core/php-devops
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

feat: add template bootstrap workflow and setup guide

Browse source 
When creating a new repo from this template:
- template-bootstrap.yml runs on first push
- Creates standard labels (agent:*, priority:*, type:*)
- Enables security features (Dependabot, vuln alerts)
- Creates setup checklist issue
- TEMPLATE_SETUP.md guides customization

Files to customize: repos.yaml, CLAUDE.md, README.md
Delete TEMPLATE_SETUP.md when done.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Snider 2026-01-31 22:24:05 +00:00
parent 42d495a7e8
commit 7c4e9222ef
3 changed files with 229 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

140
.github/workflows/template-bootstrap.yml vendored Normal file
View file

@ -0,0 +1,140 @@
name: Bootstrap from Template
on:
push:
branches: [main, dev]
workflow_dispatch:
inputs:
repo_type:
description: 'Repository type'
required: true
default: 'module'
type: choice
options:
- foundation
- module
- product
- service
- infra
- template
jobs:
bootstrap:
# Only run if this looks like a fresh repo (no releases, few commits)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check if bootstrap needed
id: check
run: |
COMMIT_COUNT=$(git rev-list --count HEAD)
if [ "$COMMIT_COUNT" -lt 5 ]; then
echo "needs_bootstrap=true" >> $GITHUB_OUTPUT
echo "Fresh repo detected ($COMMIT_COUNT commits)"
else
echo "needs_bootstrap=false" >> $GITHUB_OUTPUT
echo "Existing repo ($COMMIT_COUNT commits) - skipping bootstrap"
fi
- name: Create standard labels
if: steps.check.outputs.needs_bootstrap == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Agent workflow labels
gh label create "agent:ready" --description "Task ready for AI agent" --color "0E8A16" --force || true
gh label create "agent:wip" --description "Work in progress by agent" --color "F9D0C4" --force || true
gh label create "agent:review" --description "Needs verification" --color "FBCA04" --force || true
gh label create "agent:blocked" --description "Needs human input" --color "D93F0B" --force || true
gh label create "verified" --description "Work verified" --color "0E8A16" --force || true
gh label create "verify-failed" --description "Verification failed" --color "D93F0B" --force || true
gh label create "agentic" --description "AI-consumable task" --color "5319E7" --force || true
# Type labels
gh label create "type:feature" --description "New feature" --color "0052CC" --force || true
gh label create "type:bug" --description "Bug fix" --color "D93F0B" --force || true
gh label create "type:security" --description "Security issue" --color "D93F0B" --force || true
gh label create "type:docs" --description "Documentation" --color "0075CA" --force || true
# Priority labels
gh label create "priority:critical" --description "Critical priority" --color "B60205" --force || true
gh label create "priority:high" --description "High priority" --color "D93F0B" --force || true
gh label create "priority:medium" --description "Medium priority" --color "FBCA04" --force || true
gh label create "priority:low" --description "Low priority" --color "0E8A16" --force || true
echo "✅ Labels created"
- name: Set dev as default branch
if: steps.check.outputs.needs_bootstrap == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Create dev branch if it doesn't exist
git checkout -b dev 2>/dev/null || git checkout dev
git push origin dev --force-with-lease || true
# Set as default (requires admin token, may fail with GITHUB_TOKEN)
gh repo edit --default-branch dev || echo "⚠️ Could not set default branch (needs admin)"
- name: Enable security features
if: steps.check.outputs.needs_bootstrap == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Enable vulnerability alerts
gh api -X PUT repos/${{ github.repository }}/vulnerability-alerts || true
# Enable automated security fixes
gh api -X PUT repos/${{ github.repository }}/automated-security-fixes || true
echo "✅ Security features enabled"
- name: Create setup instructions issue
if: steps.check.outputs.needs_bootstrap == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh issue create \
--title "🚀 Repository Setup Checklist" \
--label "agentic,type:docs" \
--body "## Post-Template Setup
This repo was created from the [core-devops template](https://github.com/host-uk/core-devops).
### Automated ✅
- [x] Standard labels created
- [x] Security features enabled
- [x] CodeRabbit config present
### Manual Steps
- [ ] Update \`repos.yaml\` with your package details
- [ ] Update \`CLAUDE.md\` with project-specific guidance
- [ ] Update \`README.md\` with project description
- [ ] Add to org project if needed
- [ ] Set up any required secrets (\`PROJECT_TOKEN\` for auto-project)
- [ ] Remove/customize template files
### Optional
- [ ] Enable GitHub Pages for docs
- [ ] Add to CodeRabbit (if not auto-enabled)
- [ ] Configure branch protection rules
---
_This issue was auto-created by the template bootstrap workflow._"
echo "✅ Setup issue created"
- name: Summary
if: steps.check.outputs.needs_bootstrap == 'true'
run: |
echo "## 🎉 Bootstrap Complete" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Your repo has been configured with:" >> $GITHUB_STEP_SUMMARY
echo "- ✅ Standard labels for agent workflow" >> $GITHUB_STEP_SUMMARY
echo "- ✅ Security features enabled" >> $GITHUB_STEP_SUMMARY
echo "- ✅ Setup checklist issue created" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "See the created issue for remaining manual steps." >> $GITHUB_STEP_SUMMARY

3
.gitignore vendored
View file

@ -21,3 +21,6 @@ Thumbs.db
# Logs # Logs
*.log *.log
# Template - remove these lines after setup
# !TEMPLATE_SETUP.md

86
TEMPLATE_SETUP.md Normal file
View file

@ -0,0 +1,86 @@
# Template Setup Guide
You've created a new repo from the **core-devops** template. Follow these steps to customize it.
## Automated Setup
When you first push, the `template-bootstrap.yml` workflow will:
- ✅ Create standard labels (agent workflow, priorities, types)
- ✅ Enable security features (Dependabot, vulnerability alerts)
- ✅ Create a setup checklist issue
## Files to Customize
### Required Changes
| File | Action |
|------|--------|
| `repos.yaml` | Replace with your package registry or delete if single-repo |
| `CLAUDE.md` | Update with your project's architecture and commands |
| `README.md` | Replace with your project description |
| `package.json` | Update name, or delete if not using VitePress |
### Optional Changes
| File | Action |
|------|--------|
| `.coderabbit.yaml` | Customize review instructions for your codebase |
| `.core/workspace.yaml` | Update active package and settings |
| `doc/` | Replace with your documentation |
| `scripts/` | Keep if useful, or replace with your setup scripts |
| `Makefile` | Update targets for your workflow |
### Files to Delete (if not needed)
```bash
# If not using VitePress docs
rm -rf .vitepress doc package.json
# If not a multi-repo workspace
rm -rf packages repos.yaml .core/workspace.yaml
# This file (after reading!)
rm TEMPLATE_SETUP.md
```
## Secrets to Configure
If using the auto-project workflow:
```bash
# Org-level secret (already set if in host-uk org)
gh secret set PROJECT_TOKEN --org YOUR_ORG --visibility all
```
## Branch Strategy
The template uses `dev` as the default branch:
- `dev` - Development (default, PRs merge here)
- `main` - Production releases
To switch to `main`-only:
```bash
gh repo edit --default-branch main
```
## Adding to Org Projects
```bash
# Add repo's issues to a project when labeled
gh workflow run auto-project.yml
```
## Verification Workflow
The template includes the agent verification workflow:
```
agent:ready → agent:wip → agent:review → verified/verify-failed
```
This enforces the rule: **no agent can verify their own work**.
---
Delete this file once setup is complete:
```bash
rm TEMPLATE_SETUP.md && git add -A && git commit -m "chore: complete template setup"
```