From 780ac2d62fa5778f2afcf3c0d9f6c5569c4eab99 Mon Sep 17 00:00:00 2001 From: Sachin Panayil Date: Wed, 12 Feb 2025 12:48:51 -0500 Subject: [PATCH] added compliant workflows Signed-off-by: Sachin Panayil --- .github/workflows/checks.yml | 59 ---------------------- .github/workflows/repoHygieneCheck.yml | 70 ++++++++++++++++++++++++++ .github/workflows/updateCodeJSON.yml | 34 +++++++++++++ 3 files changed, 104 insertions(+), 59 deletions(-) delete mode 100644 .github/workflows/checks.yml create mode 100644 .github/workflows/repoHygieneCheck.yml create mode 100644 .github/workflows/updateCodeJSON.yml diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml deleted file mode 100644 index e7340c3..0000000 --- a/.github/workflows/checks.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: "run-linting-checks" -on: - push: - branches: - - 'main' - -jobs: - resolve-repolinter-json: - uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main - with: - url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json' - - repolinter-checks: - name: Tier 3 Checks - needs: resolve-repolinter-json - runs-on: ubuntu-latest - env: - - RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json }} - - steps: - - uses: actions/checkout@v4 - - run: echo $RAW_JSON > repolinter.json - - uses: newrelic/repolinter-action@v1 - with: - # A path to the JSON/YAML Repolinter ruleset to use, relative to the workflow - # working directory (i.e. under `$GITHUB_WORKSPACE`). - # - # This option is mutually exclusive with config_url. If this option and - # config_url are not specified, Repolinter's default ruleset will be used. - config_file: 'repolinter.json' - - # Where repolinter-action should put the linting results. There are two - # options available: - # * "exit-code": repolinter-action will print the lint output to the console - # and set the exit code to result.passed. This output type is most useful for - # PR status checks. - # * "issue": repolinter-action will create a GitHub issue on the current - # repository with the repolinter output and always exit 0. See the README for - # more details on issue outputting behavior. This output type is ideal for - # non-intrusive notification. - # - # Default: "exit-code" - output_type: 'issue' - - # The title to use for the issue created by repolinter-action. This title - # should indicate the purpose of the issue, as well as that it was created by - # a bot. - # - # This option will be ignored if output_type != "issue". - # - # Default: "[Repolinter] Open Source Policy Issues" - output_name: '[Repolinter] Tier 3 Repository Hygiene Issue' - - # The default token is the repolinter token for the DSACMS org - # You can change it if needed. - - token: ${{ secrets.REPOLINTER_AUTO_TOKEN }} - diff --git a/.github/workflows/repoHygieneCheck.yml b/.github/workflows/repoHygieneCheck.yml new file mode 100644 index 0000000..5776d4c --- /dev/null +++ b/.github/workflows/repoHygieneCheck.yml @@ -0,0 +1,70 @@ +name: "Repository Hygiene Check" +on: + push: + branches: + - 'main' + workflow_dispatch: + +jobs: + check-first-run: + name: Check For First Run + runs-on: ubuntu-latest + outputs: + should_run: ${{ steps.check.outputs.should_run }} + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v4 + - id: check + run: | + # If manually triggered, always run + + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "should_run=true" >> $GITHUB_OUTPUT + exit 0 + + fi + + # Check if initialization label exists + + has_label=$(gh label list --json name | jq '.[] | select(.name=="repolinter-initialized")') + + if [[ -z "$has_label" ]]; then + # First time - create label and allow run + gh label create repolinter-initialized --description "Marks repo as having run initial repolinter check" + echo "should_run=true" >> $GITHUB_OUTPUT + else + echo "should_run=false" >> $GITHUB_OUTPUT + + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + resolve-repolinter-json: + name: Get Repolinter Config + needs: check-first-run + if: needs.check-first-run.outputs.should_run == 'true' + uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main + with: + url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json' + + repolinter-checks: + name: Tier 3 Checks + needs: [check-first-run, resolve-repolinter-json] + if: needs.check-first-run.outputs.should_run == 'true' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + env: + RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json }} + steps: + - uses: actions/checkout@v4 + - run: echo $RAW_JSON > repolinter.json + - uses: DSACMS/repolinter-action@main + with: + config_file: 'repolinter.json' + output_type: 'pull-request' + pull_request_labels: 'repolinter-initialized, cms-oss, cms-gov' + token: ${{ secrets.REPOLINTER_AUTO_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/updateCodeJSON.yml b/.github/workflows/updateCodeJSON.yml new file mode 100644 index 0000000..fff52c6 --- /dev/null +++ b/.github/workflows/updateCodeJSON.yml @@ -0,0 +1,34 @@ +name: Update Code.json +on: + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + +jobs: + update-code-json: + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '1.22' + + - name: Install SCC + run: go install github.com/boyter/scc/v3@latest + + - name: Update code.json + uses: DSACMS/automated-codejson-generator@main + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file