Merge pull request #244 from DSACMS/nat/repo-scaffolder-gh-actions

Workflows: Added auto-changelog, gitleaks, and contributors-list GH actions + docs

.github/workflows/auto-changelog.yml

@@ -0,0 +1,13 @@
+name: Changelog
+on:
+  release:
+    types:
+      - created
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Auto Generate changelog"
+        uses: heinrichreimer/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/contributors.yml

@@ -0,0 +1,69 @@
+name: Update Contributors Information
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    # Weekly on Saturdays.
+    - cron: "30 1 * * 6"
+  push:
+    branches: [main]
+
+jobs:
+  update-contributors:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Update contributor list
+        id: contrib_list
+        uses: akhilmhdh/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          readme_path: MAINTAINERS.md
+          use_username: false
+          commit_message: "update contributors information"
+
+      - name: Get contributors count
+        id: get_contributors
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+        run: |
+          OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1)
+          REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2)
+          QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }'
+
+          CONTRIBUTORS=$(gh api \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "/repos/$OWNER/$REPO/contributors?per_page=100" | \
+            jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length')
+
+          echo "Total contributors: $CONTRIBUTORS"
+          echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT
+
+      - name: Update MAINTAINERS.md
+        run: |
+          CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}"
+
+          perl -i -pe 's/(<!--CONTRIBUTOR COUNT START-->).*?(<!--CONTRIBUTOR COUNT END-->)/$1 '"$CONTRIBUTORS"' $2/' MAINTAINERS.md
+
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+          git add MAINTAINERS.md
+          git commit -m "update contributors count to $CONTRIBUTORS" || exit 0
+
+      - name: Push protected
+        uses: CasperWA/push-protected@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+          branch: main

.github/workflows/gitleaks.yml

@@ -0,0 +1,15 @@
+name: Check for Secrets
+on:
+  pull_request:
+  push:
+
+jobs:
+  scan-for-secrets:
+    name: Run gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with: { fetch-depth: 0 }
+
+      - name: Check for GitLeaks
+        uses: gacts/gitleaks@v1

README.md

@@ -138,6 +138,10 @@ cookiecutter . --directory=codejson
 
 ### Maintaining your repository using repo-scaffolder
 
+#### Updating repository using GitHub action workflows
+
+The OSPO created various [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository. The jobs are located in `.github` directory of your project.
+
 #### Updating projects with new repo-scaffolder upstream file changes
 
 When creating projects, if you want to receive updates then add `dsacms-tierX` as a github topic to the repo. The scaffolder repo includes github workflows that will find all repos with that tag and can raise a pull request with an updated string or adding a file. See [actions.md](https://github.com/DSACMS/repo-scaffolder/blob/main/.github/actions.md) for more information.
@@ -165,6 +169,7 @@ repolinter lint tier4/\{\{cookiecutter.project_slug\}\}
 ```
 
 #### Automated repolinter actions
+
 A tool to automatically update repositories up to hygenic standards with the use of [Repolinter through GitHub Actions](https://github.com/DSACMS/repolinter-actions) is also available. This action sends a PR to your repository with templates of all the missing files and sections that are required using a predefined rulset. Visit the repository for more information on how to get this action up and running.
 
 # Development and Software Delivery Lifecycle

.github/docs/workflows.md → docs/workflows.md

@@ -2,10 +2,10 @@
 
 Located in .**github/workflows**, the OSPO has created GitHub Actions workflows to assist project teams with development and documentation upkeep for repository hygiene.
 
-| File Name                                                                                                                                                  | Tier       | Description                                        |
-| :--------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------- | :------------------------------------------------- |
-| [auto-changelog.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/auto-changelog.yml) | 2, 3, 4    | Auto-generates a CHANGELOG.md                      |
-| [checks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/checks.yml)                 | 1, 2, 3, 4 | Performs repolinter checks                         |
-| [contributors.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/contributors.yml)     | 2, 3, 4    | Generates a list of contributors in MAINTAINERS.md |
-| [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml)             | 1, 2, 3, 4 | Scans for secrets upon each push or PR             |
-| [repoStructure.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/repoStructure.yml)   | 3, 4       | Generates repo structure in README.md              |
+| File Name                                                                                                                                                      | Tier       | Description                                        |
+| :------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------- | :------------------------------------------------- |
+| [auto-changelog.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/auto-changelog.yml)     | 2, 3, 4    | Auto-generates a CHANGELOG.md                      |
+| [repoHygieneCheck.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/repoHygieneCheck.yml) | 1, 2, 3, 4 | Performs repolinter checks                         |
+| [contributors.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/contributors.yml)         | 2, 3, 4    | Generates a list of contributors in MAINTAINERS.md |
+| [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml)                 | 1, 2, 3, 4 | Scans for secrets upon each push or PR             |
+| [repoStructure.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/repoStructure.yml)       | 3, 4       | Generates repo structure in README.md              |

tier1/README.md

@@ -7,22 +7,26 @@ A **Tier 1** project refers to an **informational or historical** project that h
 The main purpose of a Tier 1 project is to share knowledge and provide information from past work. Though available for public consumption, the project is **not expected to evolve or expand** in the future. Contributors may not engage in continuous development or issue resolution.
 
 ### Key Characteristics of a Tier 1 Project:
+
 - **Publicly released** without planned future development or maintenance.
 - Primarily **informational or historical** in nature.
 - May still provide value to the community, but it is not actively worked on.
-  
+
 ---
 
 ## Files for a Tier 1 Project
 
 There are specific files that are required and recommended to include in the repository as part of the CMS Open Source Program Office's repository hygiene guidelines and standards.
 
+| **File**          | **Requirement** | **Description**                                                                                                                                          |
+| ----------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `LICENSE`         | Mandatory       | Defines the licensing terms under which the project is distributed.                                                                                      |
+| `SECURITY.md`     | Mandatory       | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code.                                         |
+| `README.md`       | Mandatory       | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. |
+| `CONTRIBUTING.md` | Recommended     | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests.                           |
+
+For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md).
 
-| **File**              | **Requirement** | **Description**                                                                                             |
-|-----------------------|-----------------|-------------------------------------------------------------------------------------------------------------|
-| `LICENSE`             | Mandatory       | Defines the licensing terms under which the project is distributed. |
-| `SECURITY.md`         | Mandatory       | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. |
-| `README.md`           | Mandatory       | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. |
-| `CONTRIBUTING.md`     | Recommended     | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. |
+## Workflows
 
-For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md).
+Located in the `.github` directory are [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository.

tier2/README.md

@@ -7,6 +7,7 @@ A **Tier 2** project is a **collaborative effort** that typically occurs within
 Innersource projects often allow different teams within the same organization to contribute, fostering collaboration and code-sharing internally while maintaining control over external access.
 
 ### Key Characteristics of a Tier 2 Project:
+
 - Focuses on **collaborating within a smaller team** or internal group.
 - Utilizes **innersource practices**, where internal teams work collaboratively on code, borrowing from open source workflows but keeping the work within the organization.
 - Projects may be shared among internal stakeholders or divisions.
@@ -18,15 +19,19 @@ Innersource projects often allow different teams within the same organization to
 
 There are specific files that are required and recommended to include in the repository as part of the CMS Open Source Program Office's repository hygiene guidelines and standards.
 
-| **File**              | **Requirement** | **Description**                                                                                             |
-|-----------------------|-----------------|-------------------------------------------------------------------------------------------------------------|
-| `LICENSE`             | Mandatory       | Defines the licensing terms under which the project is distributed. |
-| `SECURITY.md`         | Mandatory       | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. |
-| `README.md`           | Mandatory       | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. |
-| `CONTRIBUTING.md`     | Mandatory       | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. |
-| `MAINTAINERS.md`      | Recommended     | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests. |
-| `CODEOWNERS.md`       | Recommended     | Defines ownership of various sections of the repository. |
-| `COMMUNITY_GUIDELINES.md` | Mandatory   | Outlines how team members should engage with each other while working on the project, including behavior expectations for internal contributors. |
-| `CODE_OF_CONDUCT.md`  | Mandatory       | Establishes guidelines for professional and respectful behavior to foster a collaborative environment. |
+| **File**                  | **Requirement** | **Description**                                                                                                                                          |
+| ------------------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `LICENSE`                 | Mandatory       | Defines the licensing terms under which the project is distributed.                                                                                      |
+| `SECURITY.md`             | Mandatory       | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code.                                         |
+| `README.md`               | Mandatory       | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. |
+| `CONTRIBUTING.md`         | Mandatory       | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests.                           |
+| `MAINTAINERS.md`          | Recommended     | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests.                                          |
+| `CODEOWNERS.md`           | Recommended     | Defines ownership of various sections of the repository.                                                                                                 |
+| `COMMUNITY_GUIDELINES.md` | Mandatory       | Outlines how team members should engage with each other while working on the project, including behavior expectations for internal contributors.         |
+| `CODE_OF_CONDUCT.md`      | Mandatory       | Establishes guidelines for professional and respectful behavior to foster a collaborative environment.                                                   |
 
 For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md).
+
+## Workflows
+
+Located in the `.github` directory are [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository.