generated from EclipseFdn/.eclipsefdn-template
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 8ae2c5e
Showing
13 changed files
with
484 additions
and
0 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# The releng team is by default the owner of everything. | ||
* @{{ org }}/eclipsefdn-releng | ||
|
||
# Otterdog related configurations are also owned by the security team. | ||
/otterdog/** @{{ org }}/eclipsefdn-security @{{ org }}/eclipsefdn-releng |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
version: 2 | ||
updates: | ||
- package-ecosystem: github-actions | ||
directory: "/" | ||
# We scan and create dependabot PRs against the develop branch only. | ||
# Such a branch only exists for the template master at EclipseFdn/.eclipsefdn-template | ||
# dependabot shall only update the template master, and changes will be synchronized to | ||
# all repos by otterdog using the sync-template operation to avoid having many similar | ||
# dependabot PRs for each individual .eclipsefdn repo which we would like to avoid at all costs. | ||
target-branch: "develop" | ||
schedule: | ||
interval: daily | ||
open-pull-requests-limit: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
name: Build GH Page | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- 'main' | ||
paths: | ||
- 'otterdog/*.jsonnet' | ||
- 'otterdog/*.json' | ||
- 'docs/**' | ||
- 'mkdocs.yml' | ||
- '.github/workflows/build-page.yml' | ||
|
||
concurrency: | ||
group: "pages" | ||
cancel-in-progress: false | ||
|
||
permissions: | ||
contents: read | ||
pages: write | ||
id-token: write | ||
|
||
jobs: | ||
generate-markdown: | ||
# do not run the workflow in the template repo itself | ||
if: ${{ !contains (github.repository, '/.eclipsefdn-template') }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout OtterDog | ||
run: git clone https://gitlab.eclipse.org/eclipsefdn/security/otterdog.git | ||
|
||
- name: Checkout EclipseFdn/otterdog-configs | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
repository: EclipseFdn/otterdog-configs | ||
path: otterdog-configs | ||
|
||
# checkout the HEAD ref | ||
- name: Checkout HEAD | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
path: ${{ github.repository_owner }} | ||
|
||
- name: Install jsonnet-bundler | ||
run: | | ||
go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/[email protected] | ||
echo $(go env GOPATH)/bin >> $GITHUB_PATH | ||
- name: Install poetry | ||
run: pipx install poetry | ||
|
||
- name: Setup Python | ||
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | ||
with: | ||
python-version: '3.10' | ||
cache: 'poetry' | ||
|
||
- name: Install dependencies with poetry | ||
run: | | ||
poetry install --only=main | ||
working-directory: otterdog | ||
|
||
- name: Copy configuration from HEAD ref | ||
run: | | ||
mkdir -p orgs/${{ github.repository_owner }} | ||
cp -r ../${{ github.repository_owner }}/otterdog/* orgs/${{ github.repository_owner }} | ||
working-directory: otterdog-configs | ||
|
||
- name: Generate current configuration as markdown | ||
run: ../otterdog/otterdog.sh show ${{ github.repository_owner }} -c otterdog.json --markdown --output-dir generated-site | ||
working-directory: otterdog-configs | ||
|
||
- name: Generate default configuration as markdown | ||
run: ../otterdog/otterdog.sh show-default ${{ github.repository_owner }} -c otterdog.json --markdown > default.txt | ||
working-directory: otterdog-configs | ||
|
||
- name: Upload generated site content | ||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 | ||
with: | ||
name: generated-site | ||
path: | | ||
otterdog-configs/default.txt | ||
otterdog-configs/orgs/${{ github.repository_owner }}/vendor/otterdog-defaults/*.libsonnet | ||
otterdog-configs/generated-site/ | ||
build-page: | ||
runs-on: ubuntu-latest | ||
needs: generate-markdown | ||
steps: | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | ||
- name: Download generated site content | ||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 | ||
with: | ||
name: generated-site | ||
- shell: bash | ||
run: | | ||
cat default.txt >> ./docs/playground.md | ||
cp generated-site/*.md ./docs/ | ||
cp orgs/${{ github.repository_owner }}/vendor/otterdog-defaults/*.libsonnet ./docs/jsonnet/ | ||
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4 | ||
with: | ||
python-version: 3.x | ||
cache: 'pip' | ||
- run: pip install -r requirements.txt | ||
- name: Build with Mkdocs | ||
run: mkdocs build | ||
- name: Setup Pages | ||
uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3 | ||
- name: Upload artifact | ||
uses: actions/upload-pages-artifact@84bb4cd4b733d5c320c9c9cfbc354937524f4d64 # v1 | ||
|
||
deploy: | ||
environment: | ||
name: github-pages | ||
url: ${{ steps.deployment.outputs.page_url }} | ||
runs-on: ubuntu-latest | ||
needs: build-page | ||
steps: | ||
- name: Deploy to GitHub Pages | ||
id: deployment | ||
uses: actions/deploy-pages@12ab2b16cf43a7a061fe99da74b6f8f11fb77f5b # pin@v2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
name: Show Otterdog Configuration | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- 'main' | ||
paths: | ||
- 'otterdog/*.jsonnet' | ||
- 'otterdog/*.json' | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
show: | ||
# do not run the workflow in the template repo itself | ||
if: ${{ !contains (github.repository, '/.eclipsefdn-template') }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout OtterDog | ||
run: git clone https://gitlab.eclipse.org/eclipsefdn/security/otterdog.git | ||
|
||
- name: Checkout EclipseFdn/otterdog-configs | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
repository: EclipseFdn/otterdog-configs | ||
path: otterdog-configs | ||
|
||
# checkout the HEAD ref | ||
- name: Checkout HEAD | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
path: ${{ github.repository_owner }} | ||
|
||
- name: Install jsonnet-bundler | ||
run: | | ||
go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/[email protected] | ||
echo $(go env GOPATH)/bin >> $GITHUB_PATH | ||
- name: Install poetry | ||
run: pipx install poetry | ||
|
||
- name: Setup Python | ||
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | ||
with: | ||
python-version: '3.10' | ||
cache: 'poetry' | ||
|
||
- name: Install dependencies with poetry | ||
run: | | ||
poetry install --only=main | ||
working-directory: otterdog | ||
|
||
- name: Copy configuration from HEAD ref | ||
run: | | ||
mkdir -p orgs/${{ github.repository_owner }} | ||
cp -r ../${{ github.repository_owner }}/otterdog/* orgs/${{ github.repository_owner }} | ||
working-directory: otterdog-configs | ||
|
||
- name: Show complete Otterdog Configuration | ||
run: ../otterdog/otterdog.sh show ${{ github.repository_owner }} -c otterdog.json | tee "$GITHUB_WORKSPACE/config.txt" | ||
working-directory: otterdog-configs | ||
|
||
- name: Upload config.txt | ||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | ||
with: | ||
name: Otterdog config | ||
path: config.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
name: Validate Otterdog Configuration | ||
|
||
on: | ||
workflow_dispatch: | ||
pull_request_target: | ||
branches: [ main ] | ||
|
||
permissions: | ||
contents: read | ||
pull-requests: write | ||
|
||
jobs: | ||
validate: | ||
# do not run the workflow in the template repo itself | ||
if: ${{ !contains (github.repository, '/.eclipsefdn-template') }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout OtterDog | ||
run: git clone https://gitlab.eclipse.org/eclipsefdn/security/otterdog.git | ||
|
||
- name: Checkout EclipseFdn/otterdog-configs | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
repository: EclipseFdn/otterdog-configs | ||
path: otterdog-configs | ||
|
||
# checkout the head ref of the PR | ||
# NOTE: in general it is bad practice to check out the pull request HEAD for PRs originating from forked repos, | ||
# however, this validation workflow produces a diff between the changes in the PR with the base ref, thus | ||
# doing this is acceptable, see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | ||
- name: Checkout HEAD ref of the PR | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
path: ${{ github.repository_owner }} | ||
|
||
# checkout the base ref of the PR | ||
- name: Checkout BASE ref of the PR (target branch) | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
ref: ${{ github.base_ref }} | ||
path: ${{ github.repository_owner }}-base | ||
|
||
- name: Install jsonnet-bundler | ||
run: | | ||
go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/[email protected] | ||
echo $(go env GOPATH)/bin >> $GITHUB_PATH | ||
- name: Install poetry | ||
run: pipx install poetry | ||
|
||
- name: Setup Python | ||
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | ||
with: | ||
python-version: '3.10' | ||
cache: 'poetry' | ||
|
||
- name: Install dependencies with poetry | ||
run: | | ||
poetry install --only=main | ||
working-directory: otterdog | ||
|
||
- name: Copy configuration from HEAD and BASE ref | ||
run: | | ||
mkdir -p orgs/${{ github.repository_owner }} | ||
cp -r ../${{ github.repository_owner }}/otterdog/* orgs/${{ github.repository_owner }} | ||
cp ../${{ github.repository_owner }}-base/otterdog/${{ github.repository_owner }}.jsonnet orgs/${{ github.repository_owner }}/${{ github.repository_owner }}.jsonnet-BASE | ||
working-directory: otterdog-configs | ||
|
||
- name: Validate Otterdog Configuration and diff HEAD <-> BASE | ||
run: | | ||
# use script to enable ansi color output | ||
script -q /dev/null --command "../otterdog/otterdog.sh local-plan ${{ github.repository_owner }} -c otterdog.json --suffix=-BASE" | tee "$GITHUB_WORKSPACE/diff-ansi.txt" | ||
# filter out ansi escape sequences again, use sed as ansi2txt is not available | ||
cat "$GITHUB_WORKSPACE/diff-ansi.txt" | sed -e 's/\x1b\[[0-9;]*m//g' | sed -E 's/^([[:space:]]+)([-+!])/\2\1/g' | sed -E 's/^([[:space:]]+)([~])/!\1/g' > "$GITHUB_WORKSPACE/diff.txt" | ||
working-directory: otterdog-configs | ||
|
||
- name: Generate canonical diff | ||
run: ../otterdog/otterdog.sh canonical-diff ${{ github.repository_owner }} -c otterdog.json | tee "$GITHUB_WORKSPACE/canonical-diff.txt" | ||
working-directory: otterdog-configs | ||
|
||
# Add a comment to the pull request with the diff | ||
|
||
- name: Generate comment | ||
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | ||
with: | ||
script: | | ||
const commentText = 'Diff for ' + context.payload.pull_request.head.sha + ':'; | ||
const fs = require('fs'); | ||
const diff = fs.readFileSync(process.env.GITHUB_WORKSPACE + '/diff.txt').toString().trimEnd(); | ||
const canonicalDiff = fs.readFileSync(process.env.GITHUB_WORKSPACE + '/canonical-diff.txt').toString().trimEnd(); | ||
var body = "<details>\n<summary>" + commentText + "</summary>\n\n```diff\n" + diff + "\n```\n\n```diff\n" + canonicalDiff + "\n```\n\n</details>"; | ||
fs.writeFileSync(process.env.GITHUB_STEP_SUMMARY, body); | ||
fs.writeFileSync(process.env.GITHUB_WORKSPACE + '/comment.txt', body); | ||
- name: Attach comment to PR | ||
uses: marocchino/sticky-pull-request-comment@f61b6cf21ef2fcc468f4345cdfcc9bda741d2343 # v2.6.2 | ||
with: | ||
hide_and_recreate: true | ||
hide_classify: "OUTDATED" | ||
path: ${{ github.workspace }}/comment.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Eclipse Foundation Config Repo | ||
|
||
Repository to host configurations related to the Eclipse Foundation. | ||
|
||
## Self service of your GitHub organization | ||
|
||
You can find more information at <https://{{ org }}.github.io/.eclipsefdn/>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
--- | ||
hide: | ||
- navigation | ||
- toc | ||
--- | ||
|
||
# Self-service of GitHub resources | ||
|
||
General documentation for using the self-service (stored in directory *otterdog*) can be accessed at [otterdog.readthedocs.io](https://otterdog.readthedocs.io). | ||
|
||
## Current configuration | ||
|
||
The current configuration can be reviewed [here](configuration.md). | ||
|
||
## Playground | ||
|
||
A playground for creating and testing resources in jsonnet format is available [here](playground.md). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
local orgs = import 'otterdog-defaults.libsonnet'; | ||
|
||
orgs.newRepo('myrepo') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
{% extends "base.html" %} | ||
|
||
{% block libs %} | ||
{{ super() }} | ||
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/js-yaml/dist/js-yaml.min.js"></script> | ||
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/lib/codemirror.js"></script> | ||
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/mode/yaml/yaml.js"></script> | ||
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/addon/edit/matchbrackets.js"></script> | ||
<script src="https://eclipsefdn.github.io/otterdog-assets/js/codemirror-mode-jsonnet.js"></script> | ||
|
||
<!-- Executing Jsonnet --> | ||
<script src="https://eclipsefdn.github.io/otterdog-assets/js/wasm_exec.js"></script> | ||
<script> | ||
if (!WebAssembly.instantiateStreaming) { | ||
// This function was observed to be missing on Safari 14. | ||
WebAssembly.instantiateStreaming = async (resp, importObject) => { | ||
const source = await (await resp).arrayBuffer(); | ||
return await WebAssembly.instantiate(source, importObject); | ||
}; | ||
} | ||
const go = new Go(); | ||
WebAssembly.instantiateStreaming(fetch("https://eclipsefdn.github.io/otterdog-assets/js/libjsonnet.wasm"), go.importObject).then((result) => { | ||
go.run(result.instance); | ||
}); | ||
</script> | ||
<script src="https://eclipsefdn.github.io/otterdog-assets/js/demo.js"></script> | ||
{% endblock %} | ||
|
||
{% block styles %} | ||
<!-- Google Fonts --> | ||
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,600,700" rel="stylesheet" type="text/css"> | ||
|
||
<!-- jsonnet.org stylesheet --> | ||
<link rel="stylesheet" type="text/css" href="https://eclipsefdn.github.io/otterdog-assets/css/doc.css" /> | ||
<link rel="stylesheet" media="print" href="https://eclipsefdn.github.io/otterdog-assets/css/desktop.css"> | ||
<!-- The extra 16px is to account for the scrollbar, which is not always included. --> | ||
<link rel="stylesheet" media="screen and (min-width: 1296px)" href="https://eclipsefdn.github.io/otterdog-assets/css/desktop.css"> | ||
<link rel="stylesheet" media="screen and (max-width: 1295px) and (min-width: 720px)" href="https://eclipsefdn.github.io/otterdog-assets/css/cellphone.css"> | ||
<link rel="stylesheet" media="screen and (max-width: 719px)" href="https://eclipsefdn.github.io/otterdog-assets/css/cellphone-small.css"> | ||
{{ super() }} | ||
|
||
<!-- CodeMirror --> | ||
<link rel="stylesheet" href="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/lib/codemirror.css"> | ||
{% endblock %} |
Oops, something went wrong.