[CI] Add pipelines and initial files

.dockerignore

@@ -0,0 +1,4 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/
+testbin/

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,33 @@
+
+### Description of your changes
+
+<!--
+
+Briefly describe what this pull request does. We love pull requests that have a clear purpose. If yours fix an issue,
+please uncomment the below line to indicate which issue your PR fixes, for example
+"Fixes #500":
+
+-->
+
+Fixes #
+
+I have:
+
+- [ ] Read and followed fleet's [Code of conduct](https://github.com/Azure/fleet/blob/main/CODE_OF_CONDUCT.md).
+- [ ] Run `make reviewable` to ensure this PR is ready for review.
+
+### How has this code been tested
+
+<!--
+Before reviewers can be confident in the correctness of this pull request, it needs to tested and shown to be correct.
+Briefly describe the testing that has already been done or which is planned for this change.
+-->
+
+
+### Special notes for your reviewer
+
+<!--
+
+Be sure to direct your reviewers' attention to anything that needs special consideration.
+
+-->

.github/pr-title-config.json

@@ -0,0 +1,9 @@
+{
+    "LABEL": {
+      "name": "title-needs-formatting",
+      "color": "EEEEEE"
+    },
+    "CHECKS": {
+      "prefixes": [ "[WIP] ", "Feat: ", "Test: ", "Fix: ", "Docs: ", "Style: ", "Interface: ", "Util: ", "Chore: ", "CI: ", "Perf: ", "Refactor: ", "Revert: " ]
+    }
+  }

.github/workflows/build-images.yml

@@ -0,0 +1,61 @@
+name: build_images
+
+on:
+  push:
+    branches: [ main ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+
+env:
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      # Login against the container registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+
+      # Build and push container image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push image
+        id: build-and-push
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+name: fleet-ci
+
+on:
+  push:
+    branches:
+      - main
+      - release-*
+  workflow_dispatch: {}
+  pull_request:
+    branches:
+      - main
+      - release-*
+    paths-ignore: [docs/**, "**.md", "**.mdx", "**.png", "**.jpg"]
+
+jobs:
+
+  detect-noop:
+    runs-on: ubuntu-latest
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
+
+  codecov:
+    runs-on: ubuntu-latest
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Get dependencies
+        run: go get -v -t -d ./...
+
+      - name: Run tests & Generate coverage
+        run: make test
+
+      - name: Upload report
+        uses: codecov/codecov-action@v2.1.0
+        with:
+          ## Repository upload token - get it from codecov.io. Required only for private repositories
+          token: ${{ secrets.CODECOV_TOKEN }}
+          ## Comma-separated list of files to upload
+          files: ./cover.out
+          flags: ci-tests
+          name: codecov-umbrella

.github/workflows/commit-lint.yml

@@ -0,0 +1,19 @@
+name: PR Title Checker
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - labeled
+      - unlabeled
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: thehanimo/pr-title-checker@v1.3.1
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pass_on_octokit_error: true
+          configuration_path: ".github/pr-title-config.json"

.github/workflows/go.yml

@@ -0,0 +1,80 @@
+name: Go
+
+on:
+  push:
+    branches:
+      - main
+      - release-*
+  workflow_dispatch: {}
+  pull_request:
+    branches:
+      - main
+      - release-*
+    paths-ignore: [docs/**, "**.md", "**.mdx", "**.png", "**.jpg"]
+
+env:
+  # Common versions
+  GO_VERSION: '1.17'
+
+jobs:
+
+  detect-noop:
+    runs-on: ubuntu-latest
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
+
+  staticcheck:
+    runs-on: ubuntu-latest
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Cache Go Dependencies
+        uses: actions/cache@v2
+        with:
+          path: .work/pkg
+          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-pkg-
+
+      - name: Install StaticCheck
+        run: GO111MODULE=off go get honnef.co/go/tools/cmd/staticcheck
+
+      - name: Static Check
+        run: staticcheck ./...
+
+  lint:
+    name: "Lint"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+
+    steps:
+    - name: Set up Go ${{ env.GO_VERSION }}
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ env.GO_VERSION }}
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: golangci-lint
+      run: make lint

.github/workflows/markdown-lint.yml

@@ -0,0 +1,20 @@
+name: Check Markdown
+
+on:  
+  pull_request:
+    paths:
+      - '**.md'
+      - "docs/**"
+
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: gaurav-nelson/github-action-markdown-link-check@v1
+      with:
+        # this will only show errors in the output
+        use-quiet-mode: 'yes'
+        # this will show detailed HTTP status for checked links
+        use-verbose-mode: 'yes'
+        config-file: '.github/workflows/markdown.links.config.json'

.github/workflows/markdown.links.config.json

@@ -0,0 +1,6 @@
+{
+    "aliveStatusCodes": [
+        200,
+        203
+    ]
+}

.gitignore

@@ -13,3 +13,7 @@
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
+
+# binary output
+bin/
+hack/tools/bin/

.golangci.yml

@@ -0,0 +1,31 @@
+run:
+  deadline: 10m
+
+linters:
+  disable-all: true
+  enable:
+    - deadcode
+    - errcheck
+    - errorlint
+    - goconst
+    - gocyclo
+    - gofmt
+    - goimports
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - nakedret
+    - nilerr
+    - prealloc
+    - revive
+    - staticcheck
+    - structcheck
+    - typecheck
+    - unconvert
+    - unused
+    - varcheck
+    - whitespace
+  # Run with --fast=false for more extensive checks
+  fast: true

Dockerfile

@@ -0,0 +1,26 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY cmd/main.go main.go
+# TODO COPY pgk/apis
+# Build
+ARG TARGETARCH
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -o manager main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]