ci: added github tooling

Signed-off-by: Mateusz Urbanek <[email protected]>

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,20 @@
+name: Bug Report
+description: You encountered bug? Unexpected behavior? Open this one.
+title: "[BUG]: <title>"
+labels:
+  - kind/bug
+body:
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also, what did you expect to happen?
+      placeholder: Put your description here.
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: Text

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,42 @@
+name: Feature Request
+description: You want to submit a feature request? Open this one.
+title: "[FEATURE]: <title>"
+labels:
+  - kind/feature
+body:
+  - type: dropdown
+    id: contributor
+    attributes:
+      label: Are you interested in contributing to the development of this feature?
+      description: This will help us categorize the issue.
+      options:
+        - 'Yes'
+        - 'No'
+    validations:
+      required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is.
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe the solution you'd like.
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Describe alternatives you've considered.
+      description: A clear and concise description of any alternative solutions or features you've considered.
+    validations:
+      required: true
+  - type: textarea
+    id: additional_info
+    attributes:
+      label: Additional Information
+      description: Any other relevant information about the feature request.

.github/ISSUE_TEMPLATE/question.yaml

@@ -0,0 +1,12 @@
+name: Question
+description: Have a generic question? Open this one.
+title: "[QUESTION]: <title>"
+labels:
+  - kind/support
+body:
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Ask a question!
+    validations:
+      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,21 @@
+## What this PR does / why we need it:
+<!--
+What code changes are made?
+What problem does this PR addresses, or what feature this PR adds?
+-->
+<!-- REPLACE WITH CONTENT -->
+
+## Which issue(s) this PR resolves:
+<!--
+Usage: `Resolves #<issue number>`, or `Resolves <link to the issue>`.
+If PR is about `failing-tests`, please post the related tests in a comment and do not use `Resolves`
+-->
+Resolves #
+
+## Special notes for your reviewer:
+<!-- Do you think reviewers should focus on any particular parts of code? -->
+<!-- REPLACE WITH CONTENT -->
+
+## Additional documentation e.g., enhancement proposals, usage docs, etc.:
+<!-- This section can be blank if this pull request does not require a release note. -->
+<!-- REPLACE WITH CONTENT -->

.github/dependabot.yml

@@ -0,0 +1,43 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    labels:
+      - "area/dependency"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    labels:
+      - "area/dependency"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    labels:
+      - "area/dependency"
+  - package-ecosystem: "gomod"
+    directory: "/test"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    labels:
+      - "area/dependency"

.github/labels.yml

@@ -0,0 +1,28 @@
+- name: good first issue
+  color: 7057ff
+  description: Denotes an issue ready for a new contributor, according to the "help wanted" guidelines.
+- name: help wanted
+  color: 006b75
+  description: Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
+
+- name: area/api
+  color: 0052cc
+  description: Indicates an issue on api area.
+- name: area/dependency
+  color: 0052cc
+  description: Issues or PRs related to dependency changes
+- name: area/example
+  color: 0052cc
+
+- name: kind/bug
+  color: e11d21
+  description: Categorizes issue or PR as related to a bug.
+- name: kind/documentation
+  color: c7def8
+  description: Categorizes issue or PR as related to documentation.
+- name: kind/feature
+  color: c7def8
+  description: Categorizes issue or PR as related to a new feature.
+- name: kind/support
+  color: d455d0
+  description: Categorizes issue or PR as a support question.

.github/workflows/00-labels-sync.yaml

@@ -0,0 +1,23 @@
+# This workflow is used to declaratively sync labels.
+# It is supposed to be run on push to main.
+
+name: Sync labels
+
+on:
+  push:
+    branches:
+      - main
+
+permissions: write-all
+
+jobs:
+  sync:
+    name: Sync labels
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: shanduur/declarative-labels-sync-action@main
+        with:
+          owner: linode
+          repository: ${{ github.event.repository.name }}
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/00-semantic-pr.yaml

@@ -0,0 +1,24 @@
+# This workflow validate pull request title.
+# It is supposed to be run only when the pull request changes it's state.
+
+name: Semantic pull request
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: Validate pull request title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/10-k8s-linters.yaml

@@ -0,0 +1,24 @@
+# This workflow run linters on kubernetes resources.
+# It is supposed to be run on each push to main branch, as well as for each push in pull request.
+
+name: K8s Linters
+
+on:
+  pull_request:
+    branches: [ '*' ]
+    paths:
+      - 'helm/**'
+
+jobs:
+  linters:
+    name: Lint Kubernetes manifests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Scan repo with kube-linter
+        uses: stackrox/kube-linter-action@v1
+        with:
+          directory: helm/
+          config: helm/.kube-linter.yaml

.github/workflows/10-linters-tests.yaml

@@ -0,0 +1,95 @@
+# This workflow run linters and tests.
+# It is supposed to be run on each push to main branch, as well as for each push in pull request.
+
+name: Linters
+
+on:
+  pull_request:
+    branches: [ '*' ]
+
+env:
+  GO_VERSION: "1.21"
+  IMAGE: linode/linode-cosi-driver
+
+permissions:
+  contents: read
+
+jobs:
+  commitlint:
+    name: Lint commit messages
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@v5
+
+  golangci-lint:
+    name: Run golangci-lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+      - uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
+          skip-cache: true
+
+  shell-linter:
+    name: Run Shellcheck, Checkmake
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+      - name: Install Checkmake
+        run: go install github.com/mrtazz/checkmake/cmd/checkmake@latest
+      - name: Run Checkmake
+        run: checkmake Makefile
+      - name: Run Checkmake on tests
+        run: checkmake test/Makefile
+
+  tests:
+    name: Run unit tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+      - run: |
+          make test
+
+  docker:
+    name: Build dev image and run scans
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build image
+        uses: docker/build-push-action@v5
+        with:
+          push: false
+          load: true
+          tags: ${{ env.IMAGE }}:${{ github.sha }}
+          target: runtime
+      - name: Scan image using Grype
+        uses: anchore/scan-action@v3
+        with:
+          image: ${{ env.IMAGE }}:${{ github.sha }}
+          output-format: table
+      - name: Scan image using Trivy
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.IMAGE }}:${{ github.sha }}
+          format: table
+          exit-code: '1'
+          severity: 'CRITICAL,HIGH,MEDIUM'

.github/workflows/99-release.yaml

@@ -0,0 +1,32 @@
+# This workflow is used to run all necessary actions after the release.
+# This should include building and pushing the image.
+# It is supposed to be run on each new release.
+
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  REGISTRY: docker.io
+
+jobs:
+  docker:
+    name: Build dev image and run scans
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.ref_name }}
+          target: runtime

.pre-commit-config.yaml

@@ -0,0 +1,20 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/compilerla/conventional-pre-commit
+    rev: v3.0.0
+    hooks:
+      - id: conventional-pre-commit
+        stages: [commit-msg]
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v1.55.2
+    hooks:
+      - id: golangci-lint
+  - repo: https://github.com/koalaman/shellcheck-precommit
+    rev: v0.9.0
+    hooks:
+      - id: shellcheck
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.11.3
+    hooks:
+      - id: helm-docs