Merge pull request #24 from DSACMS/sachin/complianceWorkflows

sachin-panayil · web-flow · commit 6d94924c8afa · 2025-02-11T12:39:33.000-05:00
added compliance workflows
diff --git a/.github/workflows/repoHygieneCheck.yml b/.github/workflows/repoHygieneCheck.yml
@@ -0,0 +1,70 @@
+name: "Repository Hygiene Check"
+on:
+  push:
+    branches:
+      - 'main'
+  workflow_dispatch:
+
+jobs:
+  check-first-run:
+    name: Check For First Run
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.check.outputs.should_run }}
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - id: check
+        run: |
+          # If manually triggered, always run
+
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            echo "should_run=true" >> $GITHUB_OUTPUT
+            exit 0
+
+          fi
+          
+          # Check if initialization label exists
+
+          has_label=$(gh label list --json name | jq '.[] | select(.name=="repolinter-initialized")')
+
+          if [[ -z "$has_label" ]]; then
+            # First time - create label and allow run
+            gh label create repolinter-initialized --description "Marks repo as having run initial repolinter check"
+            echo "should_run=true" >> $GITHUB_OUTPUT
+          else
+            echo "should_run=false" >> $GITHUB_OUTPUT
+
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  resolve-repolinter-json:
+    name: Get Repolinter Config
+    needs: check-first-run
+    if: needs.check-first-run.outputs.should_run == 'true'
+    uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main
+    with: 
+      url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json'
+  
+  repolinter-checks:
+    name: Tier 3 Checks
+    needs: [check-first-run, resolve-repolinter-json]
+    if: needs.check-first-run.outputs.should_run == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    env:
+      RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json }}
+    steps:
+      - uses: actions/checkout@v4
+      - run: echo $RAW_JSON > repolinter.json
+      - uses: DSACMS/repolinter-action@main
+        with:
+          config_file: 'repolinter.json'
+          output_type: 'pull-request'
+          pull_request_labels: 'repolinter-initialized, cms-oss, cms-gov'
+          token: ${{ secrets.REPOLINTER_AUTO_TOKEN }}
diff --git a/.github/workflows/updateCodeJSON.yml b/.github/workflows/updateCodeJSON.yml
@@ -0,0 +1,34 @@
+name: Update Code.json
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-code-json:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+      
+      - name: Install SCC
+        run: go install github.com/boyter/scc/v3@latest
+      
+      - name: Update code.json
+        uses: DSACMS/automated-codejson-generator@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
