Merge pull request #57 from SAP/github-setup

chore: refinement of setup of GitHub, Dependabot and devcontainer

.devcontainer/default/devcontainer.json

@@ -1,5 +1,5 @@
 {
- "name": "Terraform provider for Cloudfoundry - Development",
+ "name": "Terraform provider for Cloud Foundry - Development",
  "image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
  // Features to add to the dev container. More info: https://containers.dev/features.
  "features": {

.devcontainer/withenvfile/devcontainer.json

@@ -0,0 +1,35 @@
+{
+ "name": "Terraform provider for Cloud Foundry - Development (with env file)",
+ "image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
+ // Features to add to the dev container. More info: https://containers.dev/features.
+ "features": {
+ "ghcr.io/devcontainers/features/terraform:1": {},
+ "ghcr.io/devcontainers/features/github-cli:1": {}
+ },
+ "customizations": {
+ "vscode": {
+ "settings": {},
+ "extensions": [
+ "golang.go",
+ "HashiCorp.terraform",
+ "ms-vscode.makefile-tools"
+ ]
+ },
+ "codespaces": {}
+ },
+ "postCreateCommand": "cp ./assets/provider-config-local.txt ~/.terraformrc",
+ "hostRequirements": {
+ "memory": "4gb"
+ },
+ // Use 'forwardPorts' to make a list of ports inside the container available locally.
+ // "forwardPorts": [],
+ "remoteUser": "vscode",
+ // This devcontainer expects a file named .devcontainer/devcontainer.env to exist.
+ // you should place the following environment variables in that file:
+ // - BTP_USERNAME
+ // - BTP_PASSWORD
+ "runArgs": [
+ "--env-file",
+ ".devcontainer/devcontainer.env"
+ ]
+}

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -13,7 +13,7 @@ body:
  - type: input
  attributes:
  label: What version of the Terraform provider are you using?
- description: What version of the Cloudfoundry Terraform provider are you using?
+ description: What version of the Cloud Foundry Terraform provider are you using?
  placeholder: main-branch
  validations:
  required: false

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,59 @@
+## Purpose
+<!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
+- ...
+
+## Does this introduce a breaking change?
+<!-- Mark one with an "x". -->
+```
+[ ] Yes
+[ ] No
+```
+
+## Pull Request Type
+
+What kind of change does this Pull Request introduce?
+<!-- Please check the one that applies to this PR using "X". -->
+```
+[ ] Bugfix
+[ ] Feature
+[ ] Refactoring (no functional changes, no api changes)
+[ ] Documentation content changes
+[ ] Other... Please describe:
+```
+
+## How to Test
+
+- Test the code via automated test
+
+```bash
+go test ./...
+```
+
+<!-- Add additional steps if applicable -->
+- Additional test steps
+
+```
+...
+```
+
+## What to Check
+
+Verify that the following are valid:
+
+- Automated tests are executed successfully
+<!-- Add additional conditions if applicable -->
+- ...
+
+## Other Information
+<!-- Add any other helpful information that may be needed here. -->
+
+## Checklist for reviewer
+
+<!-- This checklist needs to completed by the reviewer of the PR -->
+The following organizational tasks must be completed before merging this PR:
+
+- [ ] The PR is assigned to the Terraform project and a status is set (typically "in review").
+- [ ] The PR has the matching labels assigned to it.
+- [ ] The PR has a milestone assigned to it.
+- [ ] If the PR closes an issue, the issue is referenced.
+- [ ] Possible follow-up items are created and linked.

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ - package-ecosystem: "gomod"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ - package-ecosystem: "terraform"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ - package-ecosystem: "devcontainers"
+ directory: "/"
+ schedule:
+ interval: weekly

.github/workflows/codeql.yml

@@ -0,0 +1,85 @@
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ "main" ]
+ paths-ignore:
+ - '*.md'
+ - '*.md.tmpl'
+ - '*.tf'
+ pull_request:
+ branches: [ "main" ]
+ types:
+ - opened
+ - reopened
+ - synchronize
+ - ready_for_review
+ paths-ignore:
+ - '*.md'
+ - '*.md.tmpl'
+ - '*.tf'
+ schedule:
+ - cron: '30 4 * * 0'
+ workflow_dispatch:
+
+jobs:
+ analyze:
+ if: github.event.pull_request.draft == false
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'go' ]
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ # Manually install the right version of Go
+ # See https://github.com/github/codeql-action/issues/1842 and https://github.com/github/codeql/issues/13992
+ - name: Setup Go
+ uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+ with:
+ go-version-file: "go.mod"
+ # not needed but gets rid of warnings
+ cache: false
+
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v3
+
+ # ℹ️ Command-line programs to run using the OS shell.
+ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+ # If the Autobuild fails above, remove it and uncomment the following three lines.
+ # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+ # - run: |
+ # echo "Run, Build Application using script"
+ # ./location_of_script_within_repo/buildscript.sh
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v3
+ with:
+ category: "/language:${{matrix.language}}"

.github/workflows/feature-request-response.yml

@@ -0,0 +1,31 @@
+name: "Feature Request - Community Note"
+
+on:
+ issues:
+ types:
+ - opened
+
+jobs:
+ community_note:
+ name: 'Add Community Note'
+ if: ${{ contains(github.event.issue.labels.*.name, 'enhancement') }}
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Add community note to new Issues'
+ uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+ with:
+ issue-number: ${{ github.event.issue.number }}
+ body: |
+ Thanks for the feature request. We evaluate it and update the issue accordingly.
+ 
+ ## Community Note
+
+ ### Voting for Prioritization
+
+ * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original post to help the community and maintainers prioritize this request.
+ * Please **do not** leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
+
+ ### Volunteering to Work on This Issue
+
+ * If you are interested in working on this issue, please leave a comment.
+ * If this would be your first contribution, please review the [contribution guide](https://github.com/SAP/terraform-provider-btp/blob/main/CONTRIBUTING.md).

.github/workflows/issue-comment-created.yml

@@ -0,0 +1,14 @@
+name: Issue Comment Created Triage
+
+on:
+ issue_comment:
+ types: [created]
+
+jobs:
+ issue_comment_triage:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
+ with:
+ labels: |
+ needs-author-feedback

.github/workflows/links-watcher-cron.yml

@@ -0,0 +1,44 @@
+name: Periodic Link Checker
+
+on:
+ schedule:
+ - cron: "30 0 * * 1"
+ workflow_dispatch:
+
+permissions:
+ contents: read
+ issues: write
+
+jobs:
+ link-checker:
+ runs-on: ubuntu-latest
+ steps:
+ - name: "Checkout source code"
+ uses: actions/checkout@v4
+ - name: Link Checker
+ id: lychee
+ uses: lycheeverse/[email protected]
+ with:
+ args: --verbose --no-progress --max-concurrency 2 --exclude-loopback './**/*.md'
+ output: ./lychee/out.md
+ fail: true
+ env:
+ GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+ - name: Find existing issue
+ id: find_issue
+ uses: micalevisk/last-issue-action@v2
+ if: failure()
+ with:
+ state: open
+ labels: |
+ broken link
+ automated issue
+ - name: Create or update issue for broken links
+ uses: peter-evans/create-issue-from-file@v5
+ if: failure()
+ with:
+ title: Link Checker Report
+ # If issue number is empty a new issue gets created
+ issue-number: ${{ steps.find_issue.outputs.issue-number }}
+ content-filepath: ./lychee/out.md
+ labels: broken link, automated issue

.github/workflows/stale-handling.yml

@@ -0,0 +1,22 @@
+name: Close Stale Issues and PRs
+on:
+ schedule:
+ - cron: '30 2 * * *'
+
+permissions:
+ issues: write
+ pull-requests: write
+
+jobs:
+ stale:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/stale@v9
+ with:
+ stale-issue-message: 'This issue is stale because it has been open 15 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+ stale-pr-message: 'This pull request is stale because it has been open 15 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+ close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
+ close-pr-message: 'This PR was closed because it has been stalled for 5 days with no activity.'
+ days-before-stale: 15
+ days-before-close: 5
+ any-of-issue-labels: 'needs-author-feedback'