find-changes
+    if: needs.find-changes.outputs.yaml == 'true'
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: yaml-lint
+        uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
+        with:
+          config_file: .config/yamllint.yml
+          strict: true

.github/workflows/pull-request.yml

@@ -0,0 +1,49 @@
+---
+name: "Pull Request"
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+    branches-ignore:
+      - "release-please--branches--*"
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+            build
+            chore
+            ci
+            docs
+            feat
+            fix
+            perf
+            refactor
+            revert
+            style
+            test
+          # Configure which scopes are allowed.
+          # deps - dependency updates
+          # main - for release-please (scope used for releases)
+          scopes: |
+            deps
+            main
+          requireScope: false
+          subjectPattern: ^(?![A-Z]).+$
+          subjectPatternError: |
+            The subject "{subject}" found in the pull request title "{title}"
+            didn't match the configured pattern. Please ensure that the subject
+            doesn't start with an uppercase character.
+          wip: true
+          validateSingleCommit: false
+          validateSingleCommitMatchesPrTitle: false

.github/workflows/release.yml

@@ -0,0 +1,29 @@
+---
+name: Create a release
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa  # v1
+        id: app-token
+        with:
+          app-id: ${{ vars.GET_TOKEN_APP_ID }}
+          private-key: ${{ secrets.GET_TOKEN_APP_PRIVATE_KEY }}
+      # bootstrap-sha and release-as needs to be removed after first release
+      - name: Release
+        # yamllint disable-line rule:line-length
+        uses: google-github-actions/release-please-action@a2d8d683f209466ee8c695cd994ae2cf08b1642d  # ratchet:google-github-actions/release-please-action@v3
+        with:
+          release-type: python
+          token: ${{ steps.app-token.outputs.token }}
+          pull-request-header: ''

.github/workflows/renvovate-auto-approve.yml

@@ -0,0 +1,17 @@
+---
+name: Approve all Renovate PRs automatically
+
+# yamllint disable-line rule:truthy
+on: pull_request_target
+
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: github.actor == 'renovate[bot]'
+    steps:
+      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4  # v3.2.1
+        with:
+          review-message: "Auto approved Renovate PR by organization"
+          github-token: ${{ secrets.PAT_FOR_PR_AUTO_APPROVAL }}