feat(ci): workflows added

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+pom.xml @cryostatio/maintainers
+src/main/docker/ @cryostatio/maintainers

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,53 @@
+name: 🐞 Bug report
+description: File a report to help us improve Cryostat.
+title: '[Bug] <title>'
+labels: [bug, needs-triage]
+
+body:
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: A concise description of what you're experiencing.
+      placeholder: Tell us what you see!
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A concise description of what you expected to happen.
+      placeholder: Tell us what you expected to see!
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Environment
+      description: |
+        Examples:
+          - **OS**: Ubuntu 20.04
+          - **Environment**: OpenShift 4.11
+          - **Version**: Cryostat 2.3.0
+      value: |
+          - OS:
+          - Environment:
+          - Version:
+      render: Markdown
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Screenshots? Links? References? Anything that will give us more context about the issue you are encountering!
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: enabled
+contact_links:
+  - name: Cryostat Community Support
+    url: https://github.com/cryostatio/cryostat3/discussions
+    about: Ask general questions about Cryostat here!

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,18 @@
+name: ✨ Feature request
+description: Improve an existing feature or add a new one.
+title: '[Request] <title>'
+labels: [feat, needs-triage]
+
+body:
+  - type: textarea
+    attributes:
+      label: Describe the feature
+      description: A clear and concise description of what the feature is.
+      placeholder: A nice feature that I'd like to suggest...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Anything other information?
+    validations:
+      required: false

.github/labeler.yml

@@ -0,0 +1,2 @@
+needs-triage:
+- '*'

.github/pull_request_template.md

@@ -0,0 +1,24 @@
+# Welcome to Cryostat3! 👋
+## Before contributing, make sure you have:
+* [ ] Read the [contributing guidelines](https://github.com/cryostatio/cryostat3/blob/main/CONTRIBUTING.md)
+* [ ] Linked a relevant issue which this PR resolves
+* [ ] Linked any other relevant issues, PR's, or documentation, if any
+* [ ] Resolved all conflicts, if any
+* [ ] Rebased your branch PR on top of the latest upstream `main` branch
+* [ ] Attached at least one of the following labels to the PR: `[chore, ci, docs, feat, fix, test]`
+* [ ] [Signed all commits using a GPG signature](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#gpg-commit-signature-verification)
+
+**To recreate commits with GPG signature** `git fetch upstream && git rebase --force --gpg-sign upstream/main`
+_______________________________________________
+
+Fixes: #<issue number>
+
+## Description of the change:
+*This change allows an environment variable to be configured so that...*
+
+## Motivation for the change:
+*This change is helpful because users may want to...*
+
+## How to manually test:
+1. *Run CRYOSTAT_IMAGE=quay.io... sh smoketest.sh...*
+2. *...*

.github/release-drafter.yml

@@ -0,0 +1,23 @@
+categories:
+  - title: 'Features'
+    label: 'feat'
+  - title: 'Fixes'
+    label: 'fix'
+  - title: 'Documentation'
+    label: 'docs'
+  - title: 'Maintenance'
+    labels:
+      - 'chore'
+      - 'ci'
+      - 'cleanup'
+      - 'perf'
+      - 'refactor'
+      - 'style'
+      - 'test'
+
+template: |
+  ## Contributors
+  $CONTRIBUTORS
+  ## What's Changed
+  $CHANGES
+

.github/workflows/check-labels.yml

@@ -0,0 +1,17 @@
+name: Check labels not applied
+
+on:
+  pull_request:
+    types:
+      - opened
+      - labeled
+      - unlabeled
+      - synchronize
+
+jobs:
+  check-needs-triage-not-applied:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fail if needs-triage label applied
+        if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-triage')}}
+        run: exit 1

.github/workflows/ci-code-analysis.yml

@@ -0,0 +1,60 @@
+on:
+  workflow_call:
+    inputs:
+      checkout-repo:
+        required: false
+        type: string
+      checkout-ref:
+        required: false
+        type: string
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:
+  spotless:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        repository: ${{ inputs.checkout-repo }}
+        ref: ${{ inputs.checkout-ref }}
+    - name: Run spotless
+      run: mvn -B -U spotless:check
+
+  spotbugs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        repository: ${{ inputs.checkout-repo }}
+        ref: ${{ inputs.checkout-ref }}
+        submodules: true
+        fetch-depth: 0
+    - uses: skjolber/maven-cache-github-action@v1
+      with:
+        step: restore
+    - uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+    - name: maven-settings
+      uses: s4u/maven-settings-action@v2
+      with:
+        servers: '[{"id": "github", "username": "dummy", "password": "${env.GITHUB_TOKEN_REF}"}]'
+        githubServer: false
+    - name: Run spotbugs
+      run: mvn -B -U compile spotbugs:check
+      env:
+        GITHUB_TOKEN_REF: ${{ secrets.GITHUB_TOKEN }}
+
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        repository: ${{ inputs.checkout-repo }}
+        ref: ${{ inputs.checkout-ref }}
+    - name: Run shellcheck
+      run: mvn -B -U shellcheck:check

.github/workflows/ci.yaml

@@ -43,9 +43,9 @@ jobs:
       contents: read
     if: ${{ github.repository_owner == 'cryostatio' }}
     steps:
-    # - name: Fail if PR and safe-to-test label NOT applied
-    #   if: ${{ github.event_name == 'pull_request_target' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }}
-    #   run: exit 1
+    - name: Fail if PR and safe-to-test label NOT applied
+      if: ${{ github.event_name == 'pull_request_target' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }}
+      run: exit 1
     - uses: actions/checkout@v3
       with:
         repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -65,7 +65,7 @@ jobs:
     - run: git submodule init && git submodule update
     - name: Cache yarn packages
       uses: actions/cache@v3
-      with: 
+      with:
         path: "./src/main/webui/.yarn/cache"
         key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
         restore-keys: |

.github/workflows/dependent-issues.yml

@@ -1,6 +1,11 @@
 name: Dependent Issues
 
 on:
+  issues:
+    types:
+      - opened
+      - edited
+      - reopened
   pull_request_target:
     types:
       - opened

.github/workflows/labeler.yml

@@ -0,0 +1,18 @@
+name: Label pull request
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/linked-issue.yml

@@ -0,0 +1,25 @@
+name: Verify Linked Issue
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+jobs:
+  verify-linked-issue:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
+    name: Verify Pull Request references Issue
+    steps:
+      - uses: Codeinwp/verify-linked-issue-action@6da9af91d78847c7ea264083a64eab3271b4369f
+        id: verify_issue_reference
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Report no referenced issue
+        if: steps.verify_issue_reference.outputs.has_linked_issues != 'true'
+        run: exit 1;

.github/workflows/pr-request-review.yml

@@ -0,0 +1,19 @@
+name: Request Review
+
+on:
+  issue_comment:
+    types:
+      - created
+
+jobs:
+  request-review:
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      pull-requests: write
+    if: github.repository_owner == 'cryostatio' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/request_review')
+    steps:
+      - run: |
+          # Adding label 'review-requested' to the PR. Mergify will add reviewers.
+          gh pr edit ${{ github.event.issue.number }} --add-label "review-requested" --repo ${{ github.event.repository.full_name }}

.github/workflows/release-drafter.yml

@@ -0,0 +1,18 @@
+name: Release Drafter
+
+on:
+  push:
+    # branches to consider in the event; optional, defaults to all
+    branches:
+      - main
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      # Drafts your next Release notes as Pull Requests are merged into "main"
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/verify-semantic-pull-request.yml

@@ -0,0 +1,20 @@
+name: verify semantic-pull-request
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      statuses: write
+    steps:
+      - uses: amannn/action-semantic-pull-request@v3.4.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}