🔄 synced file(s) with DSACMS/repo-scaffolder

.github/.gitleaks.toml

@@ -0,0 +1,43 @@
+title = "Custom Gitleaks Config for Common Secrets"
+version = "2"
+
+#[allowlist]
+#description = "Global allowlist"
+# --- Replace with your local secret files ---
+
+# --- Common Secrets ---
+[[rules]]
+id = "github-pat"
+description = "GitHub Personal Access Token"
+regex = '''ghp_[0-9A-Za-z]{36}'''
+tags = ["key", "GitHub"]
+
+[[rules]]
+id = "slack-token"
+description = "Slack Token"
+regex = '''xox[baprs]-[0-9A-Za-z]{10,48}'''
+tags = ["key", "slack"]
+
+[[rules]]
+id = "google-api-key"
+description = "Google API Key"
+regex = '''AIza[0-9A-Za-z\-_]{35}'''
+tags = ["key", "Google"]
+
+[[rules]]
+id = "aws-access-key"
+description = "AWS Access Key"
+regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}'''
+tags = ["AWS"]
+
+[[rules]]
+id = "aws-secret-key"
+description = "AWS Secret Key"
+regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]'''
+tags = ["AWS"]
+
+[[rules]]
+id = "private-key"
+description = "Private Key"
+regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----'''
+tags = ["private"]

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,49 @@
+<!--
+Thank you for sending the PR! We appreciate you spending the time to work on
+these changes.
+
+Help us understand your motivation by explaining why you decided to make this change.
+
+Happy contributing!
+
+- Comments should be formatted to a width no greater than 80 columns.
+
+- Files should be exempt of trailing spaces.
+
+- We adhere to a specific format for commit messages. Please write your commit
+messages along these guidelines. Please keep the line width no greater than 80
+columns (You can use `fmt -n -p -w 80` to accomplish this).
+
+
+-->
+
+## module-name: One line description of your change (less than 72 characters)
+
+## Problem
+
+Explain the context and why you're making that change. What is the problem
+you're trying to solve? In some cases there is not a problem and this can be
+thought of being the motivation for your change.
+
+## Solution
+
+Describe the modifications you've done.
+
+## Result
+
+What will change as a result of your pull request? Note that sometimes this
+section is unnecessary because it is self-explanatory based on the solution.
+
+Some important notes regarding the summary line:
+
+* Describe what was done; not the result 
+* Use the active voice 
+* Use the present tense 
+* Capitalize properly 
+* Do not end in a period — this is a title/subject 
+* Prefix the subject with its scope
+
+## Test Plan
+
+(Write your test plan here. If you changed any code, please provide us with
+clear instructions on how you verified your changes work.)

.github/workflows/auto-changelog.yml

@@ -3,13 +3,23 @@ on:
   release:
     types:
       - created
+permissions:
+  contents: write
 jobs:
   changelog:
     runs-on: ubuntu-latest
     steps:
-      - name: "Auto Generate changelog"
-        uses: heinrichreimer/action-github-changelog-generator@v2.3
-        with:
-          {% raw %}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          {% endraw %}
+       - name: Checkout code
+         uses: actions/checkout@v4
+         with:
+           ref: main
+       - name: "Auto Generate changelog"
+         uses: heinrichreimer/action-github-changelog-generator@v2.3
+         with:
+           {% raw %}
+           token: ${{ secrets.GITHUB_TOKEN }}
+           {% endraw %}
+       - uses: stefanzweifel/git-auto-commit-action@v4
+         with:
+           commit_message: Update Changelog with new release
+           file_pattern: CHANGELOG.md

.github/workflows/contributors.yml

@@ -2,9 +2,6 @@ name: Update Contributors Information
 
 on:
   workflow_dispatch: {}
-  schedule:
-    # Weekly on Saturdays.
-    - cron: "30 1 * * 6"
   push:
     branches: [main]
 
@@ -19,60 +16,64 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0  
+          fetch-depth: 0
+
+      - name: Check if update needed
+        id: check_changes
+        env:
+          {% raw %}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          {% endraw %}
+        run: |
+          OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1)
+          REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2)
+
+          CURRENT=$(gh api \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "/repos/$OWNER/$REPO/contributors?per_page=100" | \
+            jq -r '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not)) | .login] | sort | join(",")')
+
+          EXISTING=$(grep -oP '(?<=github.com/)[^"]+(?=">)' COMMUNITY.md | \
+            grep -v "^$" | sort | uniq | tr '\n' ',' | sed 's/,$//')
+
+          echo "Current contributors: $CURRENT"
+          echo "Existing contributors: $EXISTING"
+
+          if [ "$CURRENT" = "$EXISTING" ]; then
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "No new contributors found. Skipping update!"
+          else
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+            echo "New contributors detected. Running update!"
+          fi
 
       - name: Update contributor list
-        id: contrib_list
+        if: steps.check_changes.outputs.has_changes == 'true'
+        id: update_contributors
         uses: akhilmhdh/contributors-readme-action@v2.3.10
         env:
           {% raw %}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           {% endraw %}
         with:
           readme_path: COMMUNITY.md
-          use_username: false
-          commit_message: "update contributors information"
+          commit_message: "updating contributors list"
+          pr_title_on_protected: "docs: update contributors information"
+          committer_username: "github-actions[bot]"
+          committer_email: "github-actions[bot]@users.noreply.github.com"
 
-      - name: Get contributors count
-        id: get_contributors
+      - name: Update PR
+        if: steps.check_changes.outputs.has_changes == 'true' && steps.update_contributors.outputs.pr_id != ''
         env:
           {% raw %}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           {% endraw %}
-
-        run: |
-            OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1)
-            REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2)
-            QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }'
-
-            CONTRIBUTORS=$(gh api \
-              -H "Accept: application/vnd.github+json" \
-              -H "X-GitHub-Api-Version: 2022-11-28" \
-              "/repos/$OWNER/$REPO/contributors?per_page=100" | \
-              jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length')
-
-            echo "Total contributors: $CONTRIBUTORS"
-            echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT
-
-
-      - name: Update COMMUNITY.md
         run: |
           {% raw %}
-          CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}"
+          PR_NUMBER="${{ steps.update_contributors.outputs.pr_id }}"
           {% endraw %}
-
-          perl -i -pe 's/(<!--CONTRIBUTOR COUNT START-->).*?(<!--CONTRIBUTOR COUNT END-->)/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md
-
-          git config user.name 'github-actions[bot]'
-          git config user.email 'github-actions[bot]@users.noreply.github.com'
-          git add COMMUNITY.md
-          git commit -m "update contributors count to $CONTRIBUTORS" || exit 0
-
-      - name: Push protected
-        uses: CasperWA/push-protected@v2
-        with:
-          {% raw %}
-          token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }}
-          {% endraw %}
-
-          branch: main
+
+          gh pr edit $PR_NUMBER \
+            --body "New contributors detected! This PR updates the contributors list in COMMUNITY.md." \
+            --add-label "documentation"

.github/workflows/gitleaks.yml

@@ -1,15 +1,17 @@
 name: Check for Secrets
 on:
-    pull_request:
-    push:
+  pull_request:
+  push:
 
 jobs:
   scan-for-secrets:
     name: Run gitleaks
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-        with: {fetch-depth: 0}
+        with: { fetch-depth: 0 }
 
       - name: Check for GitLeaks
-        uses: gacts/gitleaks@v1
+        uses: gacts/gitleaks@v1
+        with:
+          config-path: .github/.gitleaks.toml

.github/workflows/updateCodeJSON.yml

@@ -0,0 +1,31 @@
+name: Update Code.json
+on:
+  schedule:
+    - cron: 0 0 1 * * # First day of every month
+  workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - "code.json"
+
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+
+jobs:
+  update-code-json:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      {% raw %}
+      - name: Update code.json
+        uses: DSACMS/automated-codejson-generator@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BRANCH: "main"
+          SKIP_PR: "false"
+      {% endraw %}

README.md

@@ -29,11 +29,7 @@ A list of core team members responsible for the code and documentation in this r
 ## Repository Structure
 
 <!-- TODO: Including the repository structure helps viewers quickly understand the project layout. Using the "tree -d" command can be a helpful way to generate this information, but, be sure to update it as the project evolves and changes over time. -->
-
-```plaintext
-.
-```
-
+<!--TREE START--><!--TREE END-->
 
 **{list directories and descriptions}**