Merge pull request kubernetes-sigs#5 from multicluster-runtime/sttts-plumbing

🌱 Add controller-runtime plumbing

Author: sttts

.github/PULL_REQUEST_TEMPLATE/breaking_change.md

@@ -0,0 +1,5 @@
+<!-- please add a :warning: (`:warning:`) to the title of this PR, and delete this line and similar ones -->
+
+<!-- What does this do, and why do we need it? -->
+
+<!-- Why does this have to be a breaking change (what else did you consider)? -->

.github/PULL_REQUEST_TEMPLATE/bug_fix.md

@@ -0,0 +1,5 @@
+<!-- please add a :bug: (`:bug:`) to the title of this PR, and delete this line and similar ones -->
+
+<!-- What does this do, and why do we need it? -->
+
+<!-- What issue does this fix (e.g. Fixes #XYZ) -->

.github/PULL_REQUEST_TEMPLATE/compat_feature.md

@@ -0,0 +1,3 @@
+<!-- please add a :sparkles: (`:sparkles:`) to the title of this PR, and delete this line and similar ones -->
+
+<!-- What does this do, and why do we need it? -->

.github/PULL_REQUEST_TEMPLATE/docs.md

@@ -0,0 +1,3 @@
+<!-- please add a :book: (`:book:`) to the title of this PR, and delete this line and similar ones -->
+
+<!-- What docs does this change, and why? -->

.github/PULL_REQUEST_TEMPLATE/other.md

@@ -0,0 +1,3 @@
+<!-- please add a :seedling: (`:seedling:`) to the title of this PR, and delete this line and similar ones -->
+
+<!-- What does this do, and why do we need it? -->

.github/dependabot.yml

@@ -0,0 +1,18 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+version: 2
+updates:
+# GitHub Actions
+- package-ecosystem: "github-actions"
+  # Workflow files stored in the
+  # default location of `.github/workflows`
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  groups:
+    all-github-actions:
+      patterns: [ "*" ]
+  commit-message:
+    prefix: ":seedling:"
+  labels:
+  - "ok-to-test"

.github/pull_request_template.md

@@ -0,0 +1,4 @@
+<!-- please add an icon to the title of this PR (see VERSIONING.md), and delete this line and similar ones -->
+<!-- the icon will be either ⚠ (:warning:, major), ✨ (:sparkles:, minor), 🐛 (:bug:, patch), 📖 (:book:, docs), or 🌱 (:seedling:, other) -->
+
+<!-- What does this do, and why do we need it? -->

.github/workflows/golangci-lint.yml

@@ -0,0 +1,40 @@
+name: golangci-lint
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+    branches:
+      - main
+
+permissions:
+  # Required: allow read access to the content for analysis.
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  pull-requests: read
+  # Optional: Allow write access to checks to allow the action to annotate code in the PR.
+  checks: write
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        working-directory:
+          - ""
+          - examples/kind
+          - providers/kind
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
+      - name: Calculate go version
+        id: vars
+        run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
+      - name: Set up Go
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # tag=v5.3.0
+        with:
+          go-version: ${{ steps.vars.outputs.go_version }}
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@051d91933864810ecd5e2ea2cfd98f6a5bca5347 # tag=v6.3.2
+        with:
+          version: v1.63.4
+          args: --out-format=colored-line-number
+          working-directory: ${{matrix.working-directory}}

.github/workflows/ossf-scorecard.yaml

@@ -0,0 +1,56 @@
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    # Weekly on Saturdays.
+    - cron: '30 1 * * 6'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed if using Code scanning alerts
+      security-events: write
+      # Needed for GitHub OIDC token if publish_results is true
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # tag=v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          publish_results: true
+
+      # Upload the results as artifacts.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # tag=v4.6.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # required for Code scanning alerts
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@83a02f7883b12e0e4e1a146174f5e2292a01e601 # tag=v2.16.4
+        with:
+          sarif_file: results.sarif

.github/workflows/pr-dependabot.yaml

@@ -0,0 +1,38 @@
+name: PR dependabot go modules fix
+
+# This action runs on PRs opened by dependabot and updates modules.
+on:
+  pull_request:
+    branches:
+      - dependabot/**
+  push:
+    branches:
+      - dependabot/**
+  workflow_dispatch:
+
+permissions:
+  contents: write # Allow to update the PR.
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
+    - name: Calculate go version
+      id: vars
+      run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
+    - name: Set up Go
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # tag=v5.3.0
+      with:
+        go-version: ${{ steps.vars.outputs.go_version }}
+    - name: Update all modules
+      run: make modules
+    - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # tag=v9.1.4
+      name: Commit changes
+      with:
+        author_name: dependabot[bot]
+        author_email: 49699333+dependabot[bot]@users.noreply.github.com
+        default_author: github_actor
+        message: 'Update generated code'