diff --git a/.github/workflows/auto-changelog.yml b/.github/workflows/auto-changelog.yml new file mode 100644 index 0000000..f4d86d7 --- /dev/null +++ b/.github/workflows/auto-changelog.yml @@ -0,0 +1,13 @@ +name: Changelog +on: + release: + types: + - created +jobs: + changelog: + runs-on: ubuntu-latest + steps: + - name: "Auto Generate changelog" + uses: heinrichreimer/action-github-changelog-generator@v2.3 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml new file mode 100644 index 0000000..4d80205 --- /dev/null +++ b/.github/workflows/contributors.yml @@ -0,0 +1,69 @@ +name: Update Contributors Information + +on: + workflow_dispatch: {} + schedule: + # Weekly on Saturdays. + - cron: "30 1 * * 6" + push: + branches: [main] + +jobs: + update-contributors: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Update contributor list + id: contrib_list + uses: akhilmhdh/contributors-readme-action@v2.3.10 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + readme_path: MAINTAINERS.md + use_username: false + commit_message: "update contributors information" + + - name: Get contributors count + id: get_contributors + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + run: | + OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) + REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) + QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }' + + CONTRIBUTORS=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "/repos/$OWNER/$REPO/contributors?per_page=100" | \ + jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length') + + echo "Total contributors: $CONTRIBUTORS" + echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT + + - name: Update MAINTAINERS.md + run: | + CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}" + + perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' MAINTAINERS.md + + git config user.name 'github-actions[bot]' + git config user.email 'github-actions[bot]@users.noreply.github.com' + git add MAINTAINERS.md + git commit -m "update contributors count to $CONTRIBUTORS" || exit 0 + + - name: Push protected + uses: CasperWA/push-protected@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + branch: main diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 0000000..d4b1597 --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,15 @@ +name: Check for Secrets +on: + pull_request: + push: + +jobs: + scan-for-secrets: + name: Run gitleaks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: { fetch-depth: 0 } + + - name: Check for GitLeaks + uses: gacts/gitleaks@v1 diff --git a/README.md b/README.md index b5d3d0e..f843475 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,10 @@ cookiecutter . --directory=codejson ### Maintaining your repository using repo-scaffolder +#### Updating repository using GitHub action workflows + +The OSPO created various [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository. The jobs are located in `.github` directory of your project. + #### Updating projects with new repo-scaffolder upstream file changes When creating projects, if you want to receive updates then add `dsacms-tierX` as a github topic to the repo. The scaffolder repo includes github workflows that will find all repos with that tag and can raise a pull request with an updated string or adding a file. See [actions.md](https://github.com/DSACMS/repo-scaffolder/blob/main/.github/actions.md) for more information. @@ -165,6 +169,7 @@ repolinter lint tier4/\{\{cookiecutter.project_slug\}\} ``` #### Automated repolinter actions + A tool to automatically update repositories up to hygenic standards with the use of [Repolinter through GitHub Actions](https://github.com/DSACMS/repolinter-actions) is also available. This action sends a PR to your repository with templates of all the missing files and sections that are required using a predefined rulset. Visit the repository for more information on how to get this action up and running. # Development and Software Delivery Lifecycle diff --git a/.github/docs/workflows.md b/docs/workflows.md similarity index 53% rename from .github/docs/workflows.md rename to docs/workflows.md index 343ca61..f09f1b8 100644 --- a/.github/docs/workflows.md +++ b/docs/workflows.md @@ -2,10 +2,10 @@ Located in .**github/workflows**, the OSPO has created GitHub Actions workflows to assist project teams with development and documentation upkeep for repository hygiene. -| File Name | Tier | Description | -| :--------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------- | :------------------------------------------------- | -| [auto-changelog.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/auto-changelog.yml) | 2, 3, 4 | Auto-generates a CHANGELOG.md | -| [checks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/checks.yml) | 1, 2, 3, 4 | Performs repolinter checks | -| [contributors.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/contributors.yml) | 2, 3, 4 | Generates a list of contributors in MAINTAINERS.md | -| [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) | 1, 2, 3, 4 | Scans for secrets upon each push or PR | -| [repoStructure.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/repoStructure.yml) | 3, 4 | Generates repo structure in README.md | +| File Name | Tier | Description | +| :------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------- | :------------------------------------------------- | +| [auto-changelog.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/auto-changelog.yml) | 2, 3, 4 | Auto-generates a CHANGELOG.md | +| [repoHygieneCheck.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/repoHygieneCheck.yml) | 1, 2, 3, 4 | Performs repolinter checks | +| [contributors.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/contributors.yml) | 2, 3, 4 | Generates a list of contributors in MAINTAINERS.md | +| [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) | 1, 2, 3, 4 | Scans for secrets upon each push or PR | +| [repoStructure.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/repoStructure.yml) | 3, 4 | Generates repo structure in README.md | diff --git a/tier1/README.md b/tier1/README.md index ec7a5ff..d695f36 100644 --- a/tier1/README.md +++ b/tier1/README.md @@ -7,22 +7,26 @@ A **Tier 1** project refers to an **informational or historical** project that h The main purpose of a Tier 1 project is to share knowledge and provide information from past work. Though available for public consumption, the project is **not expected to evolve or expand** in the future. Contributors may not engage in continuous development or issue resolution. ### Key Characteristics of a Tier 1 Project: + - **Publicly released** without planned future development or maintenance. - Primarily **informational or historical** in nature. - May still provide value to the community, but it is not actively worked on. - + --- ## Files for a Tier 1 Project There are specific files that are required and recommended to include in the repository as part of the CMS Open Source Program Office's repository hygiene guidelines and standards. +| **File** | **Requirement** | **Description** | +| ----------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | +| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | +| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | +| `CONTRIBUTING.md` | Recommended | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | + +For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md). -| **File** | **Requirement** | **Description** | -|-----------------------|-----------------|-------------------------------------------------------------------------------------------------------------| -| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | -| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | -| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | -| `CONTRIBUTING.md` | Recommended | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | +## Workflows -For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md). \ No newline at end of file +Located in the `.github` directory are [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository. diff --git a/tier2/README.md b/tier2/README.md index 3b77b1f..32ab0b8 100644 --- a/tier2/README.md +++ b/tier2/README.md @@ -7,6 +7,7 @@ A **Tier 2** project is a **collaborative effort** that typically occurs within Innersource projects often allow different teams within the same organization to contribute, fostering collaboration and code-sharing internally while maintaining control over external access. ### Key Characteristics of a Tier 2 Project: + - Focuses on **collaborating within a smaller team** or internal group. - Utilizes **innersource practices**, where internal teams work collaboratively on code, borrowing from open source workflows but keeping the work within the organization. - Projects may be shared among internal stakeholders or divisions. @@ -18,15 +19,19 @@ Innersource projects often allow different teams within the same organization to There are specific files that are required and recommended to include in the repository as part of the CMS Open Source Program Office's repository hygiene guidelines and standards. -| **File** | **Requirement** | **Description** | -|-----------------------|-----------------|-------------------------------------------------------------------------------------------------------------| -| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | -| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | -| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | -| `CONTRIBUTING.md` | Mandatory | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | -| `MAINTAINERS.md` | Recommended | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests. | -| `CODEOWNERS.md` | Recommended | Defines ownership of various sections of the repository. | -| `COMMUNITY_GUIDELINES.md` | Mandatory | Outlines how team members should engage with each other while working on the project, including behavior expectations for internal contributors. | -| `CODE_OF_CONDUCT.md` | Mandatory | Establishes guidelines for professional and respectful behavior to foster a collaborative environment. | +| **File** | **Requirement** | **Description** | +| ------------------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | +| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | +| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | +| `CONTRIBUTING.md` | Mandatory | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | +| `MAINTAINERS.md` | Recommended | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests. | +| `CODEOWNERS.md` | Recommended | Defines ownership of various sections of the repository. | +| `COMMUNITY_GUIDELINES.md` | Mandatory | Outlines how team members should engage with each other while working on the project, including behavior expectations for internal contributors. | +| `CODE_OF_CONDUCT.md` | Mandatory | Establishes guidelines for professional and respectful behavior to foster a collaborative environment. | For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md). + +## Workflows + +Located in the `.github` directory are [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository. diff --git a/tier3/README.md b/tier3/README.md index 0f27bb2..d024e5e 100644 --- a/tier3/README.md +++ b/tier3/README.md @@ -5,6 +5,7 @@ A **Tier 3** project is an **open collaboration** effort where the work is conducted in public. The project is led by smaller, semi-open teams but encourages **limited external contributions**. The work is typically **open source**, but the direction and maintenance of the project are CMS-led, controlled by a smaller group or team, rather than a large, decentralized community. Tier 3 projects may be public-facing tools, utilities, or websites, where external contributions are welcomed but managed closely by the core team. ### Key Characteristics of a Tier 3 Project: + - **Collaborative in public**, where the work is open to external stakeholders. - Led by a **CMS team** (often organizational or tool-specific). - Accepts **limited contributions from external sources**, typically following specific guidelines. @@ -17,16 +18,20 @@ A **Tier 3** project is an **open collaboration** effort where the work is condu There are specific files that are required and recommended to include in the repository as part of the CMS Open Source Program Office's repository hygiene guidelines and standards. -| **File** | **Requirement** | **Description** | -|-----------------------|-----------------|-------------------------------------------------------------------------------------------------------------| -| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | -| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | -| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | -| `CONTRIBUTING.md` | Mandatory | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | -| `MAINTAINERS.md` | Recommended | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests. | -| `GOVERNANCE.md` | Recommended | Describes the governance model of the project, such as decision-making processes and rules for contributing. It ensures a transparent process for managing the project. | -| `CODEOWNERS.md` | Recommended | Defines ownership of various sections of the repository. | -| `COMMUNITY_GUIDELINES.md` | Mandatory | Defines expectations for interactions within the project's community, including how external contributors should engage and behave. | -| `CODE_OF_CONDUCT.md` | Mandatory | Establishes guidelines for acceptable behavior within the community, setting expectations for how contributors should interact in a respectful and collaborative manner. | +| **File** | **Requirement** | **Description** | +| ------------------------- | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | +| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | +| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | +| `CONTRIBUTING.md` | Mandatory | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | +| `MAINTAINERS.md` | Recommended | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests. | +| `GOVERNANCE.md` | Recommended | Describes the governance model of the project, such as decision-making processes and rules for contributing. It ensures a transparent process for managing the project. | +| `CODEOWNERS.md` | Recommended | Defines ownership of various sections of the repository. | +| `COMMUNITY_GUIDELINES.md` | Mandatory | Defines expectations for interactions within the project's community, including how external contributors should engage and behave. | +| `CODE_OF_CONDUCT.md` | Mandatory | Establishes guidelines for acceptable behavior within the community, setting expectations for how contributors should interact in a respectful and collaborative manner. | For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md). + +## Workflows + +Located in the `.github` directory are [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository. diff --git a/tier4/README.md b/tier4/README.md index 70d7a33..0d04fe6 100644 --- a/tier4/README.md +++ b/tier4/README.md @@ -5,6 +5,7 @@ A **Tier 4** project is a fully **open and collaborative** project that operates under a **community governance model**. In Tier 4 projects, the focus is on **collaborating broadly with the public**, and the project is often either **donated** to or **stewarded** by an external community. The governance structure is **open** and welcomes input from a wide range of contributors, typically from outside the original development team. ### Key Characteristics of a Tier 4 Project: + - **Broad public collaboration** with contributions welcomed from the community. - **Community-led governance**, where decisions are made transparently, often with input from various stakeholders. - **Mature open-source project**, typically with a well-defined governance structure to guide development, maintenance, and project direction. @@ -15,16 +16,20 @@ A **Tier 4** project is a fully **open and collaborative** project that operates There are specific files that are required to include in the repository as part of the CMS Open Source Program Office's repository hygiene guidelines and standards. -| **File** | **Requirement** | **Description** | -|-----------------------|-----------------|-------------------------------------------------------------------------------------------------------------| -| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | -| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | -| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | -| `CONTRIBUTING.md` | Mandatory | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | -| `MAINTAINERS.md` | Mandatory | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests. | -| `GOVERNANCE.md` | Mandatory | Describes the governance model of the project, such as decision-making processes and rules for contributing. It ensures a transparent process for managing the project. | -| `CODEOWNERS.md` | Mandatory | Defines ownership of various sections of the repository. | -| `COMMUNITY_GUIDELINES.md` | Mandatory | Defines expectations for interactions within the project's community, including how external contributors should engage and behave. | -| `CODE_OF_CONDUCT.md` | Mandatory | Establishes guidelines for acceptable behavior within the community, setting expectations for how contributors should interact in a respectful and collaborative manner. | +| **File** | **Requirement** | **Description** | +| ------------------------- | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `LICENSE` | Mandatory | Defines the licensing terms under which the project is distributed. | +| `SECURITY.md` | Mandatory | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. | +| `README.md` | Mandatory | Provides a comprehensive overview of the project, including its purpose, how to install or use it, and any relevant information for users or developers. | +| `CONTRIBUTING.md` | Mandatory | Offers guidelines for contributing to the project, including code standards, how to submit issues, and creating pull requests. | +| `MAINTAINERS.md` | Mandatory | Lists the individuals responsible for maintaining the project as well as reviewing and approving pull requests. | +| `GOVERNANCE.md` | Mandatory | Describes the governance model of the project, such as decision-making processes and rules for contributing. It ensures a transparent process for managing the project. | +| `CODEOWNERS.md` | Mandatory | Defines ownership of various sections of the repository. | +| `COMMUNITY_GUIDELINES.md` | Mandatory | Defines expectations for interactions within the project's community, including how external contributors should engage and behave. | +| `CODE_OF_CONDUCT.md` | Mandatory | Establishes guidelines for acceptable behavior within the community, setting expectations for how contributors should interact in a respectful and collaborative manner. | For more information about required sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md). + +## Workflows + +Located in the `.github` directory are [GitHub Action workflows](../docs/workflows.md) that can be used to regularly update your repository.