diff --git a/.github/workflows/template-bootstrap.yml b/.github/workflows/template-bootstrap.yml new file mode 100644 index 0000000..dae493d --- /dev/null +++ b/.github/workflows/template-bootstrap.yml @@ -0,0 +1,140 @@ +name: Bootstrap from Template + +on: + push: + branches: [main, dev] + workflow_dispatch: + inputs: + repo_type: + description: 'Repository type' + required: true + default: 'module' + type: choice + options: + - foundation + - module + - product + - service + - infra + - template + +jobs: + bootstrap: + # Only run if this looks like a fresh repo (no releases, few commits) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check if bootstrap needed + id: check + run: | + COMMIT_COUNT=$(git rev-list --count HEAD) + if [ "$COMMIT_COUNT" -lt 5 ]; then + echo "needs_bootstrap=true" >> $GITHUB_OUTPUT + echo "Fresh repo detected ($COMMIT_COUNT commits)" + else + echo "needs_bootstrap=false" >> $GITHUB_OUTPUT + echo "Existing repo ($COMMIT_COUNT commits) - skipping bootstrap" + fi + + - name: Create standard labels + if: steps.check.outputs.needs_bootstrap == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Agent workflow labels + gh label create "agent:ready" --description "Task ready for AI agent" --color "0E8A16" --force || true + gh label create "agent:wip" --description "Work in progress by agent" --color "F9D0C4" --force || true + gh label create "agent:review" --description "Needs verification" --color "FBCA04" --force || true + gh label create "agent:blocked" --description "Needs human input" --color "D93F0B" --force || true + gh label create "verified" --description "Work verified" --color "0E8A16" --force || true + gh label create "verify-failed" --description "Verification failed" --color "D93F0B" --force || true + gh label create "agentic" --description "AI-consumable task" --color "5319E7" --force || true + + # Type labels + gh label create "type:feature" --description "New feature" --color "0052CC" --force || true + gh label create "type:bug" --description "Bug fix" --color "D93F0B" --force || true + gh label create "type:security" --description "Security issue" --color "D93F0B" --force || true + gh label create "type:docs" --description "Documentation" --color "0075CA" --force || true + + # Priority labels + gh label create "priority:critical" --description "Critical priority" --color "B60205" --force || true + gh label create "priority:high" --description "High priority" --color "D93F0B" --force || true + gh label create "priority:medium" --description "Medium priority" --color "FBCA04" --force || true + gh label create "priority:low" --description "Low priority" --color "0E8A16" --force || true + + echo "✅ Labels created" + + - name: Set dev as default branch + if: steps.check.outputs.needs_bootstrap == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Create dev branch if it doesn't exist + git checkout -b dev 2>/dev/null || git checkout dev + git push origin dev --force-with-lease || true + + # Set as default (requires admin token, may fail with GITHUB_TOKEN) + gh repo edit --default-branch dev || echo "⚠️ Could not set default branch (needs admin)" + + - name: Enable security features + if: steps.check.outputs.needs_bootstrap == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Enable vulnerability alerts + gh api -X PUT repos/${{ github.repository }}/vulnerability-alerts || true + + # Enable automated security fixes + gh api -X PUT repos/${{ github.repository }}/automated-security-fixes || true + + echo "✅ Security features enabled" + + - name: Create setup instructions issue + if: steps.check.outputs.needs_bootstrap == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh issue create \ + --title "🚀 Repository Setup Checklist" \ + --label "agentic,type:docs" \ + --body "## Post-Template Setup + + This repo was created from the [core-devops template](https://github.com/host-uk/core-devops). + + ### Automated ✅ + - [x] Standard labels created + - [x] Security features enabled + - [x] CodeRabbit config present + + ### Manual Steps + - [ ] Update \`repos.yaml\` with your package details + - [ ] Update \`CLAUDE.md\` with project-specific guidance + - [ ] Update \`README.md\` with project description + - [ ] Add to org project if needed + - [ ] Set up any required secrets (\`PROJECT_TOKEN\` for auto-project) + - [ ] Remove/customize template files + + ### Optional + - [ ] Enable GitHub Pages for docs + - [ ] Add to CodeRabbit (if not auto-enabled) + - [ ] Configure branch protection rules + + --- + _This issue was auto-created by the template bootstrap workflow._" + + echo "✅ Setup issue created" + + - name: Summary + if: steps.check.outputs.needs_bootstrap == 'true' + run: | + echo "## 🎉 Bootstrap Complete" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "Your repo has been configured with:" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Standard labels for agent workflow" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Security features enabled" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Setup checklist issue created" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "See the created issue for remaining manual steps." >> $GITHUB_STEP_SUMMARY diff --git a/.gitignore b/.gitignore index 01a68d6..72ced56 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,6 @@ Thumbs.db # Logs *.log + +# Template - remove these lines after setup +# !TEMPLATE_SETUP.md diff --git a/TEMPLATE_SETUP.md b/TEMPLATE_SETUP.md new file mode 100644 index 0000000..3c00128 --- /dev/null +++ b/TEMPLATE_SETUP.md @@ -0,0 +1,86 @@ +# Template Setup Guide + +You've created a new repo from the **core-devops** template. Follow these steps to customize it. + +## Automated Setup + +When you first push, the `template-bootstrap.yml` workflow will: +- ✅ Create standard labels (agent workflow, priorities, types) +- ✅ Enable security features (Dependabot, vulnerability alerts) +- ✅ Create a setup checklist issue + +## Files to Customize + +### Required Changes + +| File | Action | +|------|--------| +| `repos.yaml` | Replace with your package registry or delete if single-repo | +| `CLAUDE.md` | Update with your project's architecture and commands | +| `README.md` | Replace with your project description | +| `package.json` | Update name, or delete if not using VitePress | + +### Optional Changes + +| File | Action | +|------|--------| +| `.coderabbit.yaml` | Customize review instructions for your codebase | +| `.core/workspace.yaml` | Update active package and settings | +| `doc/` | Replace with your documentation | +| `scripts/` | Keep if useful, or replace with your setup scripts | +| `Makefile` | Update targets for your workflow | + +### Files to Delete (if not needed) + +```bash +# If not using VitePress docs +rm -rf .vitepress doc package.json + +# If not a multi-repo workspace +rm -rf packages repos.yaml .core/workspace.yaml + +# This file (after reading!) +rm TEMPLATE_SETUP.md +``` + +## Secrets to Configure + +If using the auto-project workflow: +```bash +# Org-level secret (already set if in host-uk org) +gh secret set PROJECT_TOKEN --org YOUR_ORG --visibility all +``` + +## Branch Strategy + +The template uses `dev` as the default branch: +- `dev` - Development (default, PRs merge here) +- `main` - Production releases + +To switch to `main`-only: +```bash +gh repo edit --default-branch main +``` + +## Adding to Org Projects + +```bash +# Add repo's issues to a project when labeled +gh workflow run auto-project.yml +``` + +## Verification Workflow + +The template includes the agent verification workflow: +``` +agent:ready → agent:wip → agent:review → verified/verify-failed +``` + +This enforces the rule: **no agent can verify their own work**. + +--- + +Delete this file once setup is complete: +```bash +rm TEMPLATE_SETUP.md && git add -A && git commit -m "chore: complete template setup" +```