deloy

.dependabot/config.yml

@@ -0,0 +1,45 @@
+version: 1
+update_configs:
+  - package_manager: "ruby:bundler"
+    directory: "/"
+    update_schedule: "live"
+    automerged_updates:
+      - match:
+          dependency_name: "spree*"
+          update_type: "semver:patch"
+      - match:
+          dependency_name: "rails"
+          update_type: "semver:patch"
+      - match:
+          dependency_name: "rubocop*"
+      - match:
+          dependency_name: "puma"
+      - match:
+          dependency_name: "rack*"
+      - match:
+          dependency_name: "sentry-raven"
+      - match:
+          dependency_name: "scout_apm"
+      - match:
+          dependency_name: "flipper*"
+          update_type: "semver:minor"
+      - match:
+          dependency_name: "sidekiq"
+          update_type: "semver:minor"
+      - match:
+          dependency_name: "aws-sdk-s3"
+          update_type: "semver:minor"
+      - match:
+          dependency_name: "mini_racer"
+      - match:
+          dependency_name: "sass-rails"
+      - match:
+          dependency_name: "awesome_print"
+      - match:
+          dependency_name: "pry*"
+      - match:
+          dependency_name: "rspec*"
+      - match:
+          dependency_name: "webdrivers"
+      - match:
+          dependency_name: "sendgrid-actionmailer"

.github/CODEOWNERS

@@ -0,0 +1 @@
+.github/workflows/* @saleor/sre

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at hello+community@saleor.io. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,49 @@
+name: Bug report
+description: Create a bug report
+title: "Bug: "
+labels: ["bug", "triage"]
+
+body:
+  - type: textarea
+    id: goal
+    attributes:
+      label: What are you trying to achieve?
+      description: Describe your goal, use case, or provide context of your problem from the business point of view.
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce the problem
+      description: Reproduction steps starting with an empty database. You can use a free Saleor Cloud environment as a quick starting point.
+      placeholder: |
+        1. Create a product with two attributes…
+        2. …
+        3. Run `…`
+        4. See that it failed with…
+    validations:
+      required: true
+  - type: textarea
+    id: expected-behavior
+    attributes:
+      label: What did you expect to happen?
+      description: Describe why the behavior described earlier is incorrect.
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs
+      description: Include any logs from the console, screenshots, and any API queries or responses that could help us understand the problem. Make sure to omit any personal identifiable information or data sensitive to your business.
+    validations:
+      required: false
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Provide some information about your environment.
+      value: |
+        Saleor version: …
+        OS and version: …
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 💬 GitHub Discussions
+    url: https://github.com/saleor/saleor/discussions
+    about: If you have a support question or need help getting Saleor to work, please use GitHub Discussions.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: Feature request
+assignees: ''
+
+---
+
+### What I'm trying to achieve
+…
+
+### Describe a proposed solution
+...
+
+### Other solutions I've tried and won't work
+…
+
+### Screenshots or mockups
+<!-- Please provide any illustrations that could help others understand the problem or the proposed solution. -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,22 @@
+I want to merge this change because...
+
+<!-- Please mention all relevant issue numbers. -->
+
+# Impact
+
+* [ ] New migrations
+* [ ] New/Updated API fields or mutations
+* [ ] Deprecated API fields or mutations
+* [ ] Removed API types, fields, or mutations
+* [ ] Documentation needs to be updated
+
+# Pull Request Checklist
+
+<!-- Please keep this section. It will make the maintainer's life easier. -->
+
+* [ ] Privileged queries and mutations are guarded by proper permission checks
+* [ ] Database queries are optimized and the number of queries is constant
+* [ ] Database migration files are up to date
+* [ ] The changes are tested
+* [ ] GraphQL schema and type definitions are up to date
+* [ ] Changes are mentioned in the changelog

.github/dependabot.yml

@@ -0,0 +1,31 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: weekly
+    time: "04:00"
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: django-graphql-jwt
+    versions:
+    - "> 0.3.0"
+  - dependency-name: black
+    versions:
+    - 21.4b0
+  - dependency-name: adyen
+    versions:
+    - 5.0.0
+    - 5.1.0
+  - dependency-name: faker
+    versions:
+    - 7.0.1
+  - dependency-name: django-countries
+    versions:
+    - "7.1"
+  - dependency-name: mypy
+    versions:
+    - "0.812"
+  - dependency-name: pytest-xdist
+    versions:
+    - 2.2.1

.github/graphql-inspector.yaml

@@ -0,0 +1,11 @@
+branch: "main"
+schema: "saleor/graphql/schema.graphql"
+diff:
+  # Pull Request annotations
+  annotations: true
+  # Merge Pull Request's branch with the target branch to get the schema
+  experimental_merge: true
+  # Label to mark Pull Request introducing breaking changes as safe and expected
+  approveLabel: 'approved-breaking-change'
+  # Limit a list of changes in summary
+  summaryLimit: 200

.github/stale.yml

@@ -0,0 +1,60 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 60
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 7
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - bug
+  - blocker
+  - backlog
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: false
+
+# Label to use when marking as stale
+staleLabel: stale
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+
+# Comment to post when removing the stale label.
+# unmarkComment: >
+#   Your comment here.
+
+# Comment to post when closing a stale Issue or Pull Request.
+# closeComment: >
+#   Your comment here.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+# Limit to only `issues` or `pulls`
+# only: issues
+
+# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
+# pulls:
+#   daysUntilStale: 30
+#   markComment: >
+#     This pull request has been automatically marked as stale because it has not had
+#     recent activity. It will be closed if no further activity occurs. Thank you
+#     for your contributions.
+
+# issues:
+#   exemptLabels:
+#     - confirmed

.github/workflows/bump-dependencies.yml

@@ -0,0 +1,37 @@
+name: Bump dependencies
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 8 * * 1' # At 08:00 on Monday.
+
+jobs:
+  bump-dependencies:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.9'
+
+      - run: python -m pip install poetry pre-commit
+      - run: poetry lock
+      - run: poetry export --without-hashes --with dev -f requirements.txt -o requirements_dev.txt
+      - run: poetry export -f requirements.txt --without-hashes -o requirements.txt
+      - run: pre-commit autoupdate
+      - run: git status
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672
+        with:
+          token: ${{ secrets.TRIGGER_WORKFLOW_KEY }}
+          branch: bump-dependencies
+          delete-branch: true
+          commit-message: Bump dependencies
+          title: 'Bump dependencies'
+          body: |
+            Weekly update of backend dependencies.
+          labels: |
+            :robot: bot
+            test deployment

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,54 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [main, ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [main]
+  schedule:
+    - cron: '0 3 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1