Implement migrations and initial versions of settings.yml and mergify…

….yml (#43)

* Implement migrations and initial versions of settings.yml and mergify.yml

* add missing teams

* whitespace

.github/settings.yml

@@ -0,0 +1,185 @@
+# These settings are synced to GitHub by https://probot.github.io/apps/settings/
+
+repository:
+  # See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
+
+  # Note: You cannot unarchive repositories through the API. `true` to archive this repository. 
+  archived: false
+
+  # Either `true` to enable issues for this repository, `false` to disable them.
+  has_issues: true
+
+  # Either `true` to enable projects for this repository, or `false` to disable them.
+  # If projects are disabled for the organization, passing `true` will cause an API error.
+  has_projects: true
+
+  # Either `true` to enable the wiki for this repository, `false` to disable it.
+  has_wiki: false
+
+  # Either `true` to enable downloads for this repository, `false` to disable them.
+  has_downloads: true
+
+  # Updates the default branch for this repository.
+  #default_branch: main
+
+  # Either `true` to allow squash-merging pull requests, or `false` to prevent
+  # squash-merging.
+  allow_squash_merge: true
+
+  # Either `true` to allow merging pull requests with a merge commit, or `false`
+  # to prevent merging pull requests with merge commits.
+  allow_merge_commit: false
+
+  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
+  # rebase-merging.
+  allow_rebase_merge: false
+
+  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
+  delete_branch_on_merge: true
+
+  # Either `true` to enable automated security fixes, or `false` to disable
+  # automated security fixes.
+  enable_automated_security_fixes: true
+
+  # Either `true` to enable vulnerability alerts, or `false` to disable
+  # vulnerability alerts.
+  enable_vulnerability_alerts: true
+
+  # Either `true` to make this repo available as a template repository or `false` to prevent it.
+  #is_template: false
+
+environments:
+  - name: release
+    deployment_branch_policy:
+      custom_branches:
+        - main
+        - release/**
+  - name: security
+    deployment_branch_policy:
+      custom_branches:
+        - main
+        - release/**
+
+# Labels: define labels for Issues and Pull Requests
+labels:
+  - name: bug
+    color: '#d73a4a'
+    description: 🐛 An issue with the system
+
+  - name: feature
+    color: '#336699'
+    description: New functionality
+
+  - name: bugfix
+    color: '#fbca04'
+    description: Change that restores intended behavior
+
+  - name: auto-update
+    color: '#ededed'
+    description: This PR was automatically generated
+
+  - name: do not merge
+    color: '#B60205'
+    description: Do not merge this PR, doing so would cause problems
+
+  - name: documentation
+    color: '#0075ca'
+    description: Improvements or additions to documentation
+
+  - name: readme
+    color: '#0075ca'
+    description: Improvements or additions to the README
+
+  - name: duplicate
+    color: '#cfd3d7'
+    description: This issue or pull request already exists
+
+  - name: enhancement
+    color: '#a2eeef'
+    description: New feature or request
+
+  - name: good first issue
+    color: '#7057ff'
+    description: 'Good for newcomers'
+
+  - name: help wanted
+    color: '#008672'
+    description: 'Extra attention is needed'
+
+  - name: invalid
+    color: '#e4e669'
+    description: "This doesn't seem right"
+
+  - name: major
+    color: '#00FF00'
+    description: 'Breaking changes (or first stable release)'
+
+  - name: minor
+    color: '#00cc33'
+    description: New features that do not break anything
+
+  - name: no-release
+    color: '#0075ca'
+    description: 'Do not create a new release (wait for additional code changes)'
+
+  - name: patch
+    color: '#0E8A16'
+    description: A minor, backward compatible change
+
+  - name: question
+    color: '#d876e3'
+
+  - name: wip
+    color: '#B60205'
+    description: 'Work in Progress: Not ready for final review or merge'
+
+  - name: wontfix
+    color: '#B60205'
+    description: 'This will not be worked on'
+
+  - name: needs-cloudposse
+    color: '#B60205'
+    description: 'Needs Cloud Posse assistance'
+
+  - name: needs-test
+    color: '#B60205'
+    description: 'Needs testing'
+
+  - name: triage
+    color: '#fcb32c'
+    description: 'Needs triage'
+
+  - name: conflict
+    color: '#B60205'
+    description: 'This PR has conflicts'
+
+  - name: "no-changes"
+    color: "#cccccc"
+    description: "No changes were made in this PR"
+
+  - name: "stale"
+    color: "#e69138"
+    description: "This PR has gone stale"
+
+# Note: `permission` is only valid on organization-owned repositories.
+# The permission to grant the collaborator. Can be one of:
+# * `pull` - can pull, but not push to or administer this repository.
+# * `push` - can pull and push, but not administer this repository.
+# * `admin` - can pull, push and administer this repository.
+# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
+# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
+#
+# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options
+teams:
+  - name: approvers
+    permission: push
+  - name: admins
+    permission: admin
+  - name: bots
+    permission: admin
+  - name: engineering
+    permission: triage
+  - name: contributors
+    permission: triage
+  - name: security
+    permission: pull

migrate/.gitignore

@@ -0,0 +1,3 @@
+.build-harness
+build-harness
+tmp/**

migrate/Makefile

@@ -0,0 +1,26 @@
+export SHELL := /bin/bash
+export TMPDIR := ./tmp
+export MIGRATE_PATH := $(PWD)
+export MIGRATION_PATH := $(MIGRATE_PATH)/migrations/$(MIGRATION)
+
+deps:
+	brew install gh yq
+	pip3 install yamlfix
+
+clean::
+	rm -rf $(TMPDIR)/git-xargs*
+
+.PHONY: run
+run:
+	export GITHUB_OAUTH_TOKEN=$$(gh auth token); \
+	echo $$GITHUB_OAUTH_TOKEN; \
+	mkdir -p $$TMPDIR; \
+	git-xargs \
+		--loglevel DEBUG \
+		--skip-archived-repos \
+		--repos $(MIGRATION_PATH)/repos.txt \
+		--keep-cloned-repositories \
+		--branch-name migration/$(MIGRATION) \
+		--commit-message 'chore: run migration/$(MIGRATION)' \
+		--skip-pull-requests \
+		'$(MIGRATE_PATH)/run.sh' '$(MIGRATION)'

migrate/README.md

@@ -0,0 +1,43 @@
+## Usage
+
+Create a migration script in [`migrations/<date>/script.sh`](migrations/) and use the helpers in [`lib/`](lib/).
+
+```shell
+make run MIGRATION=20240302
+```
+
+## How it Works
+
+The `lib/` folder contains helper libraries (bash).  Define one file per tool. See the existing libraies for
+conventions.
+
+The `migrations/` folder contains subfolders, one per migration. By convention, we should use dates (e.g. `20230302`).
+
+Inside each date-based migration folder, there should be a few files.
+- `README.md` which will both describe the migration and be used as the body of the PR.
+- `repos.txt` a list of repos which this migration applies to
+- `script.sh` a script that is invoked in the context of the library, and will perform the migration operations
+
+There's a `templates/` folder, which contains a number of subfolders. Each subfolder represents a repository type.
+Including a `default` folder, which is used when no files are found for a given repository type.
+
+## Helper Functions
+
+- The `template_file` function will use the `REPO_TYPE` environment variable to find the best template file. It searches from the most specific to the list specific (e.g., `defaults/``).
+- The `info` function emits a friendly message.
+- The `error` function emits the error and exits 1
+- The `title` function sets the title that will be used subsequently when the PR is opened
+- The `install` function will use the `template_file` function to install a file from one of the suitable templates
+
+## Tips & Tricks
+
+1. Use `yq` for manipulating YAML. It will preserve comments, but not whitespace. It will also replace unicode characters with their escape sequence. Use `yamlfix` to restore the unicode character.
+2. Use `yamlfix` to format YAML and normalize whitespace.
+
+## Notable Limitations
+
+- `git-xargs` cannot add labels
+- `git-xargs` [ignores `.gitignore`](https://github.com/gruntwork-io/git-xargs/issues/53), so it's best to handle clean up before exiting the script
+- `git-xargs` will not update PR title/description, so it's advisable to just use `gh` CLI instead
+- `git-xargs` cannot auto-merge, so use `gh-cli` in script to commit, push, open PR, then merge
+- Using `gh-cli` to bypass the `git-xargs` deficiencies, means rate limiting isn't respected by `git-xargs`

migrate/lib/badges.sh

@@ -0,0 +1,107 @@
+function migrate_badges() {
+
+    readme_yaml="${1:-README.yaml}"
+
+    if [ ! -f "${readme_yaml}" ]; then
+        error "${readme_yaml} file not found."
+    fi
+
+    export GITHUB_REPO=$(yq '.github_repo' ${readme_yaml})
+
+    if [ "${GITHUB_REPO}" == "null" ]; then
+        error "GITHUB_REPO is not set in the ${readme_yaml} file."
+    fi
+
+    #  image: "https://img.shields.io/github/release/cloudposse/terraform-aws-documentdb-cluster.svg"
+    # Action: add ?style=for-the-style
+    yq -ei '.badges |= map(select(.image | test("img.shields.io")).image |= (. | sub("\.svg$"; ".svg?style=for-the-badge")) ) ' ${readme_yaml}
+
+    # image: "https://slack.cloudposse.com/badge.svg"
+    # Action: replace /badge.svg with /for-the-badge.svg
+    yq -ei '.badges |= map(select(.image | test("slack.cloudposse.com")).image |= (. | sub("/badge\.svg$"; "/for-the-badge.svg")) ) ' ${readme_yaml}
+
+    # - name: "Codefresh Build Status"
+    #  image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecs-web-app?type=cf-1"
+    #  url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5dbb22a15c2e97b3b73ab484"
+    yq -ei 'del(.badges[] | select(.name == "*Codefresh*"))' ${readme_yaml}
+
+    # - name: "Build Status"
+    #   image: "https://travis-ci.org/cloudposse/terraform-aws-ec2-ami-backup.svg?branch=master"
+    #   url: "https://travis-ci.org/cloudposse/terraform-aws-ec2-ami-backup"
+    # Action: delete it
+    yq -ei 'del(.badges[] | select(.name == "*Build Status*"))' ${readme_yaml}
+
+    # - name: "Latest Release"
+    #   image: "https://img.shields.io/github/release/cloudposse/terraform-aws-ec2-ami-backup.svg"
+    #   url: "https://travis-ci.org/cloudposse/terraform-aws-ec2-ami-backup/releases"
+    # Action: Replace it
+    yq -ei 'del(.badges[] | select(.name == "Latest Release"))' ${readme_yaml}
+
+    #- name: GitHub Action Build Status
+    #  image: https://github.com/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/workflows/Lambda/badge.svg?branch=master
+    #  url: https://github.com/cloudposse/terraform-aws-lambda-elasticsearch-cleanup/actions?query=workflow%3ALambda
+    yq -ei 'del(.badges[] | select(.name == "GitHub Action Build Status"))' ${readme_yaml}
+
+    #- name: "Discourse Forum"
+    #  image: "https://img.shields.io/discourse/https/ask.sweetops.com/posts.svg"
+    #  url: "https://ask.sweetops.com/"
+    # Action: Remove it
+    yq -ei 'del(.badges[] | select(.name == "Discourse Forum"))' ${readme_yaml}
+
+
+    # Now let's add the correct badges
+    yq -ei 'del(.badges[] | select(.name == "*Release*"))' ${readme_yaml}
+    yq -ei '.badges += [
+        {
+          "name": "Latest Release",
+          "image": "https://img.shields.io/github/release/" + env(GITHUB_REPO) + ".svg?style=for-the-badge",
+          "url": "https://github.com/" + env(GITHUB_REPO) + "/releases/latest"
+        }
+    ]' ${readme_yaml}
+
+    yq -ei 'del(.badges[] | select(.name == "*Updated*"))' ${readme_yaml}
+    yq -ei 'del(.badges[] | select(.name == "*Commit*"))' ${readme_yaml}
+    yq -ei '.badges += [
+        {
+          "name": "Last Updated",
+          "image": "https://img.shields.io/github/last-commit/" + env(GITHUB_REPO) + ".svg?style=for-the-badge",
+          "url": "https://github.com/" + env(GITHUB_REPO) + "/commits"
+        }
+    ]' ${readme_yaml}
+
+    if [ -f ".github/workflows/test.yml" ]; then
+        yq -ei 'del(.badges[] | select(.name == "*Test*"))' ${readme_yaml}
+        yq -ei '.badges += [
+            {
+              "name": "Tests",
+              "image": "https://img.shields.io/github/actions/workflow/status/" + env(GITHUB_REPO) + "/test.yml?style=for-the-badge",
+              "url": "https://github.com/" + (env(GITHUB_REPO) | tostring) + "/actions/workflows/test.yml"
+            }
+        ]' ${readme_yaml}
+    fi
+
+
+    if [ -f ".github/workflows/lambda.yml" ]; then
+        yq -ei 'del(.badges[] | select(.name == "*Test*"))' ${readme_yaml}
+        yq -ei '.badges += [
+            {
+              "name": "Tests",
+              "image": "https://img.shields.io/github/actions/workflow/status/" + env(GITHUB_REPO) + "/lambda.yml?style=for-the-badge",
+              "url": "https://github.com/" + env(GITHUB_REPO) + "/actions/workflows/lambda.yml"
+            }
+        ]' ${readme_yaml}
+    fi    
+
+    # This should always be the last badge we append, so it appears on the right.
+    yq -ei 'del(.badges[] | select(.name == "*Slack*"))' ${readme_yaml}
+    yq -ei '.badges += [
+        {
+          "name": "Slack Community",
+          "image": "https://slack.cloudposse.com/for-the-badge.svg",
+          "url": "https://slack.cloudposse.com"
+        }
+    ]' ${readme_yaml}
+
+    # Format the YAML for humans
+    yamlfix -c ${MIGRATE_PATH}/yamlfix.yml $readme_yaml
+}

migrate/lib/codeowners.sh

@@ -0,0 +1,4 @@
+function install_codeowners() {
+    info "Installing CODEOWNERS"
+    install CODEOWNERS
+}