nginx · mrajagopal · Sep 23, 2024 · Sep 23, 2024
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,15 @@
+### Proposed changes
+
+Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to
+that issue here in this description (not in the title of the PR).
+
+### Checklist
+
+Before creating a PR, run through this checklist and mark each as complete.
+
+- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/nginx-supportpkg-for-k8s/blob/main/CONTRIBUTING.md) guide
+- [ ] I have proven my fix is effective or that my feature works
+- [ ] I have checked that all unit tests pass after adding my changes
+- [ ] I have ensured the README is up to date
+- [ ] I have rebased my branch onto main
+- [ ] I will ensure my PR is targeting the main branch and pulling from my branch on my own fork
diff --git a/.github/workflows/f5.cla.yml b/.github/workflows/f5.cla.yml
@@ -0,0 +1,51 @@
+name: F5 CLA
+
+on:
+  issue_comment:
+    types:
+      - created
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+
+concurrency:
+  group: ${{ github.ref_name }}-cla
+
+permissions:
+  contents: read
+
+jobs:
+  f5-cla:
+    name: F5 CLA
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: write
+      contents: read
+      pull-requests: write
+      statuses: write
+    steps:
+      - name: Run F5 Contributor License Agreement (CLA) assistant
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/github-action@f41946747f85d28e9a738f4f38dbcc74b69c7e0e # v2.5.1
+        with:
+          # Any pull request targeting the following branch will trigger a CLA check.
+          branch: "main"
+          # Path to the CLA document.
+          path-to-document: "https://github.com/f5/.github/blob/main/CLA/cla-markdown.md"
+          # Custom CLA messages.
+          custom-notsigned-prcomment: "🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and reply on a new comment with the following text to agree:"
+          custom-pr-sign-comment: "I have hereby read the F5 CLA and agree to its terms"
+          custom-allsigned-prcomment: "✅ All required contributors have signed the F5 CLA for this PR. Thank you!"
+          # Remote repository storing CLA signatures.
+          remote-organization-name: "f5"
+          remote-repository-name: "f5-cla-data"
+          path-to-signatures: "signatures/beta/signatures.json"
+          # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA.
+          allowlist: bot*
+          # Do not lock PRs after a merge.
+          lock-pullrequest-aftermerge: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }}
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
@@ -0,0 +1,30 @@
+name: Fossa
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "**.md"
+      - "LICENSE"
+
+concurrency:
+  group: ${{ github.ref_name }}-fossa
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    name: Fossa
+    runs-on: ubuntu-22.04
+    if: ${{ github.event.repository.fork == false }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Scan
+        uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # v1.4.0
+        with:
+          api-key: ${{ secrets.FOSSA_TOKEN }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -0,0 +1,61 @@
+name: OpenSSF Scorecards
+on:
+  branch_protection_rule: # yamllint disable-line rule:empty-values
+  schedule:
+    - cron: "28 14 * * 2" # Run every Tuesday at 14:28 UTC
+  push:
+    branches:
+      - main
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-22.04
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        with:
+          sarif_file: results.sarif
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,95 @@
+# Contributing Guidelines
+
+The following is a set of guidelines for contributing to the NGINX Supportpkg for k8s. We really appreciate that you are
+considering contributing!
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+## Table of Contents
+
+- [Ask a Question](#ask-a-question)
+- [Getting Started](#getting-started)
+- [Contributing](#contributing)
+    - [Report a Bug](#report-a-bug)
+    - [Suggest an Enhancement](#suggest-an-enhancement)
+    - [Open a Pull Request](#open-a-pull-request)
+    - [Issue lifecycle](#issue-lifecycle)
+    - [F5 Contributor License Agreement (CLA)](#f5-contributor-license-agreement-cla)
+- [Style Guides](#style-guides)
+    - [Git Style Guide](#git-style-guide)
+    - [Go Style Guide](#go-style-guide)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Ask a Question
+
+To ask a question please use [Github Discussions](https://github.com/nginxinc/nginx-supportpkg-for-k8s/discussions).
+
+You can also join our [Community Slack](https://community.nginx.org/joinslack) which has a wider NGINX audience.
+
+Please reserve GitHub issues for feature requests and bugs rather than general questions.
+
+## Getting Started
+
+Read the usage and testing steps in the [README](README.md).
+
+## Contributing
+
+### Report a Bug
+
+To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please
+ensure the issue has not already been reported.
+
+### Suggest an Enhancement
+
+To suggest an enhancement, please create an issue on GitHub with the label `enhancement` using the available feature
+issue template.
+
+### Open a Pull Request
+
+- Fork the repo, create a branch, submit a PR when your changes are tested and ready for review
+- Fill in [our pull request template](.github/PULL_REQUEST_TEMPLATE.md)
+
+> **Note**
+>
+> If you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion
+> about the feature.
+
+### Issue lifecycle
+
+- When an issue or PR is created, it will be triaged by the core development team and assigned a label to indicate the
+  type of issue it is (bug, feature request, etc) and to determine the milestone. Please see the [Issue
+  Lifecycle](ISSUE_LIFECYCLE.md) document for more information.
+
+### F5 Contributor License Agreement (CLA)
+
+F5 requires all external contributors to agree to the terms of the F5 CLA (available [here](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md))
+before any of their changes can be incorporated into an F5 Open Source repository.
+
+If you have not yet agreed to the F5 CLA terms and submit a PR to this repository, a bot will prompt you to view and
+agree to the F5 CLA. You will have to agree to the F5 CLA terms through a comment in the PR before any of your changes
+can be merged. Your agreement signature will be safely stored by F5 and no longer be required in future PRs.
+
+## Style Guides
+
+### Git Style Guide
+
+- Keep a clean, concise and meaningful git commit history on your branch, rebasing locally and squashing before
+  submitting a PR
+- Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/>
+  and summarized in the next few points
+    - In the subject line, use the present tense ("Add feature" not "Added feature")
+    - In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...")
+    - Limit the subject line to 72 characters or less
+    - Reference issues and pull requests liberally after the subject line
+    - Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in
+      your text editor to write a good message instead of `git commit -am`)
+
+### Go Style Guide
+
+- Run `gofmt` over your code to automatically resolve a lot of style issues. Most editors support this running
+  automatically when saving a code file.
+- Run `go lint` and `go vet` on your code too to catch any other issues.
+- Follow this guide on some good practice and idioms for Go - <https://github.com/golang/go/wiki/CodeReviewComments>
+- To check for extra issues, install [golangci-lint](https://github.com/golangci/golangci-lint) and run `make lint` or
+  `golangci-lint run`
diff --git a/README.md b/README.md
@@ -1,3 +1,10 @@
+[![OpenSSFScorecard](https://api.securityscorecards.dev/projects/github.com/nginxinc/nginx-supportpkg-for-k8s/badge)](https://scorecard.dev/viewer/?uri=github.com/nginxinc/nginx-supportpkg-for-k8s)
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Fnginx-supportpkg-for-k8s.svg?type=shield)](https://app.fossa.com/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Fnginx-supportpkg-for-k8s?ref=badge_shield)
+[![Go Report Card](https://goreportcard.com/badge/github.com/nginxinc/nginx-supportpkg-for-k8s)](https://goreportcard.com/report/github.com/nginxinc/nginx-supportpkg-for-k8s)
+![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/nginxinc/nginx-supportpkg-for-k8s?logo=go)
+[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
+
+
 # nginx-supportpkg-for-k8s
 
 A kubectl plugin designed to collect diagnostics information on any NGINX product running on k8s.