Initial commit

Author: mhjacks

.ansible-lint

@@ -0,0 +1,18 @@
+# Vim filetype=yaml
+---
+offline: false
+#requirements: ansible/execution_environment/requirements.yml
+
+exclude_paths:
+  - .cache/
+  - .github/
+  - charts/
+  - common/
+  - tests/
+
+# warn_list:
+#   - yaml
+#   - schema
+#   - experimental
+#   - risky-file-permissions
+#   - var-spacing

.github/dependabot.yml

@@ -0,0 +1,9 @@
+---
+version: 2
+updates:
+  # Check for updates to GitHub Actions every week
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+

.github/linters/.gitleaks.toml

@@ -0,0 +1,9 @@
+[whitelist]
+# As of v4, gitleaks only matches against filename, not path in the
+# files directive.  Leaving content for backwards compatibility.
+files = [
+  "ansible/plugins/modules/*.py",
+  "ansible/tests/unit/test_*.py",
+  "ansible/tests/unit/*.yaml",
+  "ansible/tests/unit/v2/*.yaml",
+]

.github/linters/.markdown-lint.yml

@@ -0,0 +1,6 @@
+{
+    "default": true,
+    "MD003": false,
+    "MD013": false,
+    "MD033": false
+}

.github/workflows/ansible-lint.yml

@@ -0,0 +1,17 @@
+name: Ansible Lint # feel free to pick your own name
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Important: This sets up your GITHUB_WORKSPACE environment variable
+      - uses: actions/checkout@v4
+
+      - name: Lint Ansible Playbook
+        uses: ansible/ansible-lint-action@v6
+        # Let's point it to the path
+        with:
+          path: "ansible/"

.github/workflows/jsonschema.yaml

@@ -0,0 +1,49 @@
+---
+name: Verify json schema
+
+on: [push, pull_request]
+
+jobs:
+  jsonschema_tests:
+    name: Json Schema tests
+    strategy:
+      matrix:
+        python-version: [3.11]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install check-jsonschema
+
+      - name: Install yq
+        uses: chrisdickinson/setup-yq@latest
+        with:
+          yq-version: v4.30.7
+
+      - name: Verify secrets json schema against templates
+        run: |
+          cp ./values-secret.yaml.template ./values-secret.yaml
+          check-jsonschema --fill-defaults --schemafile https://raw.githubusercontent.com/validatedpatterns/rhvp.cluster_utils/refs/heads/main/roles/vault_utils/values-secrets.v2.schema.json values-secret.yaml
+          rm -f ./values-secret.yaml
+
+      - name: Verify ClusterGroup values.schema.json against values-*yaml files
+        run: |
+          set -e; for i in values-hub.yaml values-group-one.yaml; do
+            echo "$i"
+            # disable shellcheck of single quotes in yq
+            # shellcheck disable=2016
+            yq eval-all '. as $item ireduce ({}; . * $item )' values-global.yaml "$i" > tmp.yaml
+            check-jsonschema --fill-defaults --schemafile https://raw.githubusercontent.com/validatedpatterns/clustergroup-chart/refs/heads/main/values.schema.json tmp.yaml
+            rm -f tmp.yaml
+          done
+

.github/workflows/superlinter.yml

@@ -0,0 +1,44 @@
+---
+name: Super linter
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    # Name the Job
+    name: Super linter
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      - name: Lint Code Base
+        uses: super-linter/super-linter/slim@v7
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # These are the validation we disable atm
+          VALIDATE_ANSIBLE: false
+          VALIDATE_BASH: false
+          VALIDATE_CHECKOV: false
+          VALIDATE_JSCPD: false
+          VALIDATE_JSON_PRETTIER: false
+          VALIDATE_MARKDOWN_PRETTIER: false
+          VALIDATE_KUBERNETES_KUBECONFORM: false
+          VALIDATE_PYTHON_PYLINT: false
+          VALIDATE_SHELL_SHFMT: false
+          VALIDATE_YAML: false
+          VALIDATE_YAML_PRETTIER: false
+          # VALIDATE_DOCKERFILE_HADOLINT: false
+          # VALIDATE_MARKDOWN: false
+          # VALIDATE_NATURAL_LANGUAGE: false
+          # VALIDATE_TEKTON: false

.github/workflows/update-metadata.yml

@@ -0,0 +1,23 @@
+# This job requires a secret called DOCS_TOKEN which should be a PAT token
+# that has the permissions described in:
+# validatedpatterns/docs/.github/workflows/metadata-docs.yml@main
+---
+name: Update docs pattern metadata
+
+on:
+  push:
+    paths:
+      - "pattern-metadata.yaml"
+      - ".github/workflows/update-metadata.yml"
+
+jobs:
+  update-metadata:
+    uses: validatedpatterns/docs/.github/workflows/metadata-docs.yml@main
+    permissions: # Workflow-level permissions
+      contents: read  # Required for "read-all"
+      packages: write # Allows writing to packages
+      id-token: write # Allows creating OpenID Connect (OIDC) tokens
+    secrets: inherit
+    # For testing you can point to a different branch in the docs repository
+    # with:
+    #  DOCS_BRANCH: "main"

.gitignore

@@ -0,0 +1,9 @@
+*~
+*.swp
+*.swo
+values-secret*
+.*.expected.yaml
+pattern-vault.init
+vault.init
+super-linter.log
+common/pattern-vault.init

.gitleaks.toml

@@ -0,0 +1 @@
+.github/linters/.gitleaks.toml