tseting with cookiecutter

Signed-off-by: Sachin Panayil <[email protected]>
DSACMS · Jan 23, 2025 · 2d77a14 · 2d77a14
1 parent e1a5a6e
commit 2d77a14
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 22 deletions.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -0,0 +1,79 @@
+name: "Repository Hygiene Check"
+on:
+  push:
+    branches:
+      - 'main'
+  workflow_dispatch:
+
+jobs:
+  check-first-run:
+    name: Check For First Run
+    runs-on: ubuntu-latest
+    outputs:
+
+      should_run: ${{ steps.check.outputs.should_run }}
+
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - id: check
+        run: |
+          # If manually triggered, always run
+          
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+          
+            echo "should_run=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+          
+          # Check if initialization label exists
+          has_label=$(gh label list --json name | jq '.[] | select(.name=="repolinter-initialized")')
+
+          if [[ -z "$has_label" ]]; then
+            # First time - create label and allow run
+            gh label create repolinter-initialized --description "Marks repo as having run initial repolinter check"
+            echo "should_run=true" >> $GITHUB_OUTPUT
+          else
+            echo "should_run=false" >> $GITHUB_OUTPUT
+          fi
+        env:
+
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+  resolve-repolinter-json:
+    name: Get Repolinter Config
+    needs: check-first-run
+
+    if: needs.check-first-run.outputs.should_run == 'true'
+
+    uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main
+    with: 
+      url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier1/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json'
+
+  repolinter-checks:
+    name: Tier 1 Checks
+    needs: [check-first-run, resolve-repolinter-json]
+
+    if: needs.check-first-run.outputs.should_run == 'true'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    env:
+
+      RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json }}
+
+    steps:
+      - run: echo $RAW_JSON > repolinter.json
+      - uses: DSACMS/repolinter-action@main
+        with:
+          config_file: 'repolinter.json'
+          output_type: 'pull-request'
+          pull_request_labels: 'repolinter-initialized, cms-oss, cms-gov'
+
+          token: ${{ secrets.REPOLINTER_AUTO_TOKEN }}
+
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -0,0 +1,15 @@
+name: Check for Secrets
+on:
+    pull_request:
+    push:
+
+jobs:
+  scan-for-secrets:
+    name: Run gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with: {fetch-depth: 0}
+
+      - name: Check for GitLeaks
+        uses: gacts/gitleaks@v1
diff --git a/.github/workflows/send_PR.yml b/.github/workflows/send_PR.yml