Merge pull request #1 from mhitza/repo-ansible

repo-ansible execution and configuration

.devcontainer/Dockerfile

@@ -0,0 +1,35 @@
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+
+FROM ghcr.io/linkorb/php-docker-base:php8-review
+EXPOSE 80
+
+USER root
+
+ENV APP_ENV=dev
+
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+ENV APACHE_RUN_USER    $USERNAME
+ENV APACHE_RUN_GROUP   $USERNAME
+ENV APACHE_LOCK_DIR    /var/lock/apache2
+ENV APACHE_LOG_DIR     /var/log/apache2
+ENV APACHE_PID_FILE    /var/run/apache2/apache2.pid
+
+# Create a non-root user with the specified UID and GID
+RUN groupadd --gid $USER_GID $USERNAME \
+    && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    && apt-get update \
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME \
+    && sudo chsh -s /bin/bash vscode
+
+COPY --chown=vscode:vscode ../. /app
+RUN chown vscode:vscode -R /app /var/log/apache2
+
+RUN echo "xdebug.mode=off" | tee '/usr/local/etc/php/conf.d/xdebug.ini'
+
+WORKDIR /app
+USER root

.devcontainer/devcontainer.json

@@ -0,0 +1,56 @@
+// Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+{
+  "dockerComposeFile": "docker-compose.yml",
+  "service": "app",
+  "workspaceFolder": "/app",
+
+  "hostRequirements": {
+      "cpus": 2,
+      "memory": "8gb",
+      "storage": "32gb"
+  },
+
+  "features": {
+      "ghcr.io/devcontainers/features/github-cli:1": {},
+      "ghcr.io/devcontainers/features/docker-in-docker:1": {}
+  },
+
+  // Configure tool-specific properties.
+  "customizations": {
+      // Configure properties specific to VS Code.
+      "vscode": {
+          // Set *default* container specific settings.json values on container create.
+          "settings": {
+              "php.validate.executablePath": "/usr/local/bin/php",
+              "yaml.schemas": {
+                "https://raw.githubusercontent.com/linkorb/repo-ansible/main/repo.schema.yaml": ["repo.yaml"]
+              },
+              // YAML extension by RedHat that prompts on each new devcontainer to enable telemetry
+              "redhat.telemetry.enabled": false
+          },
+          // Add the IDs of extensions you want installed when the container is created.
+          "extensions": [
+              "xdebug.php-debug",
+              "bmewburn.vscode-intelephense-client",
+              "mrmlnc.vscode-apache",
+              "74th.json-yaml-schema-selector"
+          ]
+      }
+  },
+  "forwardPorts": [80, 3306],
+  "remoteUser": "vscode",
+
+  "secrets": {
+    "CR_PAT": {
+      "description": "GitHub Personal Access Token (classic) with package read access, required for docker base image",
+      "documentationUrl": "https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic"
+    }
+    ,"PACKAGIST_TOKEN": {
+      "description": "Packagist access token, required for installation of composer packages from private packagist",
+      "documentationUrl": "https://packagist.com/orgs/linkorb"
+    }
+  },
+
+  "initializeCommand": "echo $CR_PAT | docker login ghcr.io -u $GITHUB_USER --password-stdin",
+  "postCreateCommand": ".devcontainer/postCreate.sh"
+}

.devcontainer/git/hooks/pre-push

@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+temporary_file=$(mktemp)
+composer-unused --no-progress --output-format=github > $temporary_file
+exit_code=$?
+
+cat $temporary_file | grep -v 'ignored'
+exit $exit_code

.devcontainer/git/linkorb_commit.template

@@ -0,0 +1,17 @@
+# See https://engineering.linkorb.com/topics/github-codespaces/articles/commit-standards for more information
+#
+# Write a 50-character or less commit header below
+# It should take the form: <type>[scope]: <description> #<cardNumber>
+# -----------------------50 characters ends here:#
+
+
+# [optional body]
+# Summarize changes and the motivation for such changes below:
+# Keep lines short (72 characters or less) ----72 characters ends here:#
+# Ending a commit header with a card number is preferred, it is also acceptable in the commit body
+
+
+# [optional footer]
+# Summarize supplemental information such as breaking changes, work item identifiers, co-authors, etc
+# Keep lines short (72 characters or less) ----72 characters ends here:#
+

.devcontainer/postCreate.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+
+git config commit.template .devcontainer/git/linkorb_commit.template
+
+cp .devcontainer/git/hooks/pre-push .git/hooks/pre-push
+chmod +x .git/hooks/pre-push
+
+composer config --global --auth http-basic.repo.packagist.com "$GITHUB_USER" "$PACKAGIST_TOKEN"
+
+composer install
+

.dockerignore

@@ -0,0 +1,5 @@
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+
+node_modules/
+vendor/
+var/

.editorconfig

@@ -1,3 +1,5 @@
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+
 root = true
 
 [*]
@@ -9,5 +11,4 @@ insert_final_newline = true
 trim_trailing_whitespace = true
 
 [*.php]
-indent_style = space
 indent_size = 4

.github/pull_request_template.md

@@ -0,0 +1,38 @@
+## Proposed changes
+
+Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request.
+
+If this relates to a card, please include a link to the card here. Additionally, please terminate the PR title with `#` and the card number, such as `Fix doomsday bug #1234`
+
+## Types of changes
+
+What types of changes does your code introduce?
+_Put an `x` in the boxes that apply_
+
+- [ ] feat: non-breaking change which adds new functionality
+- [ ] fix: non-breaking change which fixes a bug or an issue
+- [ ] chore(deps): changes to dependencies
+- [ ] test: adds or modifies a test
+- [ ] docs: creates or updates documentation
+- [ ] style: changes that do not affect the meaning or function of code (e.g. formatting, whitespace, missing semi-colons etc.)
+- [ ] perf: code change that improves performance
+- [ ] revert: reverts a commit
+- [ ] refactor: code change that neither fix a bug nor add a new feature
+- [ ] ci: changes to continuous integration or continuous delivery scripts or configuration files
+- [ ] chore: general tasks or anything that doesn't fit the other commit types
+
+Please indicate if your PR introduces a breaking change
+- [ ] Breaking change: fix or feature that would cause existing functionality to not work as expected
+
+## Checklist
+
+_Put an `x` in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code._
+
+- [ ] I have read the [Contributing](https://github.com/linkorb/.github/blob/master/CONTRIBUTING.md) doc
+- [ ] I have read the [Creating and reviewing pull requests at LinkORB guide](https://engineering.linkorb.com/topics/git/articles/reviewing-pr/) doc
+- [ ] Lint and unit tests pass locally with my changes
+- [ ] I have added/updated necessary documentation in the README.md or doc/ directories (if appropriate)
+
+## Further comments
+
+If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

.github/settings.yml

@@ -0,0 +1,74 @@
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+# These settings are synced to GitHub by https://probot.github.io/apps/settings/
+# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
+
+repository:
+
+  # The name of the repository. Changing this will rename the repository
+  name:  blazon
+
+  # A short description of the repository that will show up on GitHub
+  description: "Publish fast and beautiful websites, campaign sites, documentation, guides, from data"
+
+    # A URL with more information about the repository
+  homepage: https://engineering.linkorb.com
+
+
+  # Either `true` to make the repository private, or `false` to make it public.
+  private: false
+
+  has_issues: true
+
+  # Either `true` to enable projects for this repository, or `false` to disable them.
+  # If projects are disabled for the organization, passing `true` will cause an API error.
+  has_projects: false
+
+  has_wiki: false
+
+  # Either `true` to enable downloads for this repository, `false` to disable them.
+  has_downloads: true
+
+  # Updates the default branch for this repository.
+  default_branch: master
+
+  # Either `true` to allow squash-merging pull requests, or `false` to prevent
+  # squash-merging.
+  allow_squash_merge: true
+
+  # Either `true` to allow merging pull requests with a merge commit, or `false`
+  # to prevent merging pull requests with merge commits.
+  allow_merge_commit: true
+
+  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
+  # rebase-merging.
+  allow_rebase_merge: true
+
+  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
+  delete_branch_on_merge: true
+
+  # Either `true` to enable automated security fixes, or `false` to disable
+  # automated security fixes.
+  enable_automated_security_fixes: true
+
+  # Either `true` to enable vulnerability alerts, or `false` to disable
+  # vulnerability alerts.
+  enable_vulnerability_alerts: true
+
+# Labels: define labels for Issues and Pull Requests
+labels:
+  - name: fix
+    color: CC0000
+    description: An issue with the system.
+
+  - name: feat
+    # If including a `#`, make sure to wrap it with quotes!
+    color: '#336699'
+    description: New feature.
+
+  - name: chore
+    color: CC0000
+    description: A repository chore.
+
+
+# Milestones: define milestones for Issues and Pull Requests
+

.github/workflows/dependabot-auto-merge.yaml

@@ -0,0 +1,22 @@
+name: Dependabot auto-merge
+on: pull_request_target
+
+permissions:
+  pull-requests: write # required for the action to read metadata
+  contents: write # required for the gh client to read/merge commits
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ github.token }}

.github/workflows/repo-ansible.yaml

@@ -0,0 +1,90 @@
+name: repo-ansible
+
+on:
+  pull_request_target:
+    paths:
+      - 'repo.yaml'
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - 'repo.yaml'
+
+permissions:
+  contents: write # allow git commits & push
+  pull-requests: write # allow comments on PR
+
+env:
+  # XXX alternative to missing ternary syntax
+  IS_PULL_REQUEST: ${{ github.event_name == 'pull_request_target' && '1' || '0' }}
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: current
+          ref: ${{ github.event_name == 'pull_request_target' && github.head_ref || '' }}
+
+      - uses: actions/checkout@v4
+        with:
+          repository: linkorb/repo-ansible
+          path: repo-ansible
+
+
+      # XXX ansible installed within GitHub Runner via pipx, which doesn't support direct installation from a file
+      # like pip does. See https://github.com/pypa/pipx/issues/934
+      - name: install repo-ansible dependencies
+        working-directory: repo-ansible
+        run: cat requirements.txt | xargs pipx inject ansible-core
+
+
+      - name: run ansible playbook
+        working-directory: current
+        env:
+          ANSIBLE_DISPLAY_OK_HOSTS: 0
+          ANSIBLE_DISPLAY_SKIPPED_HOSTS: 0
+        run: |
+          ansible-playbook ../repo-ansible/playbook-cwd.yaml | tee /tmp/repo_ansible_output
+          export OUTPUT=$(cat /tmp/repo_ansible_output)
+          {
+            echo 'REPO_ANSIBLE_OUTPUT<<EOF'
+            echo "$OUTPUT"
+            echo EOF
+          } >> "$GITHUB_ENV"
+
+          if ! echo "$OUTPUT" | grep "changed=0"; then
+            echo "REPOSITORY_CHANGED=1" >> "$GITHUB_ENV"
+          fi
+
+
+      - if: ${{ env.IS_PULL_REQUEST == '0' }}
+        name: commit changes
+        working-directory: current
+        run: |
+          git config user.name github-actions
+          git config user.email [email protected]
+          git add .
+          git commit -m "chore: repo-ansible run"
+          git push
+
+
+      - if: ${{ env.IS_PULL_REQUEST == '1' && env.REPOSITORY_CHANGED == '1' }}
+        name: comment with changes
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const changes = process.env.REPO_ANSIBLE_OUTPUT
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `Following repo-ansible changes will be applied when merged to main/master branch
+
+              \`\`\`shell
+              ${changes}
+              \`\`\`
+            `
+            })