From 1980d566b44d01121d2ca78805f11b2c13d76eec Mon Sep 17 00:00:00 2001 From: Sachin Panayil Date: Mon, 10 Feb 2025 14:13:13 -0500 Subject: [PATCH] added new workflows for compliance Signed-off-by: Sachin Panayil --- .github/workflows/repoHygieneCheck.yml | 70 ++++++++++++++++++++++++++ .github/workflows/updateCodeJSON.yml | 34 +++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 .github/workflows/repoHygieneCheck.yml create mode 100644 .github/workflows/updateCodeJSON.yml diff --git a/.github/workflows/repoHygieneCheck.yml b/.github/workflows/repoHygieneCheck.yml new file mode 100644 index 0000000..5776d4c --- /dev/null +++ b/.github/workflows/repoHygieneCheck.yml @@ -0,0 +1,70 @@ +name: "Repository Hygiene Check" +on: + push: + branches: + - 'main' + workflow_dispatch: + +jobs: + check-first-run: + name: Check For First Run + runs-on: ubuntu-latest + outputs: + should_run: ${{ steps.check.outputs.should_run }} + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v4 + - id: check + run: | + # If manually triggered, always run + + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "should_run=true" >> $GITHUB_OUTPUT + exit 0 + + fi + + # Check if initialization label exists + + has_label=$(gh label list --json name | jq '.[] | select(.name=="repolinter-initialized")') + + if [[ -z "$has_label" ]]; then + # First time - create label and allow run + gh label create repolinter-initialized --description "Marks repo as having run initial repolinter check" + echo "should_run=true" >> $GITHUB_OUTPUT + else + echo "should_run=false" >> $GITHUB_OUTPUT + + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + resolve-repolinter-json: + name: Get Repolinter Config + needs: check-first-run + if: needs.check-first-run.outputs.should_run == 'true' + uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main + with: + url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json' + + repolinter-checks: + name: Tier 3 Checks + needs: [check-first-run, resolve-repolinter-json] + if: needs.check-first-run.outputs.should_run == 'true' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + env: + RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json }} + steps: + - uses: actions/checkout@v4 + - run: echo $RAW_JSON > repolinter.json + - uses: DSACMS/repolinter-action@main + with: + config_file: 'repolinter.json' + output_type: 'pull-request' + pull_request_labels: 'repolinter-initialized, cms-oss, cms-gov' + token: ${{ secrets.REPOLINTER_AUTO_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/updateCodeJSON.yml b/.github/workflows/updateCodeJSON.yml new file mode 100644 index 0000000..fff52c6 --- /dev/null +++ b/.github/workflows/updateCodeJSON.yml @@ -0,0 +1,34 @@ +name: Update Code.json +on: + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + +jobs: + update-code-json: + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '1.22' + + - name: Install SCC + run: go install github.com/boyter/scc/v3@latest + + - name: Update code.json + uses: DSACMS/automated-codejson-generator@main + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file