ci: add fork-based compute workflows #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Bootstrap from Template | |
| on: | |
| push: | |
| branches: [main, dev] | |
| workflow_dispatch: | |
| inputs: | |
| repo_type: | |
| description: 'Repository type' | |
| required: true | |
| default: 'module' | |
| type: choice | |
| options: | |
| - foundation | |
| - module | |
| - product | |
| - service | |
| - infra | |
| - template | |
| jobs: | |
| bootstrap: | |
| # Only run if this looks like a fresh repo (no releases, few commits) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check if bootstrap needed | |
| id: check | |
| run: | | |
| COMMIT_COUNT=$(git rev-list --count HEAD) | |
| if [ "$COMMIT_COUNT" -lt 5 ]; then | |
| echo "needs_bootstrap=true" >> $GITHUB_OUTPUT | |
| echo "Fresh repo detected ($COMMIT_COUNT commits)" | |
| else | |
| echo "needs_bootstrap=false" >> $GITHUB_OUTPUT | |
| echo "Existing repo ($COMMIT_COUNT commits) - skipping bootstrap" | |
| fi | |
| - name: Create standard labels | |
| if: steps.check.outputs.needs_bootstrap == 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Agent workflow labels | |
| gh label create "agent:ready" --description "Task ready for AI agent" --color "0E8A16" --force || true | |
| gh label create "agent:wip" --description "Work in progress by agent" --color "F9D0C4" --force || true | |
| gh label create "agent:review" --description "Needs verification" --color "FBCA04" --force || true | |
| gh label create "agent:blocked" --description "Needs human input" --color "D93F0B" --force || true | |
| gh label create "verified" --description "Work verified" --color "0E8A16" --force || true | |
| gh label create "verify-failed" --description "Verification failed" --color "D93F0B" --force || true | |
| gh label create "agentic" --description "AI-consumable task" --color "5319E7" --force || true | |
| # Type labels | |
| gh label create "type:feature" --description "New feature" --color "0052CC" --force || true | |
| gh label create "type:bug" --description "Bug fix" --color "D93F0B" --force || true | |
| gh label create "type:security" --description "Security issue" --color "D93F0B" --force || true | |
| gh label create "type:docs" --description "Documentation" --color "0075CA" --force || true | |
| # Priority labels | |
| gh label create "priority:critical" --description "Critical priority" --color "B60205" --force || true | |
| gh label create "priority:high" --description "High priority" --color "D93F0B" --force || true | |
| gh label create "priority:medium" --description "Medium priority" --color "FBCA04" --force || true | |
| gh label create "priority:low" --description "Low priority" --color "0E8A16" --force || true | |
| echo "✅ Labels created" | |
| - name: Set dev as default branch | |
| if: steps.check.outputs.needs_bootstrap == 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Create dev branch if it doesn't exist | |
| git checkout -b dev 2>/dev/null || git checkout dev | |
| git push origin dev --force-with-lease || true | |
| # Set as default (requires admin token, may fail with GITHUB_TOKEN) | |
| gh repo edit --default-branch dev || echo "⚠️ Could not set default branch (needs admin)" | |
| - name: Enable security features | |
| if: steps.check.outputs.needs_bootstrap == 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Enable vulnerability alerts | |
| gh api -X PUT repos/${{ github.repository }}/vulnerability-alerts || true | |
| # Enable automated security fixes | |
| gh api -X PUT repos/${{ github.repository }}/automated-security-fixes || true | |
| echo "✅ Security features enabled" | |
| - name: Create setup instructions issue | |
| if: steps.check.outputs.needs_bootstrap == 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh issue create \ | |
| --title "🚀 Repository Setup Checklist" \ | |
| --label "agentic,type:docs" \ | |
| --body "## Post-Template Setup | |
| This repo was created from the [core-devops template](https://github.com/host-uk/core-devops). | |
| ### Automated ✅ | |
| - [x] Standard labels created | |
| - [x] Security features enabled | |
| - [x] CodeRabbit config present | |
| ### Manual Steps | |
| - [ ] Update \`repos.yaml\` with your package details | |
| - [ ] Update \`CLAUDE.md\` with project-specific guidance | |
| - [ ] Update \`README.md\` with project description | |
| - [ ] Add to org project if needed | |
| - [ ] Set up any required secrets (\`PROJECT_TOKEN\` for auto-project) | |
| - [ ] Remove/customize template files | |
| ### Optional | |
| - [ ] Enable GitHub Pages for docs | |
| - [ ] Add to CodeRabbit (if not auto-enabled) | |
| - [ ] Configure branch protection rules | |
| --- | |
| _This issue was auto-created by the template bootstrap workflow._" | |
| echo "✅ Setup issue created" | |
| - name: Summary | |
| if: steps.check.outputs.needs_bootstrap == 'true' | |
| run: | | |
| echo "## 🎉 Bootstrap Complete" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Your repo has been configured with:" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ Standard labels for agent workflow" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ Security features enabled" >> $GITHUB_STEP_SUMMARY | |
| echo "- ✅ Setup checklist issue created" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "See the created issue for remaining manual steps." >> $GITHUB_STEP_SUMMARY |