Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
eclipse-kanto-bot authored Aug 31, 2023
0 parents commit 8ae2c5e
Show file tree
Hide file tree
Showing 13 changed files with 484 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# The releng team is by default the owner of everything.
* @{{ org }}/eclipsefdn-releng

# Otterdog related configurations are also owned by the security team.
/otterdog/** @{{ org }}/eclipsefdn-security @{{ org }}/eclipsefdn-releng
13 changes: 13 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: "/"
# We scan and create dependabot PRs against the develop branch only.
# Such a branch only exists for the template master at EclipseFdn/.eclipsefdn-template
# dependabot shall only update the template master, and changes will be synchronized to
# all repos by otterdog using the sync-template operation to avoid having many similar
# dependabot PRs for each individual .eclipsefdn repo which we would like to avoid at all costs.
target-branch: "develop"
schedule:
interval: daily
open-pull-requests-limit: 10
122 changes: 122 additions & 0 deletions .github/workflows/build-page.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
name: Build GH Page

on:
workflow_dispatch:
push:
branches:
- 'main'
paths:
- 'otterdog/*.jsonnet'
- 'otterdog/*.json'
- 'docs/**'
- 'mkdocs.yml'
- '.github/workflows/build-page.yml'

concurrency:
group: "pages"
cancel-in-progress: false

permissions:
contents: read
pages: write
id-token: write

jobs:
generate-markdown:
# do not run the workflow in the template repo itself
if: ${{ !contains (github.repository, '/.eclipsefdn-template') }}
runs-on: ubuntu-latest
steps:
- name: Checkout OtterDog
run: git clone https://gitlab.eclipse.org/eclipsefdn/security/otterdog.git

- name: Checkout EclipseFdn/otterdog-configs
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
repository: EclipseFdn/otterdog-configs
path: otterdog-configs

# checkout the HEAD ref
- name: Checkout HEAD
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
path: ${{ github.repository_owner }}

- name: Install jsonnet-bundler
run: |
go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/[email protected]
echo $(go env GOPATH)/bin >> $GITHUB_PATH
- name: Install poetry
run: pipx install poetry

- name: Setup Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: '3.10'
cache: 'poetry'

- name: Install dependencies with poetry
run: |
poetry install --only=main
working-directory: otterdog

- name: Copy configuration from HEAD ref
run: |
mkdir -p orgs/${{ github.repository_owner }}
cp -r ../${{ github.repository_owner }}/otterdog/* orgs/${{ github.repository_owner }}
working-directory: otterdog-configs

- name: Generate current configuration as markdown
run: ../otterdog/otterdog.sh show ${{ github.repository_owner }} -c otterdog.json --markdown --output-dir generated-site
working-directory: otterdog-configs

- name: Generate default configuration as markdown
run: ../otterdog/otterdog.sh show-default ${{ github.repository_owner }} -c otterdog.json --markdown > default.txt
working-directory: otterdog-configs

- name: Upload generated site content
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
with:
name: generated-site
path: |
otterdog-configs/default.txt
otterdog-configs/orgs/${{ github.repository_owner }}/vendor/otterdog-defaults/*.libsonnet
otterdog-configs/generated-site/
build-page:
runs-on: ubuntu-latest
needs: generate-markdown
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Download generated site content
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
with:
name: generated-site
- shell: bash
run: |
cat default.txt >> ./docs/playground.md
cp generated-site/*.md ./docs/
cp orgs/${{ github.repository_owner }}/vendor/otterdog-defaults/*.libsonnet ./docs/jsonnet/
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
with:
python-version: 3.x
cache: 'pip'
- run: pip install -r requirements.txt
- name: Build with Mkdocs
run: mkdocs build
- name: Setup Pages
uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3
- name: Upload artifact
uses: actions/upload-pages-artifact@84bb4cd4b733d5c320c9c9cfbc354937524f4d64 # v1

deploy:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build-page
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@12ab2b16cf43a7a061fe99da74b6f8f11fb77f5b # pin@v2
69 changes: 69 additions & 0 deletions .github/workflows/show-config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Show Otterdog Configuration

on:
workflow_dispatch:
push:
branches:
- 'main'
paths:
- 'otterdog/*.jsonnet'
- 'otterdog/*.json'

permissions:
contents: read

jobs:
show:
# do not run the workflow in the template repo itself
if: ${{ !contains (github.repository, '/.eclipsefdn-template') }}
runs-on: ubuntu-latest
steps:
- name: Checkout OtterDog
run: git clone https://gitlab.eclipse.org/eclipsefdn/security/otterdog.git

- name: Checkout EclipseFdn/otterdog-configs
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
repository: EclipseFdn/otterdog-configs
path: otterdog-configs

# checkout the HEAD ref
- name: Checkout HEAD
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
path: ${{ github.repository_owner }}

- name: Install jsonnet-bundler
run: |
go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/[email protected]
echo $(go env GOPATH)/bin >> $GITHUB_PATH
- name: Install poetry
run: pipx install poetry

- name: Setup Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: '3.10'
cache: 'poetry'

- name: Install dependencies with poetry
run: |
poetry install --only=main
working-directory: otterdog

- name: Copy configuration from HEAD ref
run: |
mkdir -p orgs/${{ github.repository_owner }}
cp -r ../${{ github.repository_owner }}/otterdog/* orgs/${{ github.repository_owner }}
working-directory: otterdog-configs

- name: Show complete Otterdog Configuration
run: ../otterdog/otterdog.sh show ${{ github.repository_owner }} -c otterdog.json | tee "$GITHUB_WORKSPACE/config.txt"
working-directory: otterdog-configs

- name: Upload config.txt
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: Otterdog config
path: config.txt
103 changes: 103 additions & 0 deletions .github/workflows/validate.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
name: Validate Otterdog Configuration

on:
workflow_dispatch:
pull_request_target:
branches: [ main ]

permissions:
contents: read
pull-requests: write

jobs:
validate:
# do not run the workflow in the template repo itself
if: ${{ !contains (github.repository, '/.eclipsefdn-template') }}
runs-on: ubuntu-latest
steps:
- name: Checkout OtterDog
run: git clone https://gitlab.eclipse.org/eclipsefdn/security/otterdog.git

- name: Checkout EclipseFdn/otterdog-configs
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
repository: EclipseFdn/otterdog-configs
path: otterdog-configs

# checkout the head ref of the PR
# NOTE: in general it is bad practice to check out the pull request HEAD for PRs originating from forked repos,
# however, this validation workflow produces a diff between the changes in the PR with the base ref, thus
# doing this is acceptable, see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
- name: Checkout HEAD ref of the PR
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ github.event.pull_request.head.sha }}
path: ${{ github.repository_owner }}

# checkout the base ref of the PR
- name: Checkout BASE ref of the PR (target branch)
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ github.base_ref }}
path: ${{ github.repository_owner }}-base

- name: Install jsonnet-bundler
run: |
go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/[email protected]
echo $(go env GOPATH)/bin >> $GITHUB_PATH
- name: Install poetry
run: pipx install poetry

- name: Setup Python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: '3.10'
cache: 'poetry'

- name: Install dependencies with poetry
run: |
poetry install --only=main
working-directory: otterdog

- name: Copy configuration from HEAD and BASE ref
run: |
mkdir -p orgs/${{ github.repository_owner }}
cp -r ../${{ github.repository_owner }}/otterdog/* orgs/${{ github.repository_owner }}
cp ../${{ github.repository_owner }}-base/otterdog/${{ github.repository_owner }}.jsonnet orgs/${{ github.repository_owner }}/${{ github.repository_owner }}.jsonnet-BASE
working-directory: otterdog-configs

- name: Validate Otterdog Configuration and diff HEAD <-> BASE
run: |
# use script to enable ansi color output
script -q /dev/null --command "../otterdog/otterdog.sh local-plan ${{ github.repository_owner }} -c otterdog.json --suffix=-BASE" | tee "$GITHUB_WORKSPACE/diff-ansi.txt"
# filter out ansi escape sequences again, use sed as ansi2txt is not available
cat "$GITHUB_WORKSPACE/diff-ansi.txt" | sed -e 's/\x1b\[[0-9;]*m//g' | sed -E 's/^([[:space:]]+)([-+!])/\2\1/g' | sed -E 's/^([[:space:]]+)([~])/!\1/g' > "$GITHUB_WORKSPACE/diff.txt"
working-directory: otterdog-configs

- name: Generate canonical diff
run: ../otterdog/otterdog.sh canonical-diff ${{ github.repository_owner }} -c otterdog.json | tee "$GITHUB_WORKSPACE/canonical-diff.txt"
working-directory: otterdog-configs

# Add a comment to the pull request with the diff

- name: Generate comment
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
const commentText = 'Diff for ' + context.payload.pull_request.head.sha + ':';
const fs = require('fs');
const diff = fs.readFileSync(process.env.GITHUB_WORKSPACE + '/diff.txt').toString().trimEnd();
const canonicalDiff = fs.readFileSync(process.env.GITHUB_WORKSPACE + '/canonical-diff.txt').toString().trimEnd();
var body = "<details>\n<summary>" + commentText + "</summary>\n\n```diff\n" + diff + "\n```\n\n```diff\n" + canonicalDiff + "\n```\n\n</details>";
fs.writeFileSync(process.env.GITHUB_STEP_SUMMARY, body);
fs.writeFileSync(process.env.GITHUB_WORKSPACE + '/comment.txt', body);
- name: Attach comment to PR
uses: marocchino/sticky-pull-request-comment@f61b6cf21ef2fcc468f4345cdfcc9bda741d2343 # v2.6.2
with:
hide_and_recreate: true
hide_classify: "OUTDATED"
path: ${{ github.workspace }}/comment.txt
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Eclipse Foundation Config Repo

Repository to host configurations related to the Eclipse Foundation.

## Self service of your GitHub organization

You can find more information at <https://{{ org }}.github.io/.eclipsefdn/>.
17 changes: 17 additions & 0 deletions docs/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
hide:
- navigation
- toc
---

# Self-service of GitHub resources

General documentation for using the self-service (stored in directory *otterdog*) can be accessed at [otterdog.readthedocs.io](https://otterdog.readthedocs.io).

## Current configuration

The current configuration can be reviewed [here](configuration.md).

## Playground

A playground for creating and testing resources in jsonnet format is available [here](playground.md).
3 changes: 3 additions & 0 deletions docs/jsonnet/playground.jsonnet
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
local orgs = import 'otterdog-defaults.libsonnet';

orgs.newRepo('myrepo')
44 changes: 44 additions & 0 deletions docs/overrides/editor.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{% extends "base.html" %}

{% block libs %}
{{ super() }}
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/js-yaml/dist/js-yaml.min.js"></script>
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/lib/codemirror.js"></script>
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/mode/yaml/yaml.js"></script>
<script src="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/addon/edit/matchbrackets.js"></script>
<script src="https://eclipsefdn.github.io/otterdog-assets/js/codemirror-mode-jsonnet.js"></script>

<!-- Executing Jsonnet -->
<script src="https://eclipsefdn.github.io/otterdog-assets/js/wasm_exec.js"></script>
<script>
if (!WebAssembly.instantiateStreaming) {
// This function was observed to be missing on Safari 14.
WebAssembly.instantiateStreaming = async (resp, importObject) => {
const source = await (await resp).arrayBuffer();
return await WebAssembly.instantiate(source, importObject);
};
}
const go = new Go();
WebAssembly.instantiateStreaming(fetch("https://eclipsefdn.github.io/otterdog-assets/js/libjsonnet.wasm"), go.importObject).then((result) => {
go.run(result.instance);
});
</script>
<script src="https://eclipsefdn.github.io/otterdog-assets/js/demo.js"></script>
{% endblock %}

{% block styles %}
<!-- Google Fonts -->
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,600,700" rel="stylesheet" type="text/css">

<!-- jsonnet.org stylesheet -->
<link rel="stylesheet" type="text/css" href="https://eclipsefdn.github.io/otterdog-assets/css/doc.css" />
<link rel="stylesheet" media="print" href="https://eclipsefdn.github.io/otterdog-assets/css/desktop.css">
<!-- The extra 16px is to account for the scrollbar, which is not always included. -->
<link rel="stylesheet" media="screen and (min-width: 1296px)" href="https://eclipsefdn.github.io/otterdog-assets/css/desktop.css">
<link rel="stylesheet" media="screen and (max-width: 1295px) and (min-width: 720px)" href="https://eclipsefdn.github.io/otterdog-assets/css/cellphone.css">
<link rel="stylesheet" media="screen and (max-width: 719px)" href="https://eclipsefdn.github.io/otterdog-assets/css/cellphone-small.css">
{{ super() }}

<!-- CodeMirror -->
<link rel="stylesheet" href="https://eclipsefdn.github.io/otterdog-assets/third_party/CodeMirror/lib/codemirror.css">
{% endblock %}
Loading

0 comments on commit 8ae2c5e

Please sign in to comment.