Initial commit

Author: cnoble-may

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# CHANGE_ME - set correct code owner
+*   @linz/step-enablement

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "fix(deps)"
+    cooldown:
+      default-days: 15

.github/workflows/ci.yml

@@ -0,0 +1,25 @@
+name: CI
+on:
+  pull_request:
+    branches: [master]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      # CHANGE_ME - implement automation test for the actual action
+      - name: invoke action
+        uses: ./
+        with:
+          input1: foo
+          input2: bar
+
+      - name: Verify the result
+        run: |
+          source assert.sh
+          assert_eq "foo" "$DUMMY_INPUT1"
+          assert_eq "bar" "$DUMMY_INPUT2"

.github/workflows/dependabot-automation.yml

@@ -0,0 +1,30 @@
+name: Dependabot automation
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Approve PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.STEP_GITHUB_ACTION_TOKEN }}
+      - name: Enable auto-merge for Dependabot PRs that doesn't include major version update
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.STEP_GITHUB_ACTION_TOKEN }}
+

.github/workflows/lint-pr.yml

@@ -0,0 +1,11 @@
+name: "Lint PR"
+
+on:
+  pull_request:
+    types: ["opened", "edited", "reopened", "synchronize"]
+
+jobs:
+  pr-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: linz/action-pull-request-lint@7adb4bc59b59dc6e097de831c29a17c2c1338826 # v1.2.0

.github/workflows/release.yml

@@ -0,0 +1,19 @@
+name: release-please
+
+on:
+  push:
+    branches:
+      - master
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
+        with:
+          release-type: simple
+          token: ${{ secrets.STEP_GITHUB_ACTION_TOKEN  }}

README.md

@@ -0,0 +1,30 @@
+# template-github-action
+
+Template repo to kick start a composite Github action, providing the following features and configurations
+
+1. [Sample composite action](action.yaml)
+2. [Sample CI workflow](.github/workflows/ci.yml) to test the sample action
+   - provided [assert.sh](assert.sh) to perform simple assertions in shell
+3. [Repo setup script](setup_repo.sh) to configure the new repo
+4. PR title linting to enforce that the PR titles follows [conventional commit standard](https://www.conventionalcommits.org/)
+5. Configures dependabot to update any Github action dependencies
+6. Dependabot automation workflow to automatically approve and squash merge dependabot PRs
+7. Automated release with [release-please](https://github.com/googleapis/release-please-action)
+8. Sample [CODEOWNERS](.github/CODEOWNERS) file
+
+## Template usage
+
+1. When creating a new repo
+   1. Recommend to prefix the repo name with `action-`, e.g. `action-setup-playwright`
+   2. Use the `Start with a template` option and select this repo as the template.
+   3. Clone the new repo
+   4. Make sure you have [Github CLI](https://github.com/cli/cli#installation) installed
+   5. Open a bash terminal to the repo folder
+   6. Run `./setup_repo.sh` to configure the repo settings. Note - this script self-deletes after successful run, commit
+      the deletion as the script would be no longer required.
+2. Search for word `CHANGE_ME` and modify the code as needed.
+3. Replace this README file with documentation for the new action.
+4. Implement the new action and release it with release-please
+5. Ask in Slack channel `#team-step-enablement` or `#help-github` to grant dependabot access to this new repo
+   1. so that consumers of your new action can receive automated upgrades when new version is released
+   2. this setting is at the bottom of this page https://github.com/organizations/linz/settings/security_analysis

action.yaml

@@ -0,0 +1,20 @@
+# CHANGE_ME - implement the actual action
+name: dummy composite action
+
+inputs:
+  input1:
+    description: value to set to DUMMY_INPUT1 environment variable
+  input2:
+    description: value to set to DUMMY_INPUT2 environment variable
+
+runs:
+  using: composite
+  steps:
+    - name: Dummy step 1
+      shell: bash
+      env:
+        INPUT1: ${{ inputs.input1 }}
+        INPUT2: ${{ inputs.input2 }}
+      run: |
+        echo "DUMMY_INPUT1=$INPUT1" >> $GITHUB_ENV
+        echo "DUMMY_INPUT2=$INPUT2" >> $GITHUB_ENV

assert.sh

@@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+# copied from https://github.com/torokmark/assert.sh/blob/main/assert.sh
+
+#####################################################################
+##
+## title: Assert Extension
+##
+## description:
+## Assert extension of shell (bash, ...)
+##   with the common assert functions
+## Function list based on:
+##   http://junit.sourceforge.net/javadoc/org/junit/Assert.html
+## Log methods : inspired by
+##	- https://natelandau.com/bash-scripting-utilities/
+## author: Mark Torok
+##
+## date: 07. Dec. 2016
+##
+## license: MIT
+##
+#####################################################################
+
+if command -v tput &>/dev/null && tty -s; then
+  RED=$(tput setaf 1)
+  GREEN=$(tput setaf 2)
+  MAGENTA=$(tput setaf 5)
+  NORMAL=$(tput sgr0)
+  BOLD=$(tput bold)
+else
+  RED=$(echo -en "\e[31m")
+  GREEN=$(echo -en "\e[32m")
+  MAGENTA=$(echo -en "\e[35m")
+  NORMAL=$(echo -en "\e[00m")
+  BOLD=$(echo -en "\e[01m")
+fi
+
+log_header() {
+  printf "\n${BOLD}${MAGENTA}==========  %s  ==========${NORMAL}\n" "$@" >&2
+}
+
+log_success() {
+  printf "${GREEN}✔ %s${NORMAL}\n" "$@" >&2
+}
+
+log_failure() {
+  printf "${RED}✖ %s${NORMAL}\n" "$@" >&2
+}
+
+assert_eq() {
+  local expected="$1"
+  local actual="$2"
+  local msg="${3-}"
+
+  if [ "$expected" == "$actual" ]; then
+    return 0
+  else
+    [ "${#msg}" -gt 0 ] && log_failure "$expected == $actual :: $msg" || true
+    return 1
+  fi
+}
+
+assert_not_eq() {
+  local expected="$1"
+  local actual="$2"
+  local msg="${3-}"
+
+  if [ ! "$expected" == "$actual" ]; then
+    return 0
+  else
+    [ "${#msg}" -gt 0 ] && log_failure "$expected != $actual :: $msg" || true
+    return 1
+  fi
+}
+
+assert_true() {
+  local actual="$1"
+  local msg="${2-}"
+
+  assert_eq true "$actual" "$msg"
+  return "$?"
+}
+
+assert_false() {
+  local actual="$1"
+  local msg="${2-}"
+
+  assert_eq false "$actual" "$msg"
+  return "$?"
+}
+
+assert_empty() {
+  local actual=$1
+  local msg="${2-}"
+
+  assert_eq "" "$actual" "$msg"
+  return "$?"
+}
+
+assert_contain() {
+  local haystack="$1"
+  local needle="${2-}"
+  local msg="${3-}"
+
+  if [ -z "${needle:+x}" ]; then
+    return 0
+  fi
+
+  if [ -z "$haystack" ]; then
+    return 1
+  fi
+
+  if [ -z "${haystack##*$needle*}" ]; then
+    return 0
+  else
+    [ "${#msg}" -gt 0 ] && log_failure "$haystack doesn't contain $needle :: $msg" || true
+    return 1
+  fi
+}
+