initial commit

.dockerignore

@@ -0,0 +1,8 @@
+/.devenv/
+/.direnv/
+/.github/
+/bin/
+/build/
+/deploy/
+/Dockerfile
+/e2e/

.editorconfig

@@ -0,0 +1,21 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.go]
+indent_style = tab
+
+[{*.yaml,*.yml}]
+indent_size = 2
+
+[{Makefile,*.mk}]
+indent_style = tab
+
+[*.nix]
+indent_size = 2

.envrc

@@ -0,0 +1,4 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
+fi
+use flake . --impure

.github/.editorconfig

@@ -0,0 +1,2 @@
+[{*.yml,*.yaml}]
+indent_size = 2

.github/CODEOWNERS

@@ -0,0 +1,9 @@
+# This file provides an overview of code owners in this repository.
+
+# Each line is a file pattern followed by one or more owners.
+# The last matching pattern has the most precedence.
+# For more details read the following article on GitHub: https://help.github.com/articles/about-codeowners/.
+
+# These are the default owners for the whole content of repository.
+# The default owners are automatically added as reviewers when you open a pull request unless different owners are specified in the file.
+* @bank-vaults/maintainers

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,107 @@
+name: 🐛 Bug report
+description: Report a bug to help us improve the Secrets Webhook
+labels: [kind/bug]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for submitting a bug report!
+
+        Please fill out the template below to make it easier to debug your problem.
+
+        If you are not sure if it is a bug or not, you can contact us via the available [support channels](https://bank-vaults.dev/docs/support/).
+  - type: checkboxes
+    attributes:
+      label: Preflight Checklist
+      description: Please ensure you've completed all of the following.
+      options:
+        - label: I have searched the [issue tracker](https://www.github.com/bank-vaults/secrets-webhook/issues) for an issue that matches the one I want to file, without success.
+          required: true
+        - label: I am not looking for support or already pursued the available [support channels](https://bank-vaults.dev/docs/support/) without success.
+          required: true
+        - label: I agree to follow the [Code of Conduct](https://bank-vaults.dev/docs/code-of-conduct/).
+          required: true
+  - type: input
+    attributes:
+      label: Secrets Webhook Version
+      description: What version of the Secrets Webhook are you using?
+      placeholder: 1.20.0
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Installation Type
+      description: How did you install the Operator?
+      options:
+        - Official Helm chart
+        - Custom Helm chart
+        - Other (specify below)
+  - type: input
+    attributes:
+      label: Bank-Vaults Version
+      description: What version of the Bank-Vaults CLI are you using?
+      placeholder: leave empty if you haven't specified a custom version
+  - type: input
+    attributes:
+      label: Kubernetes Version
+      description: What version of Kubernetes are you using?
+      placeholder: 1.27.0
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Kubernetes Distribution/Provisioner
+      description: Which Kubernetes distribution/privisioner are you using?
+      placeholder: e.g. GKE, EKS, AKS, etc
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Actual Behavior
+      description: A clear description of what actually happens.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior if it is not self-explanatory.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+  - type: textarea
+    attributes:
+      label: Configuration
+      description: Include Webhook deployment configuration data such as Helm chart values.
+      render: yaml
+      placeholder: |
+        **Chart values**
+
+        Your redacted custom Helm values data
+
+        **Other**
+
+        1. Vault CustomResource
+        ```yaml
+        apiVersion: "vault.banzaicloud.com/v1alpha1"
+        kind: "Vault"
+        metadata:
+          name: "vault"
+        ...
+        ```
+  - type: textarea
+    attributes:
+      label: Logs
+      description: Webhook or application logs (if relevant).
+      render: shell
+  - type: textarea
+    attributes:
+      label: Additional Information
+      description: Links? References? Anything that will give us more context about the issue that you are encountering!

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,13 @@
+blank_issues_enabled: true
+contact_links:
+  - name: 📖 Documentation enhancement
+    url: https://github.com/bank-vaults/bank-vaults.dev/issues
+    about: Suggest an improvement to the documentation
+
+  - name: 📚 Documentation
+    url: https://bank-vaults.dev/docs/mutating-webhook/
+    about: Check the documentation for help
+
+  - name: 💬 Slack channel
+    url: https://eti.cisco.com/slack
+    about: Please ask and answer questions here

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,41 @@
+name: 🎉 Feature request
+description: Suggest an idea for the Secrets Webhook
+labels: [kind/enhancement]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for submitting a feature request!
+
+        Please describe what you would like to change/add and why in detail by filling out the template below.
+
+        If you are not sure if your request fits into Dex, you can contact us via the available [support channels](https://bank-vaults.dev/docs/support/).
+  - type: checkboxes
+    attributes:
+      label: Preflight Checklist
+      description: Please ensure you've completed all of the following.
+      options:
+        - label: I have searched the [issue tracker](https://www.github.com/bank-vaults/secrets-webhook/issues) for an issue that matches the one I want to file, without success.
+          required: true
+        - label: I agree to follow the [Code of Conduct](https://bank-vaults.dev/docs/code-of-conduct/).
+          required: true
+  - type: textarea
+    attributes:
+      label: Problem Description
+      description: A clear and concise description of the problem you are seeking to solve with this feature request.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed Solution
+      description: A clear and concise description of what would you like to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Alternatives Considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+  - type: textarea
+    attributes:
+      label: Additional Information
+      description: Add any other relevant context here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,21 @@
+<!--
+Thank you for sending a pull request! Here are some tips for contributors:
+
+1. Fill the description template below.
+2. Include appropriate tests (if necessary). Make sure that all CI checks passed.
+3. If the Pull Request is a work in progress, make use of GitHub's "Draft PR" feature and mark it as such.
+-->
+
+## Overview
+
+<!--
+Please include a summary of the changes and the related issue.
+Please also include relevant motivation and context.
+List any dependencies that are required for this change.
+-->
+
+Fixes #(issue)
+
+## Notes for reviewer
+
+<!-- Anything the reviewer should know? -->

.github/dependabot.yaml

@@ -0,0 +1,32 @@
+version: 2
+
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "16:00"
+    open-pull-requests-limit: 10
+    groups:
+      k8s:
+        patterns:
+          - "k8s.io/api"
+          - "k8s.io/apimachinery"
+          - "k8s.io/client-go"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "16:00"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "16:00"
+    open-pull-requests-limit: 10

.github/renovate.json

@@ -0,0 +1,16 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "schedule:earlyMondays",
+        ":disableDependencyDashboard"
+    ],
+    "enabledManagers": [
+        "nix"
+    ],
+    "nix": {
+        "enabled": true
+    },
+    "lockFileMaintenance": {
+        "enabled": true
+    }
+}

.github/workflows/analysis-scorecard.yaml

@@ -0,0 +1,47 @@
+name: OpenSSF Scorecard
+
+on:
+  branch_protection_rule:
+  push:
+    branches: [main]
+  schedule:
+    - cron: '30 0 * * 5'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload results as artifact
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: OpenSSF Scorecard results
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.3.4
+        with:
+          sarif_file: results.sarif