feat: Add Cloudflare provider

.cspell.json

@@ -0,0 +1,16 @@
+{
+  "ignorePaths": [
+    "**/node_modules/**",
+    "**/vscode-extension/**",
+    "**/.git/**",
+    "**/.pnpm-lock.json",
+    ".vscode",
+    "megalinter",
+    "package-lock.json",
+    "report"
+  ],
+  "language": "en",
+  "noConfigSearch": true,
+  "words": ["megalinter", "oxsecurity"],
+  "version": "0.2"
+}

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence
+*                                    @DeFiCh/infra

.github/labeler.yml

@@ -0,0 +1,30 @@
+"cloud/cloudflare":
+  - changed-files:
+      - any-glob-to-any-file: tf/cloudflare/**
+
+"cloud/linode":
+  - changed-files:
+      - any-glob-to-any-file: tf/linode/**
+
+"cloud/aws":
+  - changed-files:
+      - any-glob-to-any-file: tf/aws/**
+
+"cloud/gcp":
+  - changed-files:
+      - any-glob-to-any-file: tf/gcp/**
+
+"tool/terraform":
+  - changed-files:
+      - any-glob-to-any-file:
+          - tf/**
+
+"tool/ansible":
+  - changed-files:
+      - any-glob-to-any-file:
+          - ansible/**
+
+"tool/k8s":
+  - changed-files:
+      - any-glob-to-any-file:
+          - k8s/**

.github/pr-labeler.yaml

@@ -0,0 +1,9 @@
+"kind/ci": ci/*
+"kind/bug": ["fix/*", "bug/*"]
+"kind/chore": chore/*
+"kind/refactor": refactor/*
+"kind/release": release/*
+"kind/revert": revert/*
+"kind/security": security/*
+"kind/documentation": ["documentation/*", "doc/*"]
+"kind/enhancement": ["feat/*", "feature/*"]

.github/pull_request_template.md

@@ -0,0 +1,29 @@
+# Description
+
+<!-- Briefly describe the purpose of this pull request -->
+
+## Changes
+
+<!-- List the high-level changes introduced by this pull request -->
+
+## Related Issues
+
+<!-- Mention any related issues that this pull request addresses or closes (e.g., "Fixes #123") -->
+
+## Checklist
+
+- [ ] I have tested these changes locally
+- [ ] I have added/updated unit tests, if applicable
+- [ ] All existing tests pass
+- [ ] I have updated the documentation accordingly
+- [ ] My code follows the project's coding guidelines
+- [ ] I have rebased my branch on the latest master/main branch
+- [ ] The title of my pull request is a short description of the changes
+
+## Screenshots (if applicable)
+
+<!-- Include screenshots or GIFs if the changes are visual -->
+
+## Additional Notes
+
+<!-- Add any additional information that might be relevant to reviewers -->

.github/workflows/labeler.yaml

@@ -0,0 +1,14 @@
+name: "Pull Request Labeler"
+
+on: [pull_request]
+
+permissions: read-all
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0

.github/workflows/mega-linter.yml

@@ -0,0 +1,186 @@
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.io
+---
+name: MegaLinter
+
+# Trigger mega-linter at every push. Action will also be visible from
+# Pull Requests to main
+on:
+  # Comment this line to trigger action only on pull-requests
+  # (not recommended if you don't pay for GH Actions)
+  # push:
+
+  pull_request:
+    branches:
+      - main
+      - master
+
+# Comment env block if you do not want to apply fixes
+env:
+  # Apply linter fixes configuration
+  #
+  # When active, APPLY_FIXES must also be defined as environment variable
+  # (in github/workflows/mega-linter.yml or other CI tool)
+  APPLY_FIXES: all
+
+  # Decide which event triggers application of fixes in a commit or a PR
+  # (pull_request, push, all)
+  APPLY_FIXES_EVENT: pull_request
+
+  # If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
+  # or posted in a PR (pull_request)
+  APPLY_FIXES_MODE: commit
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: read-all
+
+jobs:
+  megalinter:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+
+    # Give the default GITHUB_TOKEN write permission to commit and push, comment
+    # issues, and post new Pull Requests; remove the ones you do not need
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+
+          # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
+          # improve performance
+          fetch-depth: 0
+
+      # MegaLinter
+      - name: MegaLinter
+
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.io/latest/flavors/
+        uses: oxsecurity/megalinter/flavors/terraform@688bc7466d7ab4faa83d614c2e6f9acf42b674dc # @v7.8.0
+
+        id: ml
+
+        # All available variables are described in documentation
+        # https://megalinter.io/latest/config-file/
+        env:
+          # Validates all source when push on main, else just the git diff with
+          # main. Override with true if you always want to lint all sources
+          #
+          # To validate the entire codebase, set to:
+          # VALIDATE_ALL_CODEBASE: true
+          #
+          # To validate only diff with main, set to:
+          VALIDATE_ALL_CODEBASE: >-
+            ${{
+              github.event_name == 'push' &&
+              github.ref == 'refs/heads/main'
+            }}
+
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF
+          # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
+          REPOSITORY_GITLEAKS_PR_COMMITS_SCAN: "true"
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: MegaLinter reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # @v5.0.2
+        id: cpr
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'pull_request' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply linters automatic fixes"
+          title: "[MegaLinter] Apply linters automatic fixes"
+          labels: bot
+
+      - name: Create PR output
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'pull_request' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        run: |
+          echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'commit' &&
+          github.ref != 'refs/heads/main' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        run: sudo chown -Rc $UID .git/
+
+      - name: Commit and push applied linter fixes
+        uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # @v4
+        if: >-
+          steps.ml.outputs.has_updated_sources == 1 &&
+          (
+            env.APPLY_FIXES_EVENT == 'all' ||
+            env.APPLY_FIXES_EVENT == github.event_name
+          ) &&
+          env.APPLY_FIXES_MODE == 'commit' &&
+          github.ref != 'refs/heads/main' &&
+          (
+            github.event_name == 'push' ||
+            github.event.pull_request.head.repo.full_name == github.repository
+          ) &&
+          !contains(github.event.head_commit.message, 'skip fix')
+        with:
+          branch: >-
+            ${{
+              github.event.pull_request.head.ref ||
+              github.head_ref ||
+              github.ref
+            }}
+          commit_message: "[MegaLinter] Apply linters fixes"
+          commit_user_name: megalinter-bot
+          commit_user_email: [email protected]

.github/workflows/pr-labeler.yaml

@@ -0,0 +1,17 @@
+name: PR Labeler
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  pr-labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: TimonVS/pr-labeler-action@8b99f404a073744885d8021d1de4e40c6eaf38e2 # @v4.1.1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/semantic-title.yaml

@@ -0,0 +1,23 @@
+name: "Semantic Title Check"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions: read-all
+
+jobs:
+  main:
+    name: Validate PR title
+    permissions:
+      issues: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      # https://github.com/commitizen/conventional-commit-types/blob/master/index.json
+      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/size-labeler.yaml

@@ -0,0 +1,28 @@
+name: "Label PR Size"
+
+on: [pull_request]
+
+permissions: read-all
+
+jobs:
+  size_labeler:
+    name: Label the PR size
+    permissions:
+      issues: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: codelytv/pr-size-labeler@54ef36785e9f4cb5ecf1949cfc9b00dbb621d761 # v1.8.1
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          xs_label: "size/xs"
+          xs_max_size: "50"
+          s_label: "size/s"
+          s_max_size: "200"
+          m_label: "size/m"
+          m_max_size: "500"
+          l_label: "size/l"
+          l_max_size: "1000"
+          xl_label: "size/xl"
+          fail_if_xl: "false"
+          message_if_xl: ""