From d40572a646ce9b5e2ed47d8ff17030671811e575 Mon Sep 17 00:00:00 2001 From: tim_clegg <10459168+timclegg@users.noreply.github.com> Date: Fri, 28 May 2021 09:41:03 -0600 Subject: [PATCH] Initial template --- .github/workflows/banned_file_changes_pr.yml | 67 ++++++++++++++ .../workflows/banned_file_changes_push.yml | 21 +++++ .github/workflows/cla.yml | 39 ++++++++ .github/workflows/license_audit.yml | 42 +++++++++ .github/workflows/repolinter.yml | 88 +++++++++++++++++++ .gitignore | 26 ++++++ LICENSE | 35 ++++++++ README.md | 26 ++++++ license_policy.yml | 5 ++ repolinter.json | 57 ++++++++++++ 10 files changed, 406 insertions(+) create mode 100644 .github/workflows/banned_file_changes_pr.yml create mode 100644 .github/workflows/banned_file_changes_push.yml create mode 100644 .github/workflows/cla.yml create mode 100644 .github/workflows/license_audit.yml create mode 100644 .github/workflows/repolinter.yml create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 README.md create mode 100644 license_policy.yml create mode 100644 repolinter.json diff --git a/.github/workflows/banned_file_changes_pr.yml b/.github/workflows/banned_file_changes_pr.yml new file mode 100644 index 0000000..7dd85d3 --- /dev/null +++ b/.github/workflows/banned_file_changes_pr.yml @@ -0,0 +1,67 @@ +name: Banned file changes (PR) +on: + # pull_request: + # branches: [ "**/*" ] + pull_request_target: + +jobs: + check_for_banned_file_changes: + name: Look for unsupported (banned) file modifications on PRs + runs-on: ubuntu-latest + steps: + - name: 'Get number of git commits' + uses: oracle-devrel/action-git-num-commits@v0.1-alpha6 + id: num_commits + with: + pull_url: ${{ github.event.pull_request.url }} + - name: 'Checkout repo' + uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + fetch-depth: ${{ steps.num_commits.outputs.fetch_depth }} + - name: Get file changes + uses: oracle-devrel/action-git-files-changed@v0.1-alpha2 + id: files + with: + pull_url: ${{ github.event.pull_request.url }} + - name: Look for changes to .github + if: contains(steps.files.outputs.all_files_changed, '.github') + run: | + echo 'Changes to files in .github are not allowed.' + - name: Comment if .github changed + if: contains(steps.files.outputs.all_files_changed, '.github') + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **Banned Files Modified** + Changes to files in `.github` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it). + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Look for changes to license_policy.yml + if: contains(steps.files.outputs.all_files_changed, '"license_policy.yml"') + run: | + echo 'Changes to license_policy.yml are not allowed.' + - name: Comment if license_policy.yml changed + if: contains(steps.files.outputs.all_files_changed, '"license_policy.yml"') + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **Banned Files Modified** + Changes to `license_policy.yml` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it). + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Look for changes to repolinter.json + if: contains(steps.files.outputs.all_files_changed, '"repolinter.json"') + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **Banned Files Modified** + Changes to `repolinter.json` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it). + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Comment if repolinter.json changed + if: contains(steps.files.outputs.all_files_changed, '"repolinter.json"') + run: | + echo 'Changes to repolinter.json are not allowed.' + - name: Fail on banned file changes + if: contains(steps.files.outputs.all_files_changed, '.github') || contains(steps.files.outputs.all_files_changed, '"license_policy.yml"') || contains(steps.files.outputs.all_files_changed, '"repolinter.json"') + run: | + exit 1 \ No newline at end of file diff --git a/.github/workflows/banned_file_changes_push.yml b/.github/workflows/banned_file_changes_push.yml new file mode 100644 index 0000000..62f3c79 --- /dev/null +++ b/.github/workflows/banned_file_changes_push.yml @@ -0,0 +1,21 @@ +name: Banned file changes (push) +on: + push: + branches: [ "**/*" ] + +jobs: + check_for_banned_file_changes: + if: contains('snafuz timclegg', github.actor) == false + name: Prohibit any pushes + runs-on: ubuntu-latest + steps: + - name: Post comment + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **Push Not Supported** + Please utilize pull requests for all repo changes (not pushing directly to the repo). + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Fail + run: | + exit 1 \ No newline at end of file diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml new file mode 100644 index 0000000..dd54c71 --- /dev/null +++ b/.github/workflows/cla.yml @@ -0,0 +1,39 @@ +name: "CLA Assistant" +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened,closed,synchronize] + +jobs: + CLAssistant: + runs-on: ubuntu-latest + steps: + - name: "CLA Assistant" + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + # Beta Release + uses: cla-assistant/github-action@v2.1.2-beta + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # the below token should have repo scope and must be manually added by you in the repository's secret + PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }} + with: + # for per-repo CLA-acceptance: + # path-to-signatures: 'signatures/oca-20210504/${{ github.repository }}' + # for per-GHO CLA-acceptance: + path-to-signatures: 'signatures/oca-20210504/oracledevrel' + path-to-document: 'https://github.com/oracledevrel/devrel-oca-mgmt/blob/main/oca-20210504.md' # e.g. a CLA or a DCO document + # branch should not be protected + branch: 'main' + allowlist: bot* + + #below are the optional inputs - If the optional inputs are not given, then default values will be taken + remote-organization-name: "oracledevrel" # enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository) + remote-repository-name: "devrel-oca-mgmt" # enter the remote repository name where the signatures should be stored (Default is storing the signatures in the same repository) + #create-file-commit-message: 'For example: Creating file for storing CLA Signatures' + #signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo' + #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign' + #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA' + #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.' + #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true) + #use-dco-flag: true - If you are using DCO instead of CLA diff --git a/.github/workflows/license_audit.yml b/.github/workflows/license_audit.yml new file mode 100644 index 0000000..685a014 --- /dev/null +++ b/.github/workflows/license_audit.yml @@ -0,0 +1,42 @@ +name: Audit licenses +on: + pull_request_target: + +jobs: + run_scancode_toolkit: + name: Get inventory of licenses used in project + runs-on: ubuntu-latest + container: + image: ghcr.io/oracledevrel/scancode-toolkit:v21.3.31 + credentials: + username: ${{ github.actor }} + password: ${{ secrets.GHCR_PAT }} + steps: + - name: 'Checkout repo' + uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + - name: Run Scancode-toolkit + run: | + scancode -l --ignore licenses.json --ignore .github/**/* --ignore license_policy.yml --license-policy license_policy.yml --only-findings --summary --json-pp licenses.json * + echo "\n\nHere is the licenses.json:\n" + echo $(cat licenses.json) + - name: Look for non-approved licenses + uses: oracle-devrel/action-license-audit@v0.1-alpha2 + id: analysis + with: + licenses_file: '/github/workspace/licenses.json' + - name: Analysis results + run: echo "${{ steps.analysis.outputs.unapproved_licenses }}" + - name: Comment if analysis finds unapproved licenses + if: steps.analysis.outputs.unapproved_licenses == 'true' + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **License Inspection** + Requires manual inspection. There are some licenses which dictate further analysis and review. + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Halt pipeline on unapproved licenses + if: steps.analysis.outputs.unapproved_licenses == 'true' + run: exit 1 \ No newline at end of file diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml new file mode 100644 index 0000000..c937c23 --- /dev/null +++ b/.github/workflows/repolinter.yml @@ -0,0 +1,88 @@ +name: Repolinter +on: + pull_request_target: + +jobs: + run_repolinter: + name: Run Repolinter on pull request + runs-on: ubuntu-latest + container: + image: ghcr.io/oracledevrel/repolinter:v0.11.1 + credentials: + username: ${{ github.actor }} + password: ${{ secrets.GHCR_PAT }} + steps: + - name: 'Checkout repo' + uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + - name: Run Repolinter + run: | + set +e + bundle exec /app/bin/repolinter.js lint --format json --rulesetFile repolinter.json . > repolinter_results.json + echo "\n\nHere is the repolinter_results.json:\n" + echo $(cat repolinter_results.json) + exit 0 + - name: Analyze the Repolinter results + uses: oracle-devrel/action-repolinter-audit@v0.1-alpha1 + id: analysis + with: + json_results_file: '/github/workspace/repolinter_results.json' + - name: Overall analysis results + run: | + echo "Passed: ${{ steps.analysis.outputs.passed }}" + echo "Errored: ${{ steps.analysis.outputs.errored }}" + - name: Comment if analysis finds missing readme + if: steps.analysis.outputs.readme_file_found == 'false' + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **FAILURE: Missing README** + The README file seems to be missing. Please add it. + + Details: + ${{ steps.analysis.outputs.readme_file_details }} + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Comment if analysis finds missing license + if: steps.analysis.outputs.license_file_found == 'false' + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **FAILURE: Missing LICENSE** + The LICENSE file seems to be missing. Please add it. + + Details: + ${{ steps.analysis.outputs.license_file_details }} + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Comment if analysis finds blacklisted words + if: steps.analysis.outputs.blacklisted_words_found == 'true' + uses: mshick/add-pr-comment@v1 + with: + message: | + :no_entry: **FAILURE: Blacklisted Words Found** + There are some words that we forbid usage of. It looks like at least one of these was found. Please remove. + + Details: + ${{ steps.analysis.outputs.blacklisted_words_details }} + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Comment if analysis finds copyright notice missing + if: steps.analysis.outputs.copyright_found == 'false' + uses: mshick/add-pr-comment@v1 + with: + message: | + :warning: **WARNING: Missing Copyright Notice(s)** + It's a good idea to have copyright notices at the top of each file. It looks like at least one file was missing this (though it might be further down in the file - this might be a false-positive). + + Details: + ${{ steps.analysis.outputs.copyright_details }} + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Halt pipeline if README is missing + if: steps.analysis.outputs.readme_file_found == 'false' + run: exit 1 + - name: Halt pipeline if LICENSE is missing + if: steps.analysis.outputs.license_file_found == 'false' + run: exit 1 + - name: Halt pipeline if blacklisted word(s) found + if: steps.analysis.outputs.blacklisted_words_found == 'true' + run: exit 1 \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..135767f --- /dev/null +++ b/.gitignore @@ -0,0 +1,26 @@ +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..fe41e72 --- /dev/null +++ b/LICENSE @@ -0,0 +1,35 @@ +Copyright (c) 2021 Oracle and/or its affiliates. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any +person obtaining a copy of this software, associated documentation and/or data +(collectively the "Software"), free of charge and under any and all copyright +rights in the Software, and any and all patent rights owned or freely +licensable by each licensor hereunder covering either (i) the unmodified +Software as contributed to or provided by such licensor, or (ii) the Larger +Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if +one is included with the Software (each a "Larger Work" to which the Software +is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create +derivative works of, display, perform, and distribute the Software and make, +use, sell, offer for sale, import, export, have made, and have sold the +Software and the Larger Work(s), and to sublicense the foregoing rights on +either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at +a minimum a reference to the UPL must be included in all copies or +substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..df141f7 --- /dev/null +++ b/README.md @@ -0,0 +1,26 @@ +# TITLE + +## Introduction +MISSING + +## Getting Started +MISSING + +### Prerequisites +MISSING + +## Notes/Issues +MISSING + +## URLs +* Nothing at this time + +## Contributing +This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community. + +## License +Copyright (c) 2021 Oracle and/or its affiliates. + +Licensed under the Universal Permissive License 1.0. + +See [LICENSE](LICENSE) for more details. diff --git a/license_policy.yml b/license_policy.yml new file mode 100644 index 0000000..5789d33 --- /dev/null +++ b/license_policy.yml @@ -0,0 +1,5 @@ +license_policies: +- license_key: upl-1.0 + label: Approved License + color_code: '#00800' + icon: icon-ok-circle diff --git a/repolinter.json b/repolinter.json new file mode 100644 index 0000000..ff65493 --- /dev/null +++ b/repolinter.json @@ -0,0 +1,57 @@ +{ + "$schema": "https://raw.githubusercontent.com/todogroup/repolinter/master/rulesets/schema.json", + "version": 2, + "axioms": {}, + "rules": { + "readme-file-exists" : { + "level": "error", + "rule": { + "type": "file-existence", + "options": { + "globsAny": ["README*"] + } + } + }, + "license-file-exists" : { + "level": "error", + "rule": { + "type": "file-existence", + "options": { + "globsAny": ["LICENSE*"] + } + } + }, + "blacklist-words-not-found" : { + "level": "error", + "rule": { + "type": "file-not-contents", + "options": { + "globsAll": ["**/!(repolinter.json|.github)"], + "content": "(crap)", + "flags": "i", + "nocase": true + } + } + }, + "copyright-notice-present" : { + "level": "warning", + "rule": { + "type": "file-starts-with", + "options": { + "globsAll": ["**/*"], + "skip-binary-files": false, + "skip-paths-matching": { + "extensions": ["yaml","yml","md","json"], + "patterns": [".github"], + "flags": "" + }, + "lineCount": 1, + "patterns": [ + "Copyright \\(c\\) [12][90]\\d\\d Oracle and/or its affiliates\\." + ], + "succeed-on-non-exist": true + } + } + } + } +} \ No newline at end of file