@@ -0,0 +1,3 @@
+docker:
+digest: sha256:a9b83a276c82987d284b733713fe86a3c8a2cc457933767eeb2688b882e54c6a
+image: gcr.io/repo-automation-bots/owlbot-java:latest

@@ -0,0 +1,32 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+docker:
+image: "gcr.io/repo-automation-bots/owlbot-java:latest"
+
+deep-remove-regex:
+- "/grpc-google-.*/src"
+- "/proto-google-.*/src"
+- "/google-.*/src"
+
+deep-preserve-regex:
+- "/google-.*/src/test/java/com/google/cloud/.*/v.*/it/IT.*Test.java"
+
+deep-copy-regex:
+- source: "/google/cloud/networksecurity/(v.*)/.*-java/proto-google-.*/src"
+dest: "/owl-bot-staging/$1/proto-google-cloud-network-security-$1/src"
+- source: "/google/cloud/networksecurity/(v.*)/.*-java/grpc-google-.*/src"
+dest: "/owl-bot-staging/$1/grpc-google-cloud-network-security-$1/src"
+- source: "/google/cloud/networksecurity/(v.*)/.*-java/gapic-google-.*/src"
+dest: "/owl-bot-staging/$1/google-cloud-network-security/src"

@@ -0,0 +1,10 @@
+# Code owners file.
+# This file controls who is tagged for review for any given pull request.
+
+# For syntax help see:
+# https://help..com/en//creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
+
+* @googleapis/yoshi-java
+
+# The java-samples-reviewers team is the default owner for samples changes
+samples/**/*.java @googleapis/java-samples-reviewers

@@ -0,0 +1,51 @@
+---
+name: Bug report
+about: Create a report to help us improve
+
+---
+
+Thanks for stopping by to let us know something could be better!
+
+**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on . This will ensure a timely response.
+
+Please run down the following list and make sure you've tried the usual "quick fixes":
+
+- Search the issues already opened: https://.com/googleapis/java-network-security/issues
+- Check for answers on StackOverflow: http://stackoverflow.com/questions/tagged/google-cloud-platform
+
+If you are still having issues, please include as much information as possible:
+
+#### Environment details
+
+1. Specify the API at the beginning of the title. For example, "BigQuery: ...").
+General, Core, and Other are also allowed as types
+2. OS type and version:
+3. Java version:
+4. network-security version(s):
+
+#### Steps to reproduce
+
+1. ?
+2. ?
+
+#### Code example
+
+```java
+// example
+```
+
+#### Stack trace
+```
+Any relevant stacktrace here.
+```
+
+#### External references such as API reference guides
+
+- ?
+
+#### Any additional information below
+
+
+Following these steps guarantees the quickest resolution possible.
+
+Thanks!

@@ -0,0 +1,21 @@
+---
+name: Feature request
+about: Suggest an idea for this library
+
+---
+
+Thanks for stopping by to let us know something could be better!
+
+**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on . This will ensure a timely response.
+
+**Is your feature request related to a problem? Please describe.**
+What the problem is. Example: I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+What you want to happen.
+
+**Describe alternatives you've considered**
+Any alternative solutions or features you've considered.
+
+**Additional context**
+Any other context or screenshots about the feature request.

@@ -0,0 +1,7 @@
+---
+name: Support request
+about: If you have a support contract with Google, please create an issue in the Google Cloud Support console.
+
+---
+
+**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on . This will ensure a timely response.

@@ -0,0 +1,7 @@
+Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
+- [ ] Make sure to open an issue as a [bug/issue](https://.com/googleapis/java-network-security/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
+- [ ] Ensure the tests and linter pass
+- [ ] Code coverage does not decrease (if any source code was changed)
+- [ ] Appropriate docs were updated (if necessary)
+
+Fixes #<issue_number_goes_here> ☕️

@@ -0,0 +1,7 @@
+# Configuration for the Blunderbuss app. For more info see
+# https://.com/googleapis/repo-automation-bots/tree/master/packages/blunderbuss
+assign_prs_by:
+- labels:
+- samples
+to:
+- googleapis/java-samples-reviewers

@@ -0,0 +1,12 @@
+externalManifests:
+- type: json
+file: 'synth.metadata'
+jsonpath: '$.generatedFiles[*]'
+- type: json
+file: './readme/synth.metadata/synth.metadata'
+jsonpath: '$.generatedFiles[*]'
+ignoreAuthors:
+- 'renovate-bot'
+- 'yoshi-automation'
+- 'release-please[bot]'
+- 'gcf-owl-bot[bot]'

@@ -0,0 +1,19 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""This script is used to synthesize generated the README for this library."""
+
+from synthtool.languages import java
+
+java.custom_templates(["java_library/README.md"])

@@ -0,0 +1,3 @@
+bumpMinorPreMajor: true
+handleGHRelease: true
+releaseType: java-yoshi

@@ -0,0 +1,49 @@
+
+# Whether or not rebase-merging is enabled on this repository.
+# Defaults to `true`
+rebaseMergeAllowed: false
+
+# Whether or not squash-merging is enabled on this repository.
+# Defaults to `true`
+squashMergeAllowed: true
+
+# Whether or not PRs are merged with a merge commit on this repository.
+# Defaults to `false`
+mergeCommitAllowed: false
+
+# Rules for master branch protection
+branchProtectionRules:
+# Identifies the protection rule pattern. Name of the branch to be protected.
+# Defaults to `master`
+- pattern: master
+# Can admins overwrite branch protection.
+# Defaults to `true`
+isAdminEnforced: true
+# Number of approving reviews required to update matching branches.
+# Defaults to `1`
+requiredApprovingReviewCount: 1
+# Are reviews from code owners required to update matching branches.
+# Defaults to `false`
+requiresCodeOwnerReviews: true
+# Require up to date branches
+requiresStrictStatusChecks: false
+# List of required status check contexts that must pass for commits to be accepted to matching branches.
+requiredStatusCheckContexts:
+- "dependencies (8)"
+- "dependencies (11)"
+- "linkage-monitor"
+- "lint"
+- "clirr"
+- "units (7)"
+- "units (8)"
+- "units (11)"
+- "Kokoro - Test: Integration"
+- "cla/google"
+# List of explicit permissions to add (additive only)
+permissionRules:
+- team: yoshi-admins
+permission: admin
+- team: yoshi-java-admins
+permission: admin
+- team: yoshi-java
+permission: push

@@ -0,0 +1,2 @@
+trustedContributors:
+- renovate-bot

@@ -0,0 +1,54 @@
+on:
+pull_request:
+name: auto-merge-readme
+jobs:
+approve:
+runs-on: ubuntu-latest
+if: .repository_owner == 'googleapis' && .head_ref == 'autosynth-readme'
+steps:
+- uses: actions/-script@v3
+with:
+-token: ${{secrets.YOSHI_APPROVER_TOKEN}}
+script: |
+// only approve PRs from yoshi-automation
+if (context.payload.pull_request.user.login !== "yoshi-automation") {
+return;
+}
+
+// only approve PRs like "chore: release <release version>"
+if (!context.payload.pull_request.title === "chore: regenerate README") {
+return;
+}
+
+// only approve PRs with README.md and synth.metadata changes
+const files = new Set(
+(
+await .paginate(
+.pulls.listFiles.endpoint({
+owner: context.repo.owner,
+repo: context.repo.repo,
+pull_number: context.payload.pull_request.number,
+})
+)
+).map(file => file.filename)
+);
+if (files.size != 2 || !files.has("README.md") || !files.has("./readme/synth.metadata/synth.metadata")) {
+return;
+}
+
+// approve README regeneration PR
+await .pulls.createReview({
+owner: context.repo.owner,
+repo: context.repo.repo,
+body: 'Rubber stamped PR!',
+pull_number: context.payload.pull_request.number,
+event: 'APPROVE'
+});
+
+// attach automerge label
+await .issues.addLabels({
+owner: context.repo.owner,
+repo: context.repo.repo,
+issue_number: context.payload.pull_request.number,
+labels: ['automerge']
+});

@@ -0,0 +1,88 @@
+on:
+pull_request:
+name: auto-release
+jobs:
+approve:
+runs-on: ubuntu-latest
+if: contains(.head_ref, 'release-please')
+steps:
+- uses: actions/-script@v3
+with:
+-token: ${{secrets.YOSHI_APPROVER_TOKEN}}
+debug: true
+script: |
+// only approve PRs from release-please[bot]
+if (context.payload.pull_request.user.login !== "release-please[bot]") {
+return;
+}
+
+// only approve PRs like "chore: release <release version>"
+if ( !context.payload.pull_request.title.startsWith("chore: release") ) {
+return;
+}
+
+// only approve PRs with pom.xml and versions.txt changes
+const filesPromise = .pulls.listFiles.endpoint({
+owner: context.repo.owner,
+repo: context.repo.repo,
+pull_number: context.payload.pull_request.number,
+});
+const changed_files = await .paginate(filesPromise)
+
+if ( changed_files.length < 1 ) {
+console.log( "Not proceeding since PR is empty!" )
+return;
+}
+
+if ( !changed_files.some(v => v.filename.includes("pom")) || !changed_files.some(v => v.filename.includes("versions.txt")) ) {
+console.log( "PR file changes do not have pom.xml or versions.txt -- something is wrong. PTAL!" )
+return;
+}
+
+// trigger auto-release when
+// 1) it is a SNAPSHOT release (auto-generated post regular release)
+// 2) there are dependency updates only
+// 3) there are no open dependency update PRs in this repo (to avoid multiple releases)
+if (
+context.payload.pull_request.body.includes("Fix") ||
+context.payload.pull_request.body.includes("Build") ||
+context.payload.pull_request.body.includes("Documentation") ||
+context.payload.pull_request.body.includes("BREAKING CHANGES") ||
+context.payload.pull_request.body.includes("Features")
+) {
+console.log( "Not auto-releasing since it is not a dependency-update-only release." );
+return;
+}
+
+const promise = .pulls.list.endpoint({
+owner: context.repo.owner,
+repo: context.repo.repo,
+state: 'open'
+});
+const open_pulls = await .paginate(promise)
+
+if ( open_pulls.length > 1 && !context.payload.pull_request.title.includes("SNAPSHOT") ) {
+for ( const pull of open_pulls ) {
+if ( pull.title.startsWith("deps: update dependency") ) {
+console.log( "Not auto-releasing yet since there are dependency update PRs open in this repo." );
+return;
+}
+}
+}
+
+// approve release PR
+await .pulls.createReview({
+owner: context.repo.owner,
+repo: context.repo.repo,
+body: 'Rubber stamped release!',
+pull_number: context.payload.pull_request.number,
+event: 'APPROVE'
+});
+
+// attach kokoro:force-run and automerge labels
+await .issues.addLabels({
+owner: context.repo.owner,
+repo: context.repo.repo,
+issue_number: context.payload.pull_request.number,
+labels: ['kokoro:force-run', 'automerge']
+});