Splitting Workflow Files, for make the workflows reuseable, from other

github projects.

.editorconfig

@@ -4,6 +4,8 @@ root = true
 insert_final_newline = true
 charset = utf-8
 trim_trailing_whitespace = true
+indent_style = space
+indent_size = 4
 
 [{Makefile,go.mod,go.sum,.gitmodules}]
 indent_style = tab

.github/commons-settings.yml

@@ -96,5 +96,5 @@ branches:
       required_status_checks:
         strict: true
         contexts:
-          - "Static CI Tests"
+          - "static / Static CI Tests"
       restrictions: null

.github/workflows/build-static-tests.yaml

@@ -1,15 +1,8 @@
-name: CI Static Tests
-
 on:
   push:
+
 jobs:
   static:
-    name: "Static CI Tests"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@v2.4.0
-
-      - uses: actions/setup-python@v2
-
-      - uses: pre-commit/action@v2.0.3
+    uses: nolte/gh-plumbing/.github/workflows/reuseable-pre-commit.yaml@feature/reusing-workflows
+  security:
+    uses: nolte/gh-plumbing/.github/workflows/reuseable-trivy.yaml@feature/reusing-workflows

.github/workflows/release-cd-deliver-docs.yml

@@ -1,18 +1,9 @@
-name: Release Deliver Docs
-
 on:
   release:
     types: [published]
+
 jobs:
   publish_docs:
-    name: "Publish the HTML Documentation"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout master
-        uses: actions/checkout@v2.4.0
-
-      # TODO add feature toogle for mkdocs and hugo
-      - name: Deploy docs
-        uses: mhausenblas/mkdocs-deploy-gh-pages@1.24
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    uses: nolte/gh-plumbing/.github/workflows/reuseable-mkdocs.yaml@feature/reusing-workflows
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-drafter.yml

@@ -1,15 +1,10 @@
-name: Release Drafter
-
 on:
   push:
     branches:
       - develop
 
 jobs:
   update_release_draft:
-    name: Update Release Draft
-    runs-on: ubuntu-latest
-    steps:
-      - uses: release-drafter/release-drafter@v5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    uses: nolte/gh-plumbing/.github/workflows/reuseable-release-drafter.yml@feature/reusing-workflows
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/reuseable-mkdocs.yaml

@@ -0,0 +1,21 @@
+name: Release Deliver Docs
+
+on:
+  workflow_call:
+    secrets:
+      token:
+        required: true
+
+jobs:
+  publish_docs:
+    name: "Publish the HTML Documentation"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout master
+        uses: actions/checkout@v2.4.0
+
+      # TODO add feature toogle for mkdocs and hugo
+      - name: Deploy docs
+        uses: mhausenblas/mkdocs-deploy-gh-pages@1.24
+        env:
+          token: ${{ secrets.token }}

.github/workflows/reuseable-pre-commit.yaml

@@ -0,0 +1,16 @@
+name: CI Static Tests
+
+on:
+  workflow_call:
+
+jobs:
+  static:
+    name: "Static CI Tests"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2.4.0
+
+      - uses: actions/setup-python@v2
+
+      - uses: pre-commit/action@v2.0.3

.github/workflows/reuseable-release-drafter.yml

@@ -0,0 +1,16 @@
+name: Release Drafter
+
+on:
+  workflow_call:
+    secrets:
+      token:
+        required: true
+
+jobs:
+  update_release_draft:
+    name: Update Release Draft
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.token }}

.github/workflows/reuseable-stale.yaml

@@ -0,0 +1,35 @@
+name: "Mark or close stale issues and PRs"
+
+on:
+  workflow_call:
+    secrets:
+      token:
+        required: true
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/stale@v4
+      with:
+        repo-token: ${{ secrets.token }}
+        # Staling issues and PR's
+        days-before-stale: 30
+        stale-issue-label: stale
+        stale-pr-label: stale
+        stale-issue-message: |
+          This issue has been automatically marked as stale because it has been open 30 days
+          with no activity. Remove stale label or comment or this issue will be closed in 10 days
+        stale-pr-message: |
+          This PR has been automatically marked as stale because it has been open 30 days
+          with no activity. Remove stale label or comment or this PR will be closed in 10 days
+        # Not stale if have this labels or part of milestone
+        exempt-issue-labels: bug,wip,on-hold
+        exempt-pr-labels:    bug,wip,on-hold
+        exempt-all-milestones: true
+        # Close issue operations
+        # Label will be automatically removed if the issues are no longer closed nor locked.
+        days-before-close: 10
+        delete-branch: true
+        close-issue-message: This issue was automatically closed because of stale in 10 days
+        close-pr-message: This PR was automatically closed because of stale in 10 days

.github/workflows/reuseable-trivy.yaml

@@ -0,0 +1,27 @@
+name: Security Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/stale.yaml

@@ -0,0 +1,9 @@
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  stale:
+    uses: nolte/gh-plumbing/.github/workflows/reuseable-stale.yaml@feature/reusing-workflows
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

.pre-commit-config.yaml

@@ -1,7 +1,8 @@
 repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.3.0
-    hooks:
-    -   id: check-yaml
-    -   id: end-of-file-fixer
-    -   id: trailing-whitespace
+    - repo: https://github.com/pre-commit/pre-commit-hooks
+      rev: v4.1.0
+      hooks:
+          - id: check-yaml
+          - id: end-of-file-fixer
+          - id: trailing-whitespace
+            args: ['--markdown-linebreak-ext=md']

.tool-versions

@@ -1 +1 @@
-python 3.7.1
+python 3.8.5

README.md

@@ -1,17 +1,58 @@
 # Plumbing
 
-Collection of common Configs for Project Management and CI/CD.
+<!--intro-start-->
+Used for deduplicate the CI/CD Boilerplate-Code. Like [Workflow](https://docs.github.com/en/actions) and [Github App](https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps) configurations.
+<!--intro-end-->
 
-probot                                                            | git                                                                         | description
------------------------------------------------------------------ | --------------------------------------------------------------------------- | -------------------------------------------------------------
-[settings](https://probot.github.io/apps/settings/)               | [probot/settings](https://github.com/probot/settings)                       | Configure Github Projects by Source.
-[stale](https://probot.github.io/apps/stale/)                     | [probot/stale](https://github.com/probot/stale)                             | Handle stale issues.
-[release-drafter](https://probot.github.io/apps/release-drafter/) | [toolmantim/release-drafter](https://github.com/toolmantim/release-drafter) | Creates a Human Readable Release Change Log.
-[boring-cyborg](https://probot.github.io/apps/boring-cyborg/)     | [kaxil/boring-cyborg](https://github.com/kaxil/boring-cyborg)               | Different util actions like, automatically label Pull Request
+## Workflows
 
+<!--td-workflows-start-->
+| Workflow                            | description                                                                                                                                                  |
+|-------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| ```reuseable-mkdocs.yaml```         | Publish a [mkdocs](https://www.mkdocs.org/) based Documentation as [Github Page](https://pages.github.com/).                                                 |
+| ```reuseable-pre-commit.yaml```     | call [pre-commit](https://pre-commit.com/) for executing a set of Static Tests.                                                                              |
+| ```reuseable-release-drafter.yml``` | Will be use [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) for updating the current "Draft" Release with a Changelog. |
+| ```reuseable-trivy.yaml```          | Scan the GitRepo by using [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).                                                         |
+<!--td-workflows-end-->
+
+## Probot Config
+
+<!--probot-intro-start-->
+Collection of common Configs for Project Management and CI/CD.  
+For Using in other Github Projects, having a reuseable set of Probot Config Repo, more informations at [probot.github.io](https://probot.github.io/docs/best-practices/#configuration).
+<!--probot-intro-end-->
+
+<!--td-probot-apps-start-->
+| probot                                                            | git                                                                         | description                                                                                                         |
+|-------------------------------------------------------------------|-----------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|
+| [boring-cyborg](https://probot.github.io/apps/boring-cyborg/)     | [kaxil/boring-cyborg](https://github.com/kaxil/boring-cyborg)               | Different util actions like, automatically label Pull Request                                                       |
+| [release-drafter](https://probot.github.io/apps/release-drafter/) | [toolmantim/release-drafter](https://github.com/toolmantim/release-drafter) | Creates a Human Readable Release Change Log.                                                                        |
+| [renovate](https://github.com/apps/renovate)                      |                                                                             | Using [renovate](https://www.whitesourcesoftware.com/free-developer-tools/renovate/) for keep dependencies in sync. |
+| [settings](https://probot.github.io/apps/settings/)               | [probot/settings](https://github.com/probot/settings)                       | Configure Github Projects by Source.                                                                                |
+<!--td-probot-apps-end-->
 
 For More Inforation take a look to the GH Page, [gh-plumbing](http://nolte.github.io/gh-plumbing).
 
+## Development
+
+<!--development-intro-start-->
+We use the [asdf](https://asdf-vm.com/) Packagemanager.
+
+
+```sh
+asdf install
+
+virtualenv ~/.vens/development
+
+source ~/.vens/development/bin/activate
+pip install -r requirements-dev.txt
+
+mkdocs serve -a localhost:8001
+```
+
+Open [localhost:8001](http://localhost:8001/) for take a look to the lastest documentation, created with [mkdocs](https://www.mkdocs.org/).
+<!--development-intro-end-->
+
 ## Links
 
 * [nolte/cookiecutter-gh-project](https://github.com/nolte/cookiecutter-gh-project) for templating.

docs/index.md

@@ -1,42 +1,15 @@
-# Shared Probot Configs
+# Shared Configs
 
-For Using in other Github Projects use the Probot Repo Config, more informations at [probot.github.io](https://probot.github.io/docs/best-practices/#configuration).
+{%
+   include-markdown "../README.md"
+   start="<!--intro-start-->"
+   end="<!--intro-end-->"
+%}
 
-Example:
+## Development
 
-```ỳaml
-_extends: gh-plumbing:.github/commons-stale.yml
-```
-
-The Reuseable configurations are prefixed with ```.github/commons-*.yml```.
-
-
-### Shared Configs
-
-#### Project Settings
-
-For Central Project Configuration we use the [settings](https://probot.github.io/apps/settings/) Github App.
-
-This Applications will be handle:
-
-* Default Branch Configuration
-* Project Description, topic etc.
-* Label Colors
-
-
-##### Usage
-
-```
-_extends: gh-plumbing:.github/commons-settings.yml
-repository:
-  name: cookiecutter-gh-project
-  description: Template for Create Github Workflows and Projects
-  homepage: https://nolte.github.io/cookiecutter-gh-project
-  topics: templating, cookiecutter, github
-```
-
-#### Labelling
-
-For Handle PR and Issue Labels we use a combination of Two Github Applications, [stale](https://probot.github.io/apps/stale/) for close Inactive Elements, and [boring-cyborg](https://probot.github.io/apps/boring-cyborg/) for setting labels by Existing roles, like changes at `./docs` allways get the Label `documentations`.
-
-##### Usage
+{%
+   include-markdown "../README.md"
+   start="<!--development-intro-start-->"
+   end="<!--development-intro-end-->"
+%}