Initial commit

Author: abernicchia-heroku

.github/dependabot.yml

@@ -0,0 +1,17 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+# directory: "/" ==> search in .github/workflows under root `/` or action.yml at root
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "16:00"
+    groups:
+      all-actions:
+        patterns: [ "*" ]

.github/workflows/rebuild-docker-container.yml

@@ -0,0 +1,21 @@
+name: Rebuild Docker Container
+
+on:
+  workflow_dispatch:
+    # Enables running the workflow manually
+    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
+  schedule:
+    # Run at 1:00 AM UTC on Sundays (may be delayed depending on resource availability)
+    # https://crontab.guru/#0_1_*_*_0
+    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
+    - cron: '0 1 * * 0'
+
+jobs:
+  rebuild-docker:
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+      - uses: heroku-reference-apps/github-heroku-flow-action@main
+        with:
+          heroku-api-key: ${{secrets.HEROKU_API_KEY}} # set it on GitHub as secret
+          heroku-app-name: ${{vars.HEROKU_SELFHOSTED_RUNNER_APPNAME}} # set it on GitHub as variable

.gitignore

@@ -0,0 +1,41 @@
+# This file is used for Git repositories to specify intentionally untracked files that Git should ignore.
+# If you are not using git, you can delete this file. For more information see: https://git-scm.com/docs/gitignore
+# For useful gitignore templates see: https://github.com/github/gitignore
+
+# IntelliJ IDE
+*.iml
+.idea/
+IlluminatedCloud/
+
+# Visual Studio Code
+.vscode/
+
+# Salesforce cache
+.sfdx/
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Dependency directories
+node_modules/
+
+# Eslint cache
+.eslintcache
+
+# MacOS system files
+.DS_Store
+
+# Windows system files
+Thumbs.db
+ehthumbs.db
+[Dd]esktop.ini
+$RECYCLE.BIN/
+
+# Local development
+*.env
+*.dev
+.act

CODEOWNERS

@@ -0,0 +1,2 @@
+# Comment line immediately above ownership line is reserved for related other information. Please be careful while editing.
+#ECCN:Open Source 5D002

CODE_OF_CONDUCT.md

@@ -0,0 +1,105 @@
+# Salesforce Open Source Community Code of Conduct
+
+## About the Code of Conduct
+
+Equality is a core value at Salesforce. We believe a diverse and inclusive
+community fosters innovation and creativity, and are committed to building a
+culture where everyone feels included.
+
+Salesforce open-source projects are committed to providing a friendly, safe, and
+welcoming environment for all, regardless of gender identity and expression,
+sexual orientation, disability, physical appearance, body size, ethnicity, nationality, 
+race, age, religion, level of experience, education, socioeconomic status, or 
+other similar personal characteristics.
+
+The goal of this code of conduct is to specify a baseline standard of behavior so
+that people with different social values and communication styles can work
+together effectively, productively, and respectfully in our open source community.
+It also establishes a mechanism for reporting issues and resolving conflicts.
+
+All questions and reports of abusive, harassing, or otherwise unacceptable behavior
+in a Salesforce open-source project may be reported by contacting the Salesforce
+Open Source Conduct Committee at [email protected].
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of gender 
+identity and expression, sexual orientation, disability, physical appearance, 
+body size, ethnicity, nationality, race, age, religion, level of experience, education, 
+socioeconomic status, or other similar personal characteristics.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy toward other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Personal attacks, insulting/derogatory comments, or trolling
+* Public or private harassment
+* Publishing, or threatening to publish, others' private information—such as
+a physical or electronic address—without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+professional setting
+* Advocating for or encouraging any of the above behaviors
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned with this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project email
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the Salesforce Open Source Conduct Committee 
+at [email protected]. All complaints will be reviewed and investigated 
+and will result in a response that is deemed necessary and appropriate to the 
+circumstances. The committee is obligated to maintain confidentiality with 
+regard to the reporter of an incident. Further details of specific enforcement 
+policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership and the Salesforce Open Source Conduct 
+Committee.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant-home],
+version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html. 
+It includes adaptions and additions from [Go Community Code of Conduct][golang-coc], 
+[CNCF Code of Conduct][cncf-coc], and [Microsoft Open Source Code of Conduct][microsoft-coc].
+
+This Code of Conduct is licensed under the [Creative Commons Attribution 3.0 License][cc-by-3-us].
+
+[contributor-covenant-home]: https://www.contributor-covenant.org (https://www.contributor-covenant.org/)
+[golang-coc]: https://golang.org/conduct
+[cncf-coc]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
+[microsoft-coc]: https://opensource.microsoft.com/codeofconduct/
+[cc-by-3-us]: https://creativecommons.org/licenses/by/3.0/us/

CONTRIBUTING.md

@@ -0,0 +1,80 @@
+*This is a suggested `CONTRIBUTING.md` file template for use by open sourced Salesforce projects. The main goal of this file is to make clear the intents and expectations that end-users may have regarding this project and how/if to engage with it. Adjust as needed (especially look for `{project_slug}` which refers to the org and repo name of your project) and remove this paragraph before committing to your repo.*
+
+# Contributing Guide For Heroku-hosted runner for GitHub Actions
+
+This page lists the operational governance model of this project, as well as the recommendations and requirements for how to best contribute to {PROJECT}. We strive to obey these as best as possible. As always, thanks for contributing – we hope these guidelines make it easier and shed some light on our approach and processes.
+
+# Governance Model
+
+## Published but not supported
+
+The intent and goal of open sourcing this project is because it may contain useful or interesting code/concepts that we wish to share with the larger open source community. Although occasional work may be done on it, we will not be looking for or soliciting contributions.
+
+# Getting started
+
+Please join the community on {Here list Slack channels, Email lists, Glitter, Discord, etc... links}. Also please make sure to take a look at the project [roadmap](ROADMAP.md) to see where are headed.
+
+# Issues, requests & ideas
+
+Use GitHub Issues page to submit issues, enhancement requests and discuss ideas.
+
+### Bug Reports and Fixes
+-  If you find a bug, please search for it in the [Issues](https://github.com/{project_slug}/issues), and if it isn't already tracked,
+   [create a new issue](https://github.com/{project_slug}/issues/new). Fill out the "Bug Report" section of the issue template. Even if an Issue is closed, feel free to comment and add details, it will still
+   be reviewed.
+-  Issues that have already been identified as a bug (note: able to reproduce) will be labelled `bug`.
+-  If you'd like to submit a fix for a bug, [send a Pull Request](#creating_a_pull_request) and mention the Issue number.
+  -  Include tests that isolate the bug and verifies that it was fixed.
+
+### New Features
+-  If you'd like to add new functionality to this project, describe the problem you want to solve in a [new Issue](https://github.com/{project_slug}/issues/new).
+-  Issues that have been identified as a feature request will be labelled `enhancement`.
+-  If you'd like to implement the new feature, please wait for feedback from the project
+   maintainers before spending too much time writing the code. In some cases, `enhancement`s may
+   not align well with the project objectives at the time.
+
+### Tests, Documentation, Miscellaneous
+-  If you'd like to improve the tests, you want to make the documentation clearer, you have an
+   alternative implementation of something that may have advantages over the way its currently
+   done, or you have any other change, we would be happy to hear about it!
+  -  If its a trivial change, go ahead and [send a Pull Request](#creating_a_pull_request) with the changes you have in mind.
+  -  If not, [open an Issue](https://github.com/{project_slug}/issues/new) to discuss the idea first.
+
+If you're new to our project and looking for some way to make your first contribution, look for
+Issues labelled `good first contribution`.
+
+# Contribution Checklist
+
+- [x] Clean, simple, well styled code
+- [x] Commits should be atomic and messages must be descriptive. Related issues should be mentioned by Issue number.
+- [x] Comments
+  - Module-level & function-level comments.
+  - Comments on complex blocks of code or algorithms (include references to sources).
+- [x] Tests
+  - The test suite, if provided, must be complete and pass
+  - Increase code coverage, not versa.
+  - Use any of our testkits that contains a bunch of testing facilities you would need. For example: `import com.salesforce.op.test._` and borrow inspiration from existing tests.
+- [x] Dependencies
+  - Minimize number of dependencies.
+  - Prefer Apache 2.0, BSD3, MIT, ISC and MPL licenses.
+- [x] Reviews
+  - Changes must be approved via peer code review
+
+# Creating a Pull Request
+
+1. **Ensure the bug/feature was not already reported** by searching on GitHub under Issues.  If none exists, create a new issue so that other contributors can keep track of what you are trying to add/fix and offer suggestions (or let you know if there is already an effort in progress).
+3. **Clone** the forked repo to your machine.
+4. **Create** a new branch to contain your work (e.g. `git br fix-issue-11`)
+4. **Commit** changes to your own branch.
+5. **Push** your work back up to your fork. (e.g. `git push fix-issue-11`)
+6. **Submit** a Pull Request against the `main` branch and refer to the issue(s) you are fixing. Try not to pollute your pull request with unintended changes. Keep it simple and small.
+7. **Sign** the Salesforce CLA (you will be prompted to do so when submitting the Pull Request)
+
+> **NOTE**: Be sure to [sync your fork](https://help.github.com/articles/syncing-a-fork/) before making a pull request.
+
+
+# Code of Conduct
+Please follow our [Code of Conduct](CODE_OF_CONDUCT.md).
+
+# License
+By contributing your code, you agree to license your contribution under the terms of our project [LICENSE](LICENSE.txt) and to sign the [Salesforce CLA](https://cla.salesforce.com/sign-cla)

Dockerfile

@@ -0,0 +1,112 @@
+# Use the same image that Heroku apps use.
+# https://devcenter.heroku.com/articles/stack
+FROM heroku/heroku:24
+
+# Inform utilities that we are in non-interactive mode.
+ARG TERM=linux
+ARG DEBIAN_FRONTEND=noninteractive
+
+# this ARG can be overridden changing the heroku.yml, it must be 'latest' or a dot-separated number (e.g. 2.320.1)
+# https://devcenter.heroku.com/articles/build-docker-images-heroku-yml#set-build-time-environment-variables
+ARG RUNNER_VERSION=latest
+
+USER root
+
+# Switch to bash shell.
+#
+# This resolves an error when the ENTRYPOINT script is started:
+#   "OCI runtime create failed: container_linux.go:380:
+#    starting container process caused: exec: "/bin/sh":
+#    stat /bin/sh: no such file or directory: unknown"
+#
+# Note, even though Docker supports a 'SHELL' setting, Heroku doesn't support it.
+# https://devcenter.heroku.com/articles/container-registry-and-runtime#unsupported-dockerfile-commands
+#
+# Remove /bin/sh and link to bash shell.
+# https://stackoverflow.com/a/46670119/470818
+RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+
+# Creating Heroku Dyno-like Environment with Docker
+# This makes it more consistent with how Heroku dynos run,
+# which set $HOME to '/app' and run as a non-root user.
+# https://github.com/heroku/stack-images/issues/56#issuecomment-323378577
+# https://github.com/heroku/stack-images/issues/56#issuecomment-348246257
+ARG HOME="/app"
+ENV HOME=${HOME}
+WORKDIR ${HOME}
+
+# Paths where we'll install various tools.
+ARG ACTIONS_DIR="${HOME}/actions-runner"
+
+# Create a non-root user. Heroku will not run as root.
+# This step creates a user named 'docker' and creates its home directory.
+# The user could be named anything, 'docker' just seemed fitting.
+# https://ss64.com/bash/useradd.html
+RUN useradd -m -d ${HOME} docker \
+ && mkdir -p ${ACTIONS_DIR}
+
+# ------------------------------------------------------------------------------
+# Install GitHub Actions Runner
+#
+# The following commands come from GitHub's instructions
+# at the time you choose which kind of self-hosted runner to create.
+# https://github.com/organizations/{org}/settings/actions/runners/new
+#
+# Some of the instructions are inspired by the tutorial at
+# https://testdriven.io/blog/github-actions-docker
+#
+# Learn more about self-hosted runners at
+# https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners
+# ------------------------------------------------------------------------------
+
+# Switch to the actions directory to download and install the package.
+# Note, doing a `cd` command in a `RUN` operation won't work like in a terminal,
+# you must use `WORKDIR` to change your working directory.
+WORKDIR ${ACTIONS_DIR}
+
+# Download the latest GitHub Actions runner package.
+COPY install-actions-runner.sh /tmp/install-actions-runner.sh
+RUN sh /tmp/install-actions-runner.sh "$RUNNER_VERSION" && rm -f /tmp/install-actions-runner.sh
+
+# ------------------------------------------------------------------------------
+# Copy files and set permissions
+# ------------------------------------------------------------------------------
+
+# Copy over our start.sh script that's in our repository
+# and store it in the docker user's home directory.
+COPY start.sh ${HOME}/start.sh
+
+# Make the script executable and
+# Make our docker user owner of the files we've added to the image.
+RUN chmod ug+x ${HOME}/start.sh \
+ && chown -R docker:docker ${HOME}
+
+# Clean up the apt cache (as ./bin/installdependencies.sh above may install apt packages) to reduce image size for faster starts.
+RUN apt-get autoremove --yes \
+ && apt-get clean --yes \
+ && rm -rf /var/lib/apt/lists/*
+
+# Security hardening - removes SUID and SGID bits from executable files:
+# - Removes potentially dangerous elevated privileges
+# - Reduces the attack surface
+# - Follows the principle of least privilege
+RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
+
+# ------------------------------------------------------------------------------
+# Create User
+# ------------------------------------------------------------------------------
+
+# Since the config and run scripts for actions are not allowed to be run by root,
+# switch to a different user so all subsequent commands are run as that user.
+USER docker
+
+# Confirm actions is where it should be.
+RUN ${ACTIONS_DIR}/config.sh --version \
+ && ${ACTIONS_DIR}/config.sh --commit
+
+# Set the script to execute when the image starts.
+# Note, even though Docker supports a 'SHELL' setting, Heroku doesn't support it.
+# https://devcenter.heroku.com/articles/container-registry-and-runtime#unsupported-dockerfile-commands
+#ENTRYPOINT ["/bin/bash", "-c", "/app/start.sh"]
+CMD ["/app/start.sh"]
+