chore: apply repo-ansible standard and relicense

Author: mhitza

Diff for: .github/CODEOWNERS

@@ -0,0 +1,5 @@
+# Code Owners
+
+# The following individuals are designated as code owner(s) for specific files/directories in the repository:
+
+* @mhitza

Diff for: CODE_OF_CONDUCT.md renamed to .github/CODE_OF_CONDUCT.md

@@ -1,8 +1,19 @@
-# Contributor Covenant Code of Conduct
+## TL;DR
+<!-- Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. -->
+
+Be nice. Provide and accept constructive feedback. Avoid spamming, abusive, trolling, and otherwise unacceptable behavior. Repeat violations may result in a permanent ban.
+
+## Scope
+
+This Code of Conduct applies to all persons, including contributors, maintainers, end users, sponsors, etc., who interact with this project. It applies within all community spaces and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
 
 ## Our Pledge
 
-We as members, contributors, and leaders pledge to make participation in our
+We as contributors, maintainers, end users, and sponsors of this project pledge to make participation in our
 community a harassment-free experience for everyone, regardless of age, body
 size, visible or invisible disability, ethnicity, sex characteristics, gender
 identity and expression, level of experience, education, socio-economic status,
@@ -17,9 +28,9 @@ diverse, inclusive, and healthy community.
 Examples of behavior that contributes to a positive environment for our
 community include:
 
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
 * Giving and gracefully accepting constructive feedback
+* Being respectful of differing opinions, viewpoints, and experiences
+* Demonstrating empathy and kindness toward other people
 * Accepting responsibility and apologizing to those affected by our mistakes,
   and learning from the experience
 * Focusing on what is best not just for us as individuals, but for the overall
@@ -33,7 +44,8 @@ Examples of unacceptable behavior include:
 * Public or private harassment
 * Publishing others' private information, such as a physical or email address,
   without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
+* Spamming issues, pull requests, or community members
+* Other conduct which could reasonably be considered inappropriate or unproductive in a
   professional setting
 
 ## Enforcement Responsibilities
@@ -48,19 +60,10 @@ comments, commits, code, wiki edits, issues, and other contributions that are
 not aligned to this Code of Conduct, and will communicate reasons for moderation
 decisions when appropriate.
 
-## Scope
-
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
-
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at
-[email protected].
+reported to the maintainers or community leaders responsible for enforcement at [[email protected]](mailto:[email protected]).
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the
@@ -112,21 +115,8 @@ individual, or aggression toward or disparagement of classes of individuals.
 **Consequence**: A permanent ban from any sort of public interaction within the
 community.
 
-## Attribution
+## Credits
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
 version 2.1, available at
-[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
-
-Community Impact Guidelines were inspired by
-[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
-
-For answers to common questions about this code of conduct, see the FAQ at
-[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
-[https://www.contributor-covenant.org/translations][translations].
-
-[homepage]: https://www.contributor-covenant.org
-[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
-[Mozilla CoC]: https://github.com/mozilla/diversity
-[FAQ]: https://www.contributor-covenant.org/faq
-[translations]: https://www.contributor-covenant.org/translations
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html).

Diff for: .github/SECURITY.md

@@ -0,0 +1,24 @@
+<!-- Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. -->
+commit-message-checker
+============
+
+### Reporting Security Vulnerabilities
+We take the security of our software and systems very seriously, and we appreciate your help in identifying and disclosing any vulnerabilities that you may find.
+
+If you discover a security vulnerability, please report it to us as soon as possible by emailing us at [email protected]. Please do not disclose the vulnerability publicly until we have had a chance to investigate and address it. Please provide us with as much detail as possible, including:
+
+* A detailed description of the vulnerability.
+* Steps to reproduce the vulnerability.
+* Any relevant screenshots, logs, or other supporting information.
+* We will review your report as quickly as possible and will work to validate and address the issue.
+* Your name and contact information (if you wish to be credited for the discovery)
+
+### Our Security Practices
+* Regularly updating dependencies and libraries to address known security vulnerabilities
+* Conducting regular security audits and code reviews
+* Implementing secure coding practices and using secure development tools
+* Keeping sensitive data (such as API keys or credentials) encrypted and protected
+* Providing timely security updates and patches to address known vulnerabilities
+
+### Responsible Disclosure
+We believe in responsible disclosure, and we ask that you do not disclose any details of a vulnerability that you have discovered until we have had a reasonable amount of time to address it. We will notify users of known vulnerabilities and the steps they should take to address them promptly. We will also publish a public advisory on our website and other relevant channels once a vulnerability has been confirmed and addressed.

Diff for: .github/settings.yml

@@ -0,0 +1,75 @@
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+# These settings are synced to GitHub by https://probot.github.io/apps/settings/
+# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
+
+repository:
+
+  # The name of the repository. Changing this will rename the repository
+  name:  commit-message-checker
+
+  # A short description of the repository that will show up on GitHub
+  description: "Forked for maintenance. GitHub Action to check commit messages against a regex pattern.
+"
+
+
+  # A URL with more information about the repository
+  homepage: https://engineering.linkorb.com
+
+
+  # Either `true` to make the repository private, or `false` to make it public.
+  private: true
+
+  has_issues: false
+
+  # Either `true` to enable projects for this repository, or `false` to disable them.
+  # If projects are disabled for the organization, passing `true` will cause an API error.
+  has_projects: false
+
+  has_wiki: false
+
+  # Either `true` to enable downloads for this repository, `false` to disable them.
+  has_downloads: true
+
+  # Updates the default branch for this repository.
+  default_branch: fork
+
+  # Either `true` to allow squash-merging pull requests, or `false` to prevent
+  # squash-merging.
+  allow_squash_merge: true
+
+  # Either `true` to allow merging pull requests with a merge commit, or `false`
+  # to prevent merging pull requests with merge commits.
+  allow_merge_commit: true
+
+  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
+  # rebase-merging.
+  allow_rebase_merge: true
+
+  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
+  delete_branch_on_merge: true
+
+  # Either `true` to enable automated security fixes, or `false` to disable
+  # automated security fixes.
+  enable_automated_security_fixes: true
+
+  # Either `true` to enable vulnerability alerts, or `false` to disable
+  # vulnerability alerts.
+  enable_vulnerability_alerts: true
+
+# Labels: define labels for Issues and Pull Requests
+labels:
+  - name: fix
+    color: CC0000
+    description: An issue with the system.
+
+  - name: feat
+    # If including a `#`, make sure to wrap it with quotes!
+    color: '#336699'
+    description: New feature.
+
+  - name: chore
+    color: CC0000
+    description: A repository chore.
+
+
+# Milestones: define milestones for Issues and Pull Requests

Diff for: .github/workflows/10-review.yaml

@@ -0,0 +1,55 @@
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+name: Review
+
+on:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+  workflow_call:
+
+jobs:
+  commit-conventions:
+    runs-on: ubuntu-latest
+    # Don't enforce commit conventions checks for Dependabot
+    if: github.actor != 'dependabot[bot]'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # interesting alternative: https://github.com/cocogitto/cocogitto
+      - name: Conventional commit checker
+        uses: webiny/[email protected]
+        # XXX: normal action versioning syntax (`@v1`) doesn't work with this action,
+        # possibly because not published on the GitHub marketplace
+
+      - name: Check Card# reference
+        uses: gsactions/commit-message-checker@v2
+        with:
+          # Matches lines that end in a card number:                  #1234
+          # Matches lines that end in a card number and PR reference: #1234 (#20)
+          pattern: '#\d{4}(\s+\(#\d+\))?'
+          flags: 'gm'
+          error: 'Your commit message has to end with a card number like "#1234".'
+          excludeDescription: 'true' # optional: this excludes the description body of a pull request
+          excludeTitle: 'true' # optional: this excludes the title of a pull request
+          checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
+          accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
+
+      - name: Check Line Length
+        uses: gsactions/commit-message-checker@v2
+        with:
+          pattern: '^.{0,50}$'
+          error: 'The maximum line length of 50 characters is exceeded.'
+          excludeDescription: 'true' # optional: this excludes the description body of a pull request
+          excludeTitle: 'true' # optional: this excludes the title of a pull request
+          checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
+          accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
+
+      - name: Check Body Length
+        uses: gsactions/commit-message-checker@v2
+        with:
+          pattern: '^.{0,72}$'
+          error: 'The maximum line length of 72 characters is exceeded in the body.'
+          excludeDescription: 'false' # optional: this excludes the description body of a pull request
+          excludeTitle: 'true' # optional: this excludes the title of a pull request
+          checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
+          accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true

Diff for: .github/workflows/dependabot-auto-merge.yaml

@@ -0,0 +1,22 @@
+name: Auto-merge Dependabot PRs
+on: pull_request_target
+
+permissions:
+  pull-requests: write # required for the action to read metadata
+  contents: write # required for the gh client to read/merge commits
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ github.token }}

Diff for: .github/workflows/repo-ansible.yaml

@@ -0,0 +1,79 @@
+name: Auto-run repo-ansible
+
+on:
+  workflow_dispatch:
+
+  pull_request_target:
+    paths:
+      - 'repo.yaml'
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - 'repo.yaml'
+
+permissions:
+  contents: write # allow git commits & push
+  pull-requests: write # allow comments on PR
+
+env:
+  # XXX alternative to missing ternary syntax
+  IS_PULL_REQUEST: ${{ github.event_name == 'pull_request_target' && '1' || '0' }}
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    steps:
+      - if: ${{ env.IS_PULL_REQUEST == '0' }}
+        uses: actions/checkout@v4
+
+      - if: ${{ env.IS_PULL_REQUEST == '1' }}
+        uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+
+      - name: repo-ansible
+        run: |
+          docker pull ghcr.io/linkorb/repo-ansible:latest >/dev/null
+          docker run --rm -v "$PWD":/app ghcr.io/linkorb/repo-ansible:latest | tee /tmp/repo_ansible_output
+          export OUTPUT=$(cat /tmp/repo_ansible_output)
+          {
+            echo 'REPO_ANSIBLE_OUTPUT<<EOF'
+            echo "$OUTPUT"
+            echo EOF
+          } >> "$GITHUB_ENV"
+
+          if ! echo "$OUTPUT" | grep "changed=0"; then
+            echo "REPOSITORY_CHANGED=1" >> "$GITHUB_ENV"
+          fi
+
+
+      - if: ${{ env.IS_PULL_REQUEST == '0' }}
+        name: commit changes
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add .
+          if git commit -m "chore: automatic repo-ansible run #0000"; then
+            git push
+          fi
+
+
+      - if: ${{ env.IS_PULL_REQUEST == '1' && env.REPOSITORY_CHANGED == '1' }}
+        name: comment with changes
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const changes = process.env.REPO_ANSIBLE_OUTPUT
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `Following repo-ansible changes will be applied when merged to main/master branch
+
+              \`\`\`shell
+              ${changes}
+              \`\`\`
+            `
+            })