A GitHub Action that prepares a repository for archival by automating documentation updates and providing an archival review checklist.
repo-sunsetter is a comprehensive GitHub action that prepares a repository for archival. It performs the following steps to "sunset" a repository:
- Adds an archival notice to the README.md to inform users about the state of the repository
- Update project metadata by marking project as archived in code.json
- Files an issue containing an archival checklist based on the repository's maturity model tier. The checklist contains various tasks reviewing the contents of the repository.
This project is based on our archiving repositories guide.
Create a new GitHub workflow yml file or add to an existing GitHub Actions workflow.
name: Archive repository
on:
workflow_dispatch:
permissions:
contents: write
pull-requests: write
issues: write
jobs:
run-repo-sunsetter:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Run repo-sunsetter
id: archive
uses: DSACMS/repo-sunsetter@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
repo-sunsetter tailors the archival process based on your repository's tier (defined in code.json):
Tier 0-1: Lower-activity repositories receive a basic checklist with essential archival tasks Tier 2-4: Higher-criticality repositories with active communities receive a comprehensive checklist For more details on repository maturity model tiers, visit repo-scaffolder.
This functionality is located in the actions directory: actions/fetch-tier and actions/create-issue.
To mark the project as archived, automated-codejson-generator ARCHIVE mode is used.
This functionality is located in the actions/update-readme directory.
| Name | Description | Type | Default |
|---|---|---|---|
USE_MATURITY_MODEL_TIERS |
Indicates if maturity model tiers should be used for issue generation" | required | false |
CHECKLIST_LINK |
A link to the archival checklist to be included in the issue body. The checklist must be in the form of a .md file. The link must serve the file as a static raw text file (i.e. uses raw.githubusercontent.com) since it will be downloaded using wget. Only used if USE_MATURITY_MODEL_TIERS is false |
optional | https://raw.githubusercontent.com/DSACMS/repo-sunsetter/main/checklists/TEMPLATE_ARCHIVAL_CHECKLIST.md |
METADATA_FILE |
Repository metadata file in use. If code.json, then runs automated-codejson-generator. | optional | code.json |
ARCHIVE_NOTICE_TEXT |
Add own custom archive notice text, placed within a markdown warning banner. | optional | "This project is now archived and no longer actively maintained. It has been archived to retain its contents for reference. Feel free to explore and fork the repository, but please note that updates or support will not be provided." |
A GITHUB_TOKEN is needed for this action for writing issues and pull requests. Set it as the permissions below:
permissions:
contents: write
pull-requests: write
issues: write
To streamline the end-of-life archival process in the repository life cycle by creating a GitHub Action that defines and automates archival tasks, reducing manual effort of sunsetting a repository.
To provide a clear and straightforward process for development teams to sunset repositories, ensuring a thorough review of its contents as well as proper communication to users.
This project supports the agency's broader source code stewardship initiative, focused on bringing all repositories up to open source and repository hygiene standards.
Our team is committed to building tools that make open source development complemented with repository hygiene easier for federal development teams, focusing on automation and accuracy to reduce manual overhead.
A list of core team members responsible for the code and documentation in this repository can be found in COMMUNITY.md.
. ├── action.yml # Main composite action definition ├── actions/ # Sub-actions │ ├── create-issue/ # Creates archival checklist issue │ ├── fetch-tier/ # Determines repository maturity tier │ └── update-readme/ # Adds archival notice to README ├── checklists/ # Archival task checklists │ ├── BASIC_ARCHIVAL_CHECKLIST.md # Tier 0-1 repositories │ └── COMPREHENSIVE_ARCHIVAL_CHECKLIST.md # Tier 2-4 repositories
Visit the [checklists/] directory to view the archival checklists.
Documentation Index
- CONTRIBUTING.md - Guidelines for contributing to the project
- COMMUNITY.md & CODEOWNERS.md - Core team information and guidelines for community participation
- GOVERNANCE.md - Project governance information
- SECURITY.md - Security and vulnerability disclosure policies
- LICENSE - CC0 1.0 Universal public domain dedication
The following guide is for members of the project team who have access to the repository as well as code contributors. The main difference between internal and external contributions is that external contributors will need to fork the project and will not be able to merge their own pull requests. For more information on contributing, see: CONTRIBUTING.md.
Since this project consists of shell scripts and GitHub Actions, there is no build process. To test changes:
- Fork the repository
- Create a feature branch
- Make your changes to the shell scripts or action definitions
- Test by referencing your fork in a workflow: uses: your-fork/repo-sunsetter@your-branch
TBD
This project follows trunk-based development, which means:
- Make small changes in short-lived feature branches and merge to
mainfrequently. - Be open to submitting multiple small pull requests for a single ticket (i.e. reference the same ticket across multiple pull requests).
- Treat each change you merge to
mainas immediately deployable to production. Do not merge changes that depend on subsequent changes you plan to make, even if you plan to make those changes shortly. - Ticket any unfinished or partially finished work.
- Tests should be written for changes introduced, and adhere to the text percentage threshold determined by the project.
This project uses continuous deployment using Github Actions which is configured in the ./github/workflows directory.
Pull-requests are merged to main and the changes are immediately deployed to the development environment. Releases are created to push changes to production.
Thank you for considering contributing to an Open Source project of the US Government! For more information about our contribution guidelines, see CONTRIBUTING.md.
The repo-sunsetter team is taking a community-first and open source approach to the product development of this tool. We believe government software should be made in the open and be built and licensed such that anyone can download the code, run it themselves without paying money to third parties or using proprietary software, and use it as they will.
We know that we can learn from a wide variety of communities, including those who will use or will be impacted by the tool, who are experts in technology, or who have experience with similar technologies deployed in other spaces. We are dedicated to creating forums for continuous conversation and feedback to help shape the design and development of the tool.
We also recognize capacity building as a key part of involving a diverse open source community. We are doing our best to use accessible language, provide technical and process documents, and offer support to community members with a wide variety of backgrounds and skillsets.
Principles and guidelines for participating in our open source community are can be found in COMMUNITY.md. Please read them before joining or starting a conversation in this repo or one of the channels listed below. All community members and participants are expected to adhere to the community guidelines and code of conduct when participating in community spaces including: code repositories, communication channels and venues, and events.
If you have ideas for how we can improve or add to our capacity building efforts and methods for welcoming people into our community, please let us know at opensource@cms.hhs.gov. If you would like to comment on the tool itself, please let us know by filing an issue on our GitHub repository.
We adhere to the CMS Open Source Policy. If you have any questions, just shoot us an email.
Submit a vulnerability: Vulnerability reports can be submitted through Bugcrowd. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see SECURITY.md.
A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software.
In the spirit of Executive Order 14028 - Improving the Nation’s Cyber Security, a SBOM for this repository is provided here: https://github.com/DSACMS/repo-sunsetter/network/dependencies.
For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication as indicated in LICENSE.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.