From 334a698ba9b89ee041b3aab3115c324e9cbf4a67 Mon Sep 17 00:00:00 2001 From: natalialuzuriaga Date: Thu, 13 Nov 2025 20:52:10 +0000 Subject: [PATCH 1/4] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'./README.m?= =?UTF-8?q?d'=20with=20remote=20'./tier3/{{cookiecutter.project=5Fslug}}/R?= =?UTF-8?q?EADME.md'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/README.md b/README.md index 2298f67..47015db 100644 --- a/README.md +++ b/README.md @@ -29,11 +29,7 @@ A list of core team members responsible for the code and documentation in this r ## Repository Structure - -```plaintext -. -``` - + **{list directories and descriptions}** From c69b87574418876419ee1b301f665028d252f810 Mon Sep 17 00:00:00 2001 From: natalialuzuriaga Date: Thu, 13 Nov 2025 20:52:10 +0000 Subject: [PATCH 2/4] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'./.github/?= =?UTF-8?q?workflows'=20with=20remote=20'./tier3/{{cookiecutter.project=5F?= =?UTF-8?q?slug}}/.github/workflows'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/auto-changelog.yml | 22 +++++-- .github/workflows/contributors.yml | 87 ++++++++++++++-------------- .github/workflows/gitleaks.yml | 10 ++-- .github/workflows/updateCodeJSON.yml | 31 ++++++++++ 4 files changed, 97 insertions(+), 53 deletions(-) create mode 100644 .github/workflows/updateCodeJSON.yml diff --git a/.github/workflows/auto-changelog.yml b/.github/workflows/auto-changelog.yml index 90879c0..1dc2161 100644 --- a/.github/workflows/auto-changelog.yml +++ b/.github/workflows/auto-changelog.yml @@ -3,13 +3,23 @@ on: release: types: - created +permissions: + contents: write jobs: changelog: runs-on: ubuntu-latest steps: - - name: "Auto Generate changelog" - uses: heinrichreimer/action-github-changelog-generator@v2.3 - with: - {% raw %} - token: ${{ secrets.GITHUB_TOKEN }} - {% endraw %} \ No newline at end of file + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: main + - name: "Auto Generate changelog" + uses: heinrichreimer/action-github-changelog-generator@v2.3 + with: + {% raw %} + token: ${{ secrets.GITHUB_TOKEN }} + {% endraw %} + - uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: Update Changelog with new release + file_pattern: CHANGELOG.md \ No newline at end of file diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index a3049f0..ac280d7 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -2,9 +2,6 @@ name: Update Contributors Information on: workflow_dispatch: {} - schedule: - # Weekly on Saturdays. - - cron: "30 1 * * 6" push: branches: [main] @@ -19,10 +16,41 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: 0 + fetch-depth: 0 + + - name: Check if update needed + id: check_changes + env: + {% raw %} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + {% endraw %} + run: | + OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) + REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) + + CURRENT=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "/repos/$OWNER/$REPO/contributors?per_page=100" | \ + jq -r '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not)) | .login] | sort | join(",")') + + EXISTING=$(grep -oP '(?<=github.com/)[^"]+(?=">)' COMMUNITY.md | \ + grep -v "^$" | sort | uniq | tr '\n' ',' | sed 's/,$//') + + echo "Current contributors: $CURRENT" + echo "Existing contributors: $EXISTING" + + if [ "$CURRENT" = "$EXISTING" ]; then + echo "has_changes=false" >> $GITHUB_OUTPUT + echo "No new contributors found. Skipping update!" + else + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "New contributors detected. Running update!" + fi - name: Update contributor list - id: contrib_list + if: steps.check_changes.outputs.has_changes == 'true' + id: update_contributors uses: akhilmhdh/contributors-readme-action@v2.3.10 env: {% raw %} @@ -30,49 +58,22 @@ jobs: {% endraw %} with: readme_path: COMMUNITY.md - use_username: false - commit_message: "update contributors information" + commit_message: "updating contributors list" + pr_title_on_protected: "docs: update contributors information" + committer_username: "github-actions[bot]" + committer_email: "github-actions[bot]@users.noreply.github.com" - - name: Get contributors count - id: get_contributors + - name: Update PR + if: steps.check_changes.outputs.has_changes == 'true' && steps.update_contributors.outputs.pr_id != '' env: {% raw %} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} {% endraw %} - - run: | - OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) - REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) - QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }' - - CONTRIBUTORS=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/repos/$OWNER/$REPO/contributors?per_page=100" | \ - jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length') - - echo "Total contributors: $CONTRIBUTORS" - echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT - - - - name: Update COMMUNITY.md run: | {% raw %} - CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}" + PR_NUMBER="${{ steps.update_contributors.outputs.pr_id }}" {% endraw %} - - perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md - - git config user.name 'github-actions[bot]' - git config user.email 'github-actions[bot]@users.noreply.github.com' - git add COMMUNITY.md - git commit -m "update contributors count to $CONTRIBUTORS" || exit 0 - - - name: Push protected - uses: CasperWA/push-protected@v2 - with: - {% raw %} - token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - {% endraw %} - - branch: main \ No newline at end of file + + gh pr edit $PR_NUMBER \ + --body "New contributors detected! This PR updates the contributors list in COMMUNITY.md." \ + --add-label "documentation" \ No newline at end of file diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 94ae3f0..1133b85 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -1,7 +1,7 @@ name: Check for Secrets on: - pull_request: - push: + pull_request: + push: jobs: scan-for-secrets: @@ -9,7 +9,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - with: {fetch-depth: 0} + with: { fetch-depth: 0 } - name: Check for GitLeaks - uses: gacts/gitleaks@v1 \ No newline at end of file + uses: gacts/gitleaks@v1 + with: + config-path: .github/.gitleaks.toml \ No newline at end of file diff --git a/.github/workflows/updateCodeJSON.yml b/.github/workflows/updateCodeJSON.yml new file mode 100644 index 0000000..d48d8b2 --- /dev/null +++ b/.github/workflows/updateCodeJSON.yml @@ -0,0 +1,31 @@ +name: Update Code.json +on: + schedule: + - cron: 0 0 1 * * # First day of every month + workflow_dispatch: + pull_request: + types: [opened, synchronize] + paths: + - "code.json" + +permissions: + contents: write + pull-requests: write + issues: write + +jobs: + update-code-json: + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + {% raw %} + - name: Update code.json + uses: DSACMS/automated-codejson-generator@main + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRANCH: "main" + SKIP_PR: "false" + {% endraw %} \ No newline at end of file From 5f3e98ce968405bf04bcb2175c2788663484d138 Mon Sep 17 00:00:00 2001 From: natalialuzuriaga Date: Thu, 13 Nov 2025 20:52:10 +0000 Subject: [PATCH 3/4] =?UTF-8?q?=F0=9F=94=84=20created=20local=20'./.github?= =?UTF-8?q?/.gitleaks.toml'=20from=20remote=20'./tier3/{{cookiecutter.proj?= =?UTF-8?q?ect=5Fslug}}/.github/.gitleaks.toml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/.gitleaks.toml | 43 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/.gitleaks.toml diff --git a/.github/.gitleaks.toml b/.github/.gitleaks.toml new file mode 100644 index 0000000..2317afe --- /dev/null +++ b/.github/.gitleaks.toml @@ -0,0 +1,43 @@ +title = "Custom Gitleaks Config for Common Secrets" +version = "2" + +#[allowlist] +#description = "Global allowlist" +# --- Replace with your local secret files --- + +# --- Common Secrets --- +[[rules]] +id = "github-pat" +description = "GitHub Personal Access Token" +regex = '''ghp_[0-9A-Za-z]{36}''' +tags = ["key", "GitHub"] + +[[rules]] +id = "slack-token" +description = "Slack Token" +regex = '''xox[baprs]-[0-9A-Za-z]{10,48}''' +tags = ["key", "slack"] + +[[rules]] +id = "google-api-key" +description = "Google API Key" +regex = '''AIza[0-9A-Za-z\-_]{35}''' +tags = ["key", "Google"] + +[[rules]] +id = "aws-access-key" +description = "AWS Access Key" +regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}''' +tags = ["AWS"] + +[[rules]] +id = "aws-secret-key" +description = "AWS Secret Key" +regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]''' +tags = ["AWS"] + +[[rules]] +id = "private-key" +description = "Private Key" +regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----''' +tags = ["private"] \ No newline at end of file From 1653022769cf1e1defd30d6e6c4b10ae8e0715e9 Mon Sep 17 00:00:00 2001 From: natalialuzuriaga Date: Thu, 13 Nov 2025 20:52:10 +0000 Subject: [PATCH 4/4] =?UTF-8?q?=F0=9F=94=84=20created=20local=20'./.github?= =?UTF-8?q?/PULL=5FREQUEST=5FTEMPLATE.md'=20from=20remote=20'./tier3/{{coo?= =?UTF-8?q?kiecutter.project=5Fslug}}/.github/PULL=5FREQUEST=5FTEMPLATE.md?= =?UTF-8?q?'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/PULL_REQUEST_TEMPLATE.md | 49 ++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..0acc561 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,49 @@ + + +## module-name: One line description of your change (less than 72 characters) + +## Problem + +Explain the context and why you're making that change. What is the problem +you're trying to solve? In some cases there is not a problem and this can be +thought of being the motivation for your change. + +## Solution + +Describe the modifications you've done. + +## Result + +What will change as a result of your pull request? Note that sometimes this +section is unnecessary because it is self-explanatory based on the solution. + +Some important notes regarding the summary line: + +* Describe what was done; not the result +* Use the active voice +* Use the present tense +* Capitalize properly +* Do not end in a period — this is a title/subject +* Prefix the subject with its scope + +## Test Plan + +(Write your test plan here. If you changed any code, please provide us with +clear instructions on how you verified your changes work.)