Contribute: zfs driver and zfs driver shared over ISCSI

.github/ISSUE_TEMPLATE/bug_report doc.md

@@ -0,0 +1,25 @@
+---
+name: Documentation Bug report
+about: The purpose of this form is the report issues in the documentation. 
+labels: 
+  - 'Status: Pending'
+  - 'Category: Documentation'
+type: 'Bug'
+---
+
+<!-- For bugs in OpenNebula and the relevant documentation, report a bug [here](https://github.com/OpenNebula/one/issues/new?template=bug_report.md) -->
+
+**Description**
+A clear and concise description of what the bug is.
+
+**Current Content**
+Link and description to the existing content that needs to be updated.
+
+**Expected Content**
+A clear and concise description of what you expect to see in the documentation.
+
+**Affected doc version/s**
+List the documentation versions where this change should be reflected. This might vary during the triage process.
+
+**(Optional) Additional details**
+Add any other information about the problem here.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,7 +1,8 @@
 ---
 name: Bug report
 about: Create a report to help us improve
-
+labels: 'Status: Pending'
+type: 'Bug'
 ---
 
 /!\ To report a **security issue** please follow this procedure:
@@ -17,7 +18,7 @@ Steps to reproduce the behavior.
 A clear and concise description of what you expected to happen.
 
 **Details**
- - Affected Component: [e.g. Sunstone, Scheduler or Storage]
+ - Affected Component: [e.g. Sunstone, Scheduler, or Storage]
  - Hypervisor: [e.g. KVM]
  - Version: [e.g. 5.4.12 or development]
 
@@ -31,10 +32,6 @@ Add any other context about the problem here.
 <!--////////////////////////////////////////////-->
 
 ## Progress Status
-- [ ] Branch created 
-- [ ] Code committed to development branch
+- [ ] Code committed
 - [ ] Testing - QA
-- [ ] Documentation 
-- [ ] Release notes - resolved issues, compatibility, known issues
-- [ ] Code committed to upstream release/hotfix branches
-- [ ] Documentation committed to upstream release/hotfix branches
+- [ ] Documentation (Release notes - resolved issues, compatibility, known issues)

.github/ISSUE_TEMPLATE/enhancement-request.md

@@ -1,7 +1,8 @@
 ---
 name: New Feature request
 about: Suggest an idea to improve OpenNebula
-
+labels: 'Status: Pending'
+type: 'Feature'
 ---
 
 **Description**
@@ -11,10 +12,10 @@ Brief description of the new functionality
 How are you going to use this new feature? Why do you need it?
 
 **Interface Changes**
-Describe any changed you'd like to see to current interfaces including Sunstone, CLI or/and API
+Describe any changes you'd like to see to current interfaces including Sunstone, CLI, or/and API
 
 **Additional Context**
-Add any other context or screenshots about the feature request here. Or any other alternative you have considered to addressed this new feature.
+Please feel free to add any other context or screenshots about the feature request here. Or any other alternative you have considered to address this new feature.
 
 <!--////////////////////////////////////////////-->
 <!-- THIS SECTION IS FOR THE DEVELOPMENT TEAM   -->
@@ -23,10 +24,6 @@ Add any other context or screenshots about the feature request here. Or any othe
 <!--////////////////////////////////////////////-->
 
 ## Progress Status
-- [ ] Branch created
-- [ ] Code committed to development branch
+- [ ] Code committed
 - [ ] Testing - QA
-- [ ] Documentation
-- [ ] Release notes - resolved issues, compatibility, known issues
-- [ ] Code committed to upstream release/hotfix branches
-- [ ] Documentation committed to upstream release/hotfix branches
+- [ ] Documentation (Release notes - resolved issues, compatibility, known issues)

.github/config/protected_files.yml

@@ -0,0 +1,9 @@
+approval_team:
+  - rsmontero # Ruben
+  - xorel # Jan
+
+# Add any files you want to explicitly protect here
+protected_files:
+  - install.sh
+  - "**/package*.json"
+  - ".github/**"

.github/pull_request_template.md

@@ -0,0 +1,15 @@
+### Description
+
+<!--- Please leave a helpful description of the PR here. --->
+
+### Branches to which this PR applies
+
+<!--- Please check you didn't forget a branch this needs to be cherry picked to.
+      Leave them unchecked, they will be checked by the merger --->
+
+- [ ] master
+- [ ] one-X.X
+
+<hr>
+
+- [ ] Check this if this PR should **not** be squashed

.github/workflows/check_protected.yml

@@ -0,0 +1,147 @@
+name: Check Protected Files
+on:
+  workflow_dispatch: {}
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+  pull_request_review:
+    types: [submitted, edited, dismissed]
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+
+      - name: Install dependencies
+        run: |
+          npm install js-yaml minimatch
+
+      - name: Load protected config
+        uses: actions/github-script@v8
+        id: config
+        with:
+          result-encoding: json
+          script: |
+            const fs = require('fs')
+            const yaml = require('js-yaml')
+
+            const configPath = '.github/config/protected_files.yml'
+
+            if(!fs.existsSync(configPath)) {
+              core.setFailed(`Protected config file missing at: ${configPath}. This file is required.`)
+
+              return
+            }
+
+            try {
+              const raw = fs.readFileSync(configPath, 'utf8')
+              const config = yaml.load(raw)
+
+              if (!config || !config.approval_team || !config.protected_files){
+                core.setFailed(`Protected config file missing or malformed at: ${configPath}. This file is required.`)
+
+                return
+              }
+
+
+              return config
+
+            } catch (err) {
+                core.setFailed(`Failed to load protected config: ${err}`)
+            }
+
+      - name: Get changed files
+        uses: actions/github-script@v8
+        id: changed
+        with:
+          result-encoding: json
+          script: |
+            const { data: files } = await github.rest.pulls.listFiles({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+            })
+
+            const changed = [].concat(files ?? [])?.flatMap(f => f?.filename)?.filter(Boolean)
+
+            return changed
+
+      - name: Check protected files and approvals
+        id: reviewers
+        uses: actions/github-script@v8
+        with:
+          result-encoding: json
+          script: |
+            const { minimatch } = require('minimatch')
+            const changed = ${{ steps.changed.outputs.result }}
+            const config = ${{ steps.config.outputs.result }}
+
+            const protectedFiles = config.protected_files
+            const approvalTeam = config.approval_team
+
+
+            const affected = changed
+            ?.filter(f =>
+              protectedFiles.some(pattern => minimatch(f, pattern))
+            )
+
+
+            if (affected?.length <= 0) {
+              core.info("No protected files modified!")
+
+              return
+            }
+
+            const owner = context.repo.owner
+            const repo = context.repo.repo
+            const pull_number = context.issue.number
+            const pr_author = context.payload.pull_request.user.login
+
+            const reviews = await github.paginate(github.rest.pulls.listReviews, {
+              owner,
+              repo,
+              pull_number,
+            })
+
+            const requestedReviews = await github.paginate(github.rest.pulls.listRequestedReviewers, { 
+              owner, 
+              repo, 
+              pull_number
+            })
+
+            const usersApproved = reviews
+              .filter(r => r.state === 'APPROVED')
+              .map(r => r?.user?.login)
+              .filter(Boolean)
+
+            const usersRequested = requestedReviews.flatMap(r => r.users.map(u => u.login)).filter(Boolean)
+
+
+            const missingApprovals = approvalTeam.filter(u => !usersApproved.includes(u) && u !== pr_author)
+            const teamApprovals = approvalTeam.filter(u => usersApproved.includes(u) && u !== pr_author)
+
+            const reviewersToRequest = missingApprovals.filter(u => !usersRequested.includes(u))
+
+            if (reviewersToRequest?.length > 0) {
+              await github.rest.pulls.requestReviewers({
+                owner,
+                repo,
+                pull_number,
+                reviewers: reviewersToRequest
+              })
+            }
+
+            const isApproved = approvalTeam.some(u => usersApproved.includes(u))
+
+            if (isApproved) {
+              core.info(`Required approvals are present!\nApproved by: ${teamApprovals?.join(', ')}`)
+
+              return
+            } else {
+              core.setFailed(`Some protected files have been changed but not all required approvals are present. Missing approvals from one of: ${missingApprovals
+              ?.filter(u => !usersApproved?.includes(u))
+              ?.join(', ')}`)
+            }

.github/workflows/notify_push_slack.yml

@@ -0,0 +1,51 @@
+name: Slack Push Notifier
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    types: [closed]
+    branches: [master]
+  workflow_dispatch:
+
+jobs:
+  notify_slack_push:
+    name: Notify Slack on pushes
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set commit message for push
+        if: github.event_name == 'push'
+        run: |
+
+          HEADLINE=$(echo "${{ github.event.head_commit.message }}" | head -n1)
+          HEADLINE=$(echo "$HEADLINE" | tr -cd '[:alnum:]_. -')
+
+          echo "COMMIT_ONELINER=$HEADLINE" >> $GITHUB_ENV
+          echo "COMMIT_URL=${{ github.event.head_commit.url }}" >> $GITHUB_ENV
+          echo "EVENT_TYPE=direct push" >> $GITHUB_ENV
+
+      - name: Set commit message for PR
+        if: github.event_name == 'pull_request' && github.event.pull_request.merged == true
+        run: |
+
+          HEADLINE="${{ github.event.pull_request.merge_commit_title }}"
+          HEADLINE=$(echo "$HEADLINE" | tr -cd '[:alnum:]_. -')
+
+          echo "COMMIT_ONELINER=$HEADLINE" >> $GITHUB_ENV
+          echo "COMMIT_URL=${{ github.event.pull_request.html_url }}" >> $GITHUB_ENV
+          echo "EVENT_TYPE=pull request merged" >> $GITHUB_ENV
+
+      - name: Send notification to slack
+        if: ${{ github.repository == 'OpenNebula/one-ee' && env.COMMIT_ONELINER != '' }}
+        uses: slackapi/slack-github-action@v2.1.1
+        with:
+          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
+          payload: |
+            channel: ${{ secrets.SLACK_CHANNEL_ID }}
+            text: "New ${{env.EVENT_TYPE}}"
+            blocks: 
+              - type: "section"
+                text:
+                  type: "mrkdwn"
+                  text: "> --> *New commit:* <${{ env.COMMIT_URL }}|${{ env.COMMIT_ONELINER }}>"

.github/workflows/smoke_tests.yml

@@ -3,6 +3,9 @@ name: OpenNebula Smoke Tests
 # Controls when the action will run.
 on: [push, pull_request, workflow_dispatch]
 
+permissions:
+  contents: read
+
 jobs:
   smoke-tests:
     runs-on: ubuntu-latest
@@ -11,11 +14,15 @@ jobs:
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.6
+          ruby-version: 2.7
       - name: Install rubocop
         run: gem install rubocop
+      - name: Install CppCheck
+        run: sudo apt install -y cppcheck
+      - name: Install AStyle
+        run: sudo apt install -y astyle
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       # Runs a single command using the runners shell
       - name: Run Smoke Tests