Initial commit

Author: alessfg

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+#####################
+# Main global owner #
+#####################
+
+*

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,62 @@
+---
+name: 🐛 Bug report
+description: Create a report to help us improve
+labels: bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        Before you continue filling out this report, please take a moment to check that your bug has not been [already reported on GitHub][issue search] 🙌
+
+        Remember to redact any sensitive information such as authentication credentials and/or license keys!
+
+        [issue search]: ../search?q=is%3Aissue&type=issues
+
+  - type: textarea
+    id: overview
+    attributes:
+      label: Bug Overview
+      description: A clear and concise overview of the bug.
+      placeholder: When I do "X", "Y" happens instead of "Z".
+    validations:
+      required: true
+
+  - type: textarea
+    id: behavior
+    attributes:
+      label: Expected Behavior
+      description: A clear and concise description of what you expected to happen.
+      placeholder: When I do "X", I expect "Z" to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce the Bug
+      description: Detail the series of steps required to reproduce the bug.
+      placeholder: When I run "X" using [...], "X" fails with "Y" error message. If I check the terminal outputs and/or logs, I see the following info.
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment Details
+      description: Please provide details about your environment.
+      value: |
+        - Target deployment platform: [e.g. AWS/GCP/local cluster/etc...]
+        - Target OS: [e.g. RHEL 9/Ubuntu 24.04/etc...]
+        - Version of this project or specific commit: [e.g. 1.4.3/commit hash]
+        - Version of any relevant project languages: [e.g. Kubernetes 1.30/Python 3.9.7/etc...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+      placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this issue in here.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,12 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: 💬 Talk to the NGINX community!
+    url: https://community.nginx.org
+    about: A community forum for NGINX users, developers, and contributors
+  - name: 📝 Code of Conduct
+    url: https://www.contributor-covenant.org/version/2/1/code_of_conduct
+    about: NGINX follows the Contributor Covenant Code of Conduct to ensure a safe and inclusive community
+  - name: 💼 For commercial & enterprise users
+    url: https://www.f5.com/products/nginx
+    about: F5 offers a wide range of NGINX products for commercial & enterprise users

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,41 @@
+---
+name: ✨ Feature request
+description: Suggest an idea for this project
+labels: enhancement
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this feature request!
+
+        Before you continue filling out this request, please take a moment to check that your feature has not been [already requested on GitHub][issue search] 🙌
+
+        **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum].
+
+        [issue search]: ../search?q=is%3Aissue&type=issues
+
+        [discussions]: ../discussions
+        [forum]: https://community.nginx.org
+
+  - type: textarea
+    id: overview
+    attributes:
+      label: Feature Overview
+      description: A clear and concise description of what the feature request is.
+      placeholder: I would like this project to be able to do "X".
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Detail any potential alternative solutions/workarounds you've used or considered.
+      placeholder: I have done/might be able to do "X" in the by doing "Y".
+
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+      placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this feature request here.

.github/dependabot.yml

@@ -0,0 +1,9 @@
+---
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+      time: "00:00"

.github/pull_request_template.md

@@ -0,0 +1,13 @@
+### Proposed changes
+
+Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) in this PR's description or commit message.
+
+### Checklist
+
+Before creating a PR, run through this checklist and mark each as complete:
+
+- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md).
+- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md).
+- [ ] If applicable, I have added tests that prove my fix is effective or that my feature works.
+- [ ] If applicable, I have checked that any relevant tests pass after adding my changes.
+- [ ] I have updated any relevant documentation ([`README.md`](/README.md) and/or [`CHANGELOG.md`](/CHANGELOG.md)).

.github/scorecard.yml

@@ -0,0 +1,10 @@
+---
+annotations:
+  - checks:
+      - contributors
+      - fuzzing
+      - packaging
+      - sast
+      - signed-releases
+    reasons:
+      - reason: not-applicable

.github/workflows/f5_cla.yml

@@ -0,0 +1,42 @@
+---
+name: F5 CLA
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened, closed, synchronize]
+permissions: read-all
+jobs:
+  f5-cla:
+    name: F5 CLA
+    runs-on: ubuntu-24.04
+    permissions:
+      actions: write
+      pull-requests: write
+      statuses: write
+    steps:
+      - name: Run F5 Contributor License Agreement (CLA) assistant
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
+        with:
+          # Any pull request targeting the following branch will trigger a CLA check.
+          # NOTE: You might need to edit this value to 'main'.
+          branch: main
+          # Path to the CLA document.
+          path-to-document: https://github.com/f5/f5-cla/.github/blob/main/docs/f5_cla.md
+          # Custom CLA messages.
+          custom-notsigned-prcomment: '🎉 Thank you for your contribution! It appears you have not yet signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/.github/blob/main/docs/f5_cla.md), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/f5-cla/.github/blob/main/docs/f5_cla.md) and reply on a new comment with the following text to agree:'
+          custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms'
+          custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!'
+          # Remote repository storing CLA signatures.
+          remote-organization-name: f5
+          remote-repository-name: f5-cla-data
+          path-to-signatures: signatures/signatures.json
+          # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA.
+          # NOTE: You will want to edit the usernames to suit your project needs.
+          allowlist: bot*
+          # Do not lock PRs after a merge.
+          lock-pullrequest-aftermerge: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }}

.github/workflows/ossf_scorecard.yml

@@ -0,0 +1,63 @@
+---
+# This workflow uses actions that are not certified by GitHub. They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.
+name: OSSF Scorecard
+on:
+  # For Branch-Protection check. Only the default branch is supported. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection.
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained.
+  schedule:
+    - cron: "0 0 * * 1"
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+# Declare default permissions as read only.
+permissions: read-all
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-24.04
+    # Delete the conditional below if you are using the OSSF Scorecard on a private repository.
+    if: ${{ github.event.repository.private == false }}
+    permissions:
+      # Needed if using Code Scanning alerts.
+      security-events: write
+      # Needed for GitHub OIDC token if publish_results is true.
+      id-token: write
+      # Uncomment the permissions below if you are using the OSSF Scorecard on a private repository.
+      # contents: read
+      # actions: read
+      # issues: read # To allow GraphQL ListCommits to work
+      # pull-requests: read # To allow GraphQL ListCommits to work
+      # checks: read # To detect SAST tools
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) fine-grained personal access token. Uncomment the `repo_token` line below if you want to enable the Branch-Protection or Webhooks check on a *private* repository.
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF format to the repository Actions tab.
+      - name: Upload artifact
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: Upload SARIF results to code scanning
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        with:
+          sarif_file: results.sarif

.github/workflows/rename_template.yml

@@ -0,0 +1,38 @@
+---
+name: Rename the template
+on:
+  push:
+permissions: read-all
+jobs:
+  rename-template:
+    name: Replace the templated variables in the repository with the newly created repository details
+    if: ${{ !contains(github.repository, 'template') }}
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set $REPOSITORY_NAME
+        run: echo "REPOSITORY_NAME=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}' | tr '-' '_' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Set $REPOSITORY_URL
+        run: echo "REPOSITORY_URL=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Set $REPOSITORY_OWNER
+        run: echo "REPOSITORY_OWNER=$(echo '${{ github.repository }}' | awk -F '/' '{print $1}')" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Rename the project
+        run: |
+          echo "Renaming the project with -a(author) ${{ env.REPOSITORY_OWNER }} -n(name) ${{ env.REPOSITORY_NAME }} -u(urlname) ${{ env.REPOSITORY_URL }}"
+          .github/workflows/scripts/rename_project.sh -a ${{ env.REPOSITORY_OWNER }} -n ${{ env.REPOSITORY_NAME }} -u ${{ env.REPOSITORY_URL }}
+
+      - name: Commit and push changes
+        uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
+        with:
+          commit_message: "✅ Ready to clone and code."
+          push_options: --force

.github/workflows/scripts/rename_project.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+# vim:sw=2:ts=2:sts=2:et
+while getopts a:n:u: flag
+do
+  case "${flag}" in
+    a) owner=${OPTARG};;
+    n) name=${OPTARG};;
+    u) url=${OPTARG};;
+    *) echo "Invalid flag: ${flag}"; exit 1;;
+  esac
+done
+
+echo "Owner: $owner";
+echo "Repository Name: $name";
+echo "Repository URL: $url";
+
+echo "Renaming repository..."
+
+original_owner="{{REPOSITORY_OWNER}}"
+original_name="{{REPOSITORY_NAME}}"
+original_url="{{REPOSITORY_URL}}"
+for filename in $(git ls-files)
+do
+  sed -i "s/$original_owner/$owner/g" "$filename"
+  sed -i "s/$original_name/$name/g" "$filename"
+  sed -i "s/$original_url/$url/g" "$filename"
+  echo "Renamed $filename"
+done
+
+# These commands run only once on GitHub Actions!
+echo "Removing template specific data..."
+# Remove OSSF attestations and F5 specific GitHub Actions workflows
+rm -f .github/scorecard.yml
+if [[ "$GITHUB_REPOSITORY_OWNER" != "devcentral" && "$GITHUB_REPOSITORY_OWNER" != "f5" && "$GITHUB_REPOSITORY_OWNER" != "f5networks" && "$GITHUB_REPOSITORY_OWNER" != "nginx" && "$GITHUB_REPOSITORY_OWNER" != "nginxinc" ]]; then
+  rm -f .github/workflows/f5_cla.yml
+fi
+# Remove the template instructions from the README and the template's CHANGELOG
+sed -i '1,/^---$/d;1,/^$/d' README.md
+sed -i '1,/^---$/d;1,/^$/d' CHANGELOG.md
+# Remove this script and the GitHub Action workflow using this script
+rm -f .github/workflows/rename_template.yml
+rm -rf .github/workflows/scripts

.gitignore

@@ -0,0 +1,30 @@
+########################
+# Any crt/keys/license #
+########################
+*.crt
+*.key
+*~
+\#*
+
+##########################
+# Backup/temporary files #
+##########################
+*~
+\#*
+
+##################
+# MacOS specific #
+##################
+Thumbs.db
+.DS_Store
+
+########################
+# Code editor specific #
+########################
+.idea
+.vscode
+
+########
+# Logs #
+########
+*.log

CHANGELOG.md

@@ -0,0 +1,13 @@
+# Changelog
+
+## 1.0.0 (Month Date, Year)
+
+Initial release of the NGINX template repository.
+
+---
+
+# Changelog
+
+## 1.0.0 (Month Date, Year)
+
+Initial release of this project.