From 5a6c3cc8a52de2203fef5037600bc02a08991d3e Mon Sep 17 00:00:00 2001
From: Patrick Koss <patrick.koss@mail.schwarz>
Date: Thu, 14 Sep 2023 13:34:09 +0200
Subject: [PATCH] add pipelines

---
 .githooks/pre-push                  | 35 +++++++++++++++++
 .github/ISSUE_TEMPLATE/bug.yaml     | 48 +++++++++++++++++++++++
 .github/ISSUE_TEMPLATE/config.yaml  |  1 +
 .github/ISSUE_TEMPLATE/feature.yaml | 55 ++++++++++++++++++++++++++
 .github/renovate.json               | 17 ++++++++
 .github/semantic.yml                | 20 ++++++++++
 .github/workflows/main.yml          | 27 +++++++++++++
 .github/workflows/release.yaml      | 35 +++++++++++++++++
 .github/workflows/semgrep.yaml      | 35 +++++++++++++++++
 setup.cfg                           | 61 +++++++++++++++++++++++++++++
 10 files changed, 334 insertions(+)
 create mode 100644 .githooks/pre-push
 create mode 100644 .github/ISSUE_TEMPLATE/bug.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/config.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/feature.yaml
 create mode 100644 .github/renovate.json
 create mode 100644 .github/semantic.yml
 create mode 100644 .github/workflows/main.yml
 create mode 100644 .github/workflows/release.yaml
 create mode 100644 .github/workflows/semgrep.yaml
 create mode 100644 setup.cfg

diff --git a/.githooks/pre-push b/.githooks/pre-push
new file mode 100644
index 0000000..e206506
--- /dev/null
+++ b/.githooks/pre-push
@@ -0,0 +1,35 @@
+name: Semgrep
+
+on:
+  # Scan changed files in PRs, block on new issues only (existing issues ignored)
+  pull_request: {}
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    # Skip any PR created by dependabot to avoid permission issues
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      # Fetch project source
+      - uses: actions/checkout@v3
+
+      - uses: returntocorp/semgrep-action@v1
+        with:
+          config: >- # more at semgrep.dev/explore
+            p/security-audit
+            p/secrets
+            p/ci
+            p/r2c
+            p/r2c-ci
+            p/docker
+            p/dockerfile
+            p/command-injection
+          generateSarif: "1"
+
+      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
+      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+        uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
+        with:
+          sarif_file: semgrep.sarif
+        if: always()
diff --git a/.github/ISSUE_TEMPLATE/bug.yaml b/.github/ISSUE_TEMPLATE/bug.yaml
new file mode 100644
index 0000000..9851cbf
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug.yaml
@@ -0,0 +1,48 @@
+name: Bug Report
+description: File a bug report
+labels: [ bug, triage ]
+assignees:
+  - patrickkoss
+  - Slm0n87
+  - mgalm
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report! Please fill the form below.
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    id: reproducible
+    attributes:
+      label: How can we reproduce this?
+      description: Please share as much information as possible. Logs, screenshots, etc.
+    validations:
+      required: true
+  - type: checkboxes
+    id: search
+    attributes:
+      label: Search
+      options:
+        - label: I did search for other open and closed issues before opening this.
+          required: true
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/SchwarzIT/.github/blob/main/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
+  - type: textarea
+    id: ctx
+    attributes:
+      label: Additional context
+      description: Anything else you would like to add
+    validations:
+      required: false
diff --git a/.github/ISSUE_TEMPLATE/config.yaml b/.github/ISSUE_TEMPLATE/config.yaml
new file mode 100644
index 0000000..0086358
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yaml
@@ -0,0 +1 @@
+blank_issues_enabled: true
diff --git a/.github/ISSUE_TEMPLATE/feature.yaml b/.github/ISSUE_TEMPLATE/feature.yaml
new file mode 100644
index 0000000..53a3a82
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature.yaml
@@ -0,0 +1,55 @@
+name: Feature Request
+description: Request a new feature and/or enhancement to an existing feature
+labels: [enhancement, triage]
+assignees:
+  - patrickkoss
+  - mgalm
+  - Slm0n87
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this feature request! Please fill the form below.
+  - type: textarea
+    id: is-it-a-problem
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+    validations:
+      required: true
+  - type: checkboxes
+    id: search
+    attributes:
+      label: Search
+      options:
+        - label: I did search for other open and closed issues before opening this.
+          required: true
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/SchwarzIT/.github/blob/main/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
+  - type: textarea
+    id: ctx
+    attributes:
+      label: Additional context
+      description: Anything else you would like to add
+    validations:
+      required: false
diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 0000000..b2926fa
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,17 @@
+{
+  "extends": [
+    "config:base",
+    "group:allNonMajor",
+    ":semanticCommits",
+    ":semanticCommitTypeAll(chore)",
+    ":gitSignOff"
+  ],
+  "dependencyDashboard": false,
+  "packageRules": [
+    {
+      "matchManagers": ["pipenv", "poetry", "pip-compile", "pip_requirements", "setup-cfg"],
+      "matchUpdateTypes": ["major", "minor", "patch", "pin", "digest"],
+      "automerge": true
+    }
+  ]
+}
diff --git a/.github/semantic.yml b/.github/semantic.yml
new file mode 100644
index 0000000..19b9ba2
--- /dev/null
+++ b/.github/semantic.yml
@@ -0,0 +1,20 @@
+# config options found here: https://github.com/Ezard/semantic-prs
+
+# Always validate the PR title, and ignore the commits
+titleOnly: true
+
+scopes:
+  - plugin
+  - ci
+  - deps
+
+types:
+  - feat
+  - fix
+  - docs
+  - refactor
+  - test
+  - chore
+  - revert
+  - chore
+  - chore(deps)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..05c6ecf
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,27 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Lint and Test
+        run: |
+          make lint
+          make test
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..7d950d7
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,35 @@
+name: Publish Python distribution to PyPI
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  deploy:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Set version from tag
+        run: echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install setuptools wheel twine
+
+      - name: Build and publish
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+        run: |
+          python setup.py sdist bdist_wheel
+          twine upload dist/*
diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
new file mode 100644
index 0000000..27d52b7
--- /dev/null
+++ b/.github/workflows/semgrep.yaml
@@ -0,0 +1,35 @@
+name: Semgrep
+
+on:
+  # Scan changed files in PRs, block on new issues only (existing issues ignored)
+  pull_request: {}
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    # Skip any PR created by dependabot to avoid permission issues
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      # Fetch project source
+      - uses: actions/checkout@v4
+
+      - uses: returntocorp/semgrep-action@v1
+        with:
+          config: >- # more at semgrep.dev/explore
+            p/security-audit
+            p/secrets
+            p/ci
+            p/r2c
+            p/r2c-ci
+            p/docker
+            p/dockerfile
+            p/command-injection
+          generateSarif: "1"
+
+      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
+      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        with:
+          sarif_file: semgrep.sarif
+        if: always()
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000..6b516cd
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,61 @@
+[metadata]
+name = certbot-dns-stackit
+version = attr: PACKAGE_VERSION
+description = STACKIT DNS Authenticator plugin for Certbot
+long_description = file: README.md
+long_description_content_type = text/markdown
+url = https://github.com/stackitcloud/certbot-dns-stackit
+author = STACKIT DNS
+author_email = stackit-dns@mail.schwarz
+license = Apache License 2.0
+classifiers =
+    Development Status :: 5 - Production/Stable
+    Environment :: Plugins
+    Intended Audience :: System Administrators
+    License :: OSI Approved :: Apache Software License
+    Operating System :: POSIX :: Linux
+    Programming Language :: Python
+    Programming Language :: Python :: 3
+    Programming Language :: Python :: 3.4
+    Programming Language :: Python :: 3.5
+    Programming Language :: Python :: 3.6
+    Programming Language :: Python :: 3.7
+    Programming Language :: Python :: 3.8
+    Programming Language :: Python :: 3.9
+    Programming Language :: Python :: 3.10
+    Programming Language :: Python :: 3.11
+    Topic :: Internet :: WWW/HTTP
+    Topic :: Security
+    Topic :: System :: Installation/Setup
+    Topic :: System :: Networking
+    Topic :: System :: Systems Administration
+    Topic :: Utilities
+python_requires = >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*
+
+[options]
+packages = find:
+include_package_data = True
+install_requires =
+    acme>=2.6.0
+    certbot>=2.6.0
+    setuptools
+    requests
+    mock
+    requests-mock
+    mypy
+    mypy-extensions
+    types-requests
+    types-urllib3
+    flake8
+    pydocstyle
+    black
+    click==8.0.4
+    coverage
+
+[options.entry_points]
+certbot.plugins =
+    dns-stackit = certbot_dns_stackit.stackit:Authenticator
+
+[options.packages.find]
+exclude =
+    tests*