7 files changed, 117 insertions, 0 deletions

diff --git a/.github/workflows/add-pr-labels.yml b/.github/workflows/add-pr-labels.yml
new file mode 100644
index 0000000..e03158f
--- /dev/null
+++ b/.github/workflows/add-pr-labels.yml
@@ -0,0 +1,15 @@
+name: Add pull request labels
+
+on:
+  pull_request_target:
+    branches:
+      - sagitta
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  add-pr-label:
+    uses: vyos/.github/.github/workflows/add-pr-labels.yml@sagitta
+    secrets: inherit
diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml
new file mode 100644
index 0000000..0e65d4b
--- /dev/null
+++ b/.github/workflows/auto-author-assign.yml
@@ -0,0 +1,13 @@
+name: "PR Triage"
+on:
+  pull_request_target:
+    types: [opened, reopened, ready_for_review, locked]
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  assign-author:
+    uses: vyos/.github/.github/workflows/assign-author.yml@sagitta
+    secrets: inherit
diff --git a/.github/workflows/chceck-pr-message.yml b/.github/workflows/chceck-pr-message.yml
new file mode 100644
index 0000000..94fa0d9
--- /dev/null
+++ b/.github/workflows/chceck-pr-message.yml
@@ -0,0 +1,17 @@
+---
+  name: Check pull request message format
+
+  on:
+    pull_request_target:
+      branches:
+        - sagitta
+      types: [opened, synchronize, edited]
+
+  permissions:
+    pull-requests: write
+    contents: read
+
+  jobs:
+    check-pr-title:
+      uses: vyos/.github/.github/workflows/check-pr-message.yml@sagitta
+      secrets: inherit
diff --git a/.github/workflows/check-pr-conflicts.yml b/.github/workflows/check-pr-conflicts.yml
new file mode 100644
index 0000000..57d5ac1
--- /dev/null
+++ b/.github/workflows/check-pr-conflicts.yml
@@ -0,0 +1,13 @@
+name: "PR Conflicts checker"
+on:
+  pull_request_target:
+    types: [synchronize]
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  check-pr-conflict-call:
+    uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@sagitta
+    secrets: inherit
diff --git a/.github/workflows/check-stale.yml b/.github/workflows/check-stale.yml
new file mode 100644
index 0000000..52ea877
--- /dev/null
+++ b/.github/workflows/check-stale.yml
@@ -0,0 +1,13 @@
+name: "Issue and PR stale management"
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  stale:
+    uses: vyos/.github/.github/workflows/check-stale.yml@sagitta
+    secrets: inherit
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..67ed272
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,24 @@
+name: "Perform CodeQL Analysis"
+
+on:
+  push:
+    branches:
+      - sagitta
+  pull_request_target:
+    # The branches below must be a subset of the branches above
+    branches:
+      - sagitta
+  schedule:
+    - cron: '22 10 * * 0'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  codeql-analysis-call:
+    uses: vyos/.github/.github/workflows/codeql-analysis.yml@sagitta
+    secrets: inherit
+    with:
+      languages: "['c']"
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
new file mode 100644
index 0000000..50e9e81
--- /dev/null
+++ b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,22 @@
+name: Sonar Checks
+on:
+  push:
+    branches:
+      - sagitta
+
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  sonar-cloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}