Setup git

Author: lakruzz

.devcontainer/.gh_alias.yml

@@ -0,0 +1,5 @@
+workon: '!gh tt workon "$@"'
+wrapup: '!gh tt wrapup "$@"'
+deliver: '!gh tt deliver "$@"'
+responsibles: '!gh tt responsibles "$@"'
+semver: '!gh tt semver "$@"'

.github/actions/prep-runner/action.yml

@@ -0,0 +1,26 @@
+name: Prep-runner
+description: Sets the GitHub workflow to do what we need
+
+inputs:
+  verify:
+    description: Script to run to verify the environment is set up correctly. If not provided, no verification will be done.
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: "20"
+
+    # Install npm packages required by .githooks/pre-commit
+    - name: Install linting and checker tools
+      shell: bash
+      run: npm install -g cspell markdownlint-cli2 @cspell/dict-da-dk prettier
+
+    - name: Verify environment
+      if: ${{ inputs.verify }}
+      shell: bash
+      run: ${{ inputs.verify }}
+    

.github/workflows/ready.yml

@@ -0,0 +1,65 @@
+name: Ready
+# This workflow is triggered by 'ready' branches
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "ready/**"
+
+jobs:
+  trunk-worthy:
+    name: Check trunk worthyness
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: read
+      statuses: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Mark pending
+        run: ./.scripts/trunk-worthy mark-pending
+
+      - name: Set up runner environment
+        uses: ./.github/actions/prep-runner
+        with:
+          verify: ./.scripts/trunk-worthy 
+
+# At this point we only duplicated the wrapup flow.
+# Add all additional jobs you want to run on the ready branch before the merge-to-trunk job
+# and make merge-to-trunk depend on them (like it depends on trunk-worthy) to ensure they run before the merge.
+
+
+  merge-to-trunk:
+    name: Merge to trunk
+    runs-on: ubuntu-latest
+    needs: trunk-worthy
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      pull-requests: write
+      issues: write
+      contents: write
+
+    steps:
+
+        # Not sue what goes on here? Whre did the secret come from?
+        # check *./docs/ready-pusher.md' for more details on how to set up and use this workflow
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0 # Fetch full history to ensure we can merge and push
+          token: ${{ secrets.READY_PUSHER }} # PAT with content:write (can not use secrets.GITHUB_TOKEN as it is a special case, it does not trigger other workflows on push) 
+
+      - uses: devx-cafe/takt-actions/ready-to-trunk@v1
+        # with: #Uncomment if you want to override any of the default inputs
+          # target_branch: #default is main
+          # user_name: #default is "Ready Pusher Bot"
+          # user_email: #default is "ready-pusher@${{ github.repository_owner }}.github.com"
+          # delete_dev_branch: false # default is true
+          # delete_ready_branch: false # default is true
+          # close_pr: false # default is true
+          # close_issue: false # default is true

.github/workflows/release.yml

@@ -0,0 +1,98 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'           # Matches Core SemVer versions - without a prefix: 0.9.0, 1.2.3
+      - '[a-zA-Z]+[0-9]+.[0-9]+.[0-9]+'  # Matches Core SemVer versions - with a prefix: v1.0.0, ver1.0.0, RC1.0.0
+      - '[0-9]+.[0-9]+.[0-9]+*'          # Matches Build and Prerelease SemVer versions - without a prefix: 0.9.0+1.03ed4d1, 0.9.0-alpha1, 0.9.0-alpha1+1.03ed4d1
+      - '[a-zA-Z]+[0-9]+.[0-9]+.[0-9]+*' # Matches Build and Prerelease SemVer versions - with a prefix: v0.9.0+1.03ed4d1, ver0.9.0-alpha1, RC0.9.0-alpha1+1.03ed4d1
+
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag to release (e.g., v1.0.0 or 1.0.0)"
+        required: true
+        type: string
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event.inputs.tag || github.ref }}
+          fetch-depth: 0   # Fetch full history (needed for release notes generation)
+          fetch-tags: true # Ensure tags are fetched (needed for release notes generation)
+
+      - name: Determine release type
+        id: release_type
+        run: |
+          TAG="${{ github.event.inputs.tag || github.ref_name }}"
+          # Check if tag contains prerelease markers (- or +) after SemVer core
+          # Lines 5-6 in trigger: [0-9]+.[0-9]+.[0-9]+* and [a-zA-Z]+[0-9]+.[0-9]+.[0-9]+*
+          if [[ $TAG =~ ^[a-zA-Z]*[0-9]+\.[0-9]+\.[0-9]+([-]) ]]; then
+            echo "is_prerelease=true" >> $GITHUB_OUTPUT
+            echo "is_draft=false" >> $GITHUB_OUTPUT
+            echo "Release type: PRERELEASE" 
+          elif [[ $TAG =~ ^[a-zA-Z]*[0-9]+\.[0-9]+\.[0-9]+([+]) ]]; then
+            echo "is_prerelease=false" >> $GITHUB_OUTPUT
+            echo "is_draft=true" >> $GITHUB_OUTPUT
+            echo "Release type: DRAFT" 
+          else 
+            echo "is_prerelease=false" >> $GITHUB_OUTPUT
+            echo "is_draft=false" >> $GITHUB_OUTPUT
+            echo "Release type: STABLE"
+          fi
+
+      - name: Create release notes
+        id: release_notes
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          gh ext install devx-cafe/gh-tt
+          mkdir -p .tmp/release
+          gh tt semver note --filename .tmp/release/RELEASENOTES.md
+          echo "Generating release notes..."
+          cat .tmp/release/RELEASENOTES.md >> $GITHUB_STEP_SUMMARY
+
+
+        # Build the release assets - and collects the "packkage". to release
+      - name: collect artifacts
+        run: |
+          mkdir -p .tmp/release
+          cp ./README.md .tmp/release/
+                    
+        # Nice to have a version.txt in the release assets, so we know what commit and tag the release was built from
+      - name: version.txt
+        run: |
+          mkdir -p .tmp/release
+          echo "Build from ${{ github.repository }}" > .tmp/release/version.txt
+          echo "Tag: ${{ github.ref_name }}" >> .tmp/release/version.txt
+          echo "Commit: ${{ github.sha }}" >> .tmp/release/version.txt
+
+        # Package the release assets - in this case we just tar.gz the release folder,
+        # but you should design it to any packaging needed for the specific project
+      - name: Package release assets
+        run: |
+          mkdir -p .tmp/release
+          TAG="${{ github.event.inputs.tag || github.ref_name }}"
+          tar -czf ".tmp/takt-actions-${TAG}.tar.gz" -C .tmp/release .
+
+        # This files are "flattend" in the release, so If you need to keep the folder structure, 
+        # you should create an archive (tar ball) ...wi did that in the previous step, so now we just need 
+        # to upload the archive as the release asset
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ github.event.inputs.tag || github.ref_name }}
+          files: |
+            ./.tmp/takt-actions-${{ github.event.inputs.tag || github.ref_name }}.tar.gz
+            ./.tmp/release/version.txt
+          body_path: .tmp/release/RELEASENOTES.md
+          draft: ${{ steps.release_type.outputs.is_draft }}
+          prerelease: ${{ steps.release_type.outputs.is_prerelease }}
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stage.yml

@@ -0,0 +1,21 @@
+name: Stage
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  stage-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      
+      - name: Mark the spot for stage deployment
+        run: |
+          echo "Stage deployment placeholder - ready for implementation"
+          echo "Stage deployment placeholder - ready for implementation" >> $GITHUB_STEP_SUMMARY
+          echo "go to \`.github/workflows/stage.yml\` and fill in the blanks..." >> .stage_deploy_placeholder
+
+# A blank sheet!
+# Excited to see what yopu come up with!

.github/workflows/wrapup.yml

@@ -0,0 +1,36 @@
+name: wrapup
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - "[0-9]*" # Isue branches
+      - "copilot/*" # Copilot running in Agentic mode pushes branches with this prefix as default
+
+concurrency:
+  group: "wrapup"
+  cancel-in-progress: false
+
+
+jobs:
+  trunk-worthy:
+    name: Check trunk worthyness
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: read
+      statuses: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Mark pending
+        run: ./.scripts/trunk-worthy mark-pending
+
+      - name: Set up runner environment
+        uses: ./.github/actions/prep-runner 
+
+      - name: Test trunk worthyness - mark statusses
+        run: ./.scripts/trunk-worthy  

docs/ready_pusher.md

@@ -0,0 +1,96 @@
+# SECRETS for the `READY_PUSHER`
+
+The [TakT](https://www.lakruzz.com/stories/takt/) workflow which allows you to run a smooth Pull-Request free flow needs access to merge stuff into your trunk (`main`).
+
+GitHub flows comes with a built-in worker-bee token. In the flows you can access it in `${{ secrets.GITHUB_TOKEN }}`
+
+> [!CAUTION]
+> While the ${{ secrets.GITHUB_TOKEN }} can be lifted to `contents:write` permissions. GitHub actions treats
+> commits created with this token as a special case which:
+> **These commits will not trigger other workflows**
+
+We need that! The `ready.yml` flow is designed to trigger the `stage.yml` flow.
+
+## Solution
+
+- In you developer profile settings Go and create a [**Fine-grained personal access token**](https://github.com/settings/personal-access-tokens)
+- Settings (recommended)
+  - **Token name**: `TAKT_CONTENT_WRITE`
+  - **Description**: `Used to support the workflows devx-cafe/gh-tt workflow`
+  - **Ressource owner**: `<YOUR-ORGANIZATION>` (recommended) or `<USER>` if you don't have an organization
+  - **Expiration**: `<A-LONG-TIME>`
+  - **Repository access** `All` or `Only selected`
+  - **Permissions**: `contents:write` _(nothing else is needed)_
+
+When you are done you will be presented a `gho****` token (GitHub oAuth) \_this is the only time you'll see this, but possibly not the only time you'll need it! So store it in your favorite password wallet.
+
+<!-- cspell:ignore Cemi Okxps  -->
+
+> [!TIP]
+> You can not store this in git!
+> If you do, GitHub will see 👀 it in the security scans going on in the background and
+> and it will revoke the token!
+> IF you want to store it in git, encode it with `base64` first and decode it when you need to use it:
+> Example:
+> If your token is `gho_1ZCCemiYAvkChNLJ4zOkxpsBh6X7FUZn25`
+>
+> ```bash
+> $ echo gho_1ZCCemiYAvkChNLJ4zOkxpsBh6X7FUZn25 | base64
+> Z2hvXzFaQ0NlbWlZQXZrQ2hOTEo0ek9reHBzQmg2WDdGVVpuMjUK
+> echo Z2hvXzFaQ0NlbWlZQXZrQ2hOTEo0ek9reHBzQmg2WDdGVVpuMjUK | base64 --decode
+> gho_1ZCCemiYAvkChNLJ4zOkxpsBh6X7FUZn25
+> ```
+
+## Make it a Secret
+
+### 1. Organization secret
+
+Go to the organization **"Action secrets and variables"** page
+
+`<https://github.com/organizations/<ORG>/settings/secrets/actions>`
+
+Create a new organisation secret:
+
+- **Name**: `READY_PUSHER`
+- **Secret**: `<TAKT_CONTENT_WRITE-VALUE>` (starts with `gho***`)
+
+### 2. Repo secret:
+
+Go to the repo **"Action secrets and variables"** page:
+
+`<https://github.com/<USER|ORG>/<REPO-NAME>/settings/secrets/actions>`
+
+Create a new secret:
+
+- **Name**: `READY_PUSHER`
+- **Secret**: `<TAKT_CONTENT_WRITE-VALUE>` (starts with `gho***`)
+
+## Use the secret
+
+Regardless if you created the secret as a _repo_ or an _organizations_ wide secret you use it the same way.
+
+When you need to manipulate a repo, push it back to origin and have possible flows trigger on the change, simply pass `${{ secrets.READY_PUSHER }}` at the token to the `checkout` action
+
+```yaml
+  ...
+
+jobs:
+  some-job:
+
+    ...
+
+    permissions:
+      contents: write # Required if you plan to push back _ even with your own token
+
+  steps:
+
+  ...
+
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0   # Required if you plan to push back - Fetch full history
+          token: ${{ secrets.READY_PUSHER }} # Required if you want push backs to trigger other flows must have contents:write
+
+```
+
+See it live in the `ready.yml` flow