From 13895036351015740b58810679d1ce425f0f25d8 Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 09:01:08 +0100 Subject: [PATCH 1/2] chore: exclude internal/development files from crate package Exclude from crate releases: - Git hooks and config (.githooks/, .gitignore, .gitmessage) - Development tools (renovate.json5, clippy.toml, deny.toml, build.rs) - Organization template directory (org-repos-setup/) - Internal documentation (Claude setup, CI optimization, workflow guides, etc.) - CHANGELOG.md (included separately in GitHub releases) This ensures only essential library files are distributed in the crate package. --- Cargo.toml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/Cargo.toml b/Cargo.toml index d7cada5..3d4fa68 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,6 +31,13 @@ exclude = [ "justfile", "setup-hooks.sh", ".git-hooks/", + ".githooks/", + ".gitignore", + ".gitmessage", + "renovate.json5", + "clippy.toml", + "deny.toml", + "build.rs", # Build artifacts "release-reports/", @@ -38,6 +45,9 @@ exclude = [ "*.profraw", "*.profdata", + # Organization/template setup files + "org-repos-setup/", + # Documentation (internal/setup guides - not for end users) "DOCS_SETUP.md", "WORKFLOWS_SETUP.md", @@ -52,6 +62,15 @@ exclude = [ "RELEASE_REPORTS_SUMMARY.md", "COMPLETE_SUMMARY.md", "CRATE_PACKAGING.md", + "CI_OPTIMIZATION.md", + "CLAUDE_AUTO_APPROVE_SETUP.md", + "CLAUDE_INTEGRATION.md", + "GITHUB_RELEASE_STRUCTURE.md", + "ORG_GITHUB_ACTIONS_SETUP.md", + "RELEASE_PROCESS.md", + "TEST_AUTO_APPROVE.md", + "WORKFLOW_GUIDE.md", + "CHANGELOG.md", # AI documentation (repo version for developers, .release version for users) "AGENTS.md", From dc1c339aa353d4392b93a94c0a65b3a9b4cedfcf Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 09:21:29 +0100 Subject: [PATCH 2/2] chore: remove redundant org-repos-setup directory The org-level .github repository (Singularity-ng/.github) is already set up with the same workflow templates and organization files. This directory was just a duplicate/template that's no longer needed. --- org-repos-setup/.github/README.md | 47 --- org-repos-setup/.github/SECURITY.md | 68 ----- org-repos-setup/.github/SUPPORT.md | 95 ------- .../rust-nix-ci.properties.json | 7 - .../workflow-templates/rust-nix-ci.yml | 22 -- .../rust-nix-release.properties.json | 7 - .../workflow-templates/rust-nix-release.yml | 24 -- org-repos-setup/QUICK_START.md | 199 ------------- org-repos-setup/README.md | 267 ------------------ org-repos-setup/github-actions/README.md | 106 ------- .../build-crate-package/README.md | 164 ----------- .../build-crate-package/action.yml | 126 --------- .../generate-release-reports/README.md | 167 ----------- .../generate-release-reports/action.yml | 115 -------- .../github-actions/setup-nix-rust/README.md | 106 ------- .../github-actions/setup-nix-rust/action.yml | 67 ----- .../.github/workflows/rust-nix-ci.yml | 138 --------- .../.github/workflows/rust-nix-release.yml | 256 ----------------- org-repos-setup/github-workflows/README.md | 142 ---------- org-repos-setup/setup-script.sh | 185 ------------ 20 files changed, 2308 deletions(-) delete mode 100644 org-repos-setup/.github/README.md delete mode 100644 org-repos-setup/.github/SECURITY.md delete mode 100644 org-repos-setup/.github/SUPPORT.md delete mode 100644 org-repos-setup/.github/workflow-templates/rust-nix-ci.properties.json delete mode 100644 org-repos-setup/.github/workflow-templates/rust-nix-ci.yml delete mode 100644 org-repos-setup/.github/workflow-templates/rust-nix-release.properties.json delete mode 100644 org-repos-setup/.github/workflow-templates/rust-nix-release.yml delete mode 100644 org-repos-setup/QUICK_START.md delete mode 100644 org-repos-setup/README.md delete mode 100644 org-repos-setup/github-actions/README.md delete mode 100644 org-repos-setup/github-actions/build-crate-package/README.md delete mode 100644 org-repos-setup/github-actions/build-crate-package/action.yml delete mode 100644 org-repos-setup/github-actions/generate-release-reports/README.md delete mode 100644 org-repos-setup/github-actions/generate-release-reports/action.yml delete mode 100644 org-repos-setup/github-actions/setup-nix-rust/README.md delete mode 100644 org-repos-setup/github-actions/setup-nix-rust/action.yml delete mode 100644 org-repos-setup/github-workflows/.github/workflows/rust-nix-ci.yml delete mode 100644 org-repos-setup/github-workflows/.github/workflows/rust-nix-release.yml delete mode 100644 org-repos-setup/github-workflows/README.md delete mode 100755 org-repos-setup/setup-script.sh diff --git a/org-repos-setup/.github/README.md b/org-repos-setup/.github/README.md deleted file mode 100644 index 9f04455..0000000 --- a/org-repos-setup/.github/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# Singularity Organization Defaults - -This repository provides default files and workflow templates for all repositories in the Singularity organization. - -## What's Included - -- **Workflow Templates**: Pre-configured GitHub Actions workflows that appear when creating new workflows -- **Security Policy**: Organization-wide security guidelines -- **Support Information**: How to get help with Singularity projects - -## Workflow Templates - -### Rust + Nix CI -Standard CI pipeline for Rust projects using Nix flake for reproducible builds. - -Features: -- Nix flake checks -- Zero warnings tolerance (Clippy pedantic + nursery) -- Multi-platform testing (Linux, macOS) -- 4-layer caching (GitHub + Magic Nix + FlakeHub + Cachix) - -### Rust + Nix Release -Automated release workflow for Rust crates. - -Features: -- Comprehensive quality reports (Clippy, security, SBOM, coverage) -- Crate package generation -- GitHub Release creation -- Platform binaries (Linux, macOS, Windows) - -## Using Templates - -1. Go to any repository in the organization -2. Click "Actions" → "New workflow" -3. Templates will appear under "By Singularity-ng" -4. Click "Set up this workflow" - -## Customizing for Your Repo - -Templates are starting points. You can customize them for your specific needs: -- Add/remove build steps -- Adjust caching strategy -- Enable/disable specific checks - -## Questions? - -See SUPPORT.md for how to get help. diff --git a/org-repos-setup/.github/SECURITY.md b/org-repos-setup/.github/SECURITY.md deleted file mode 100644 index 14fa404..0000000 --- a/org-repos-setup/.github/SECURITY.md +++ /dev/null @@ -1,68 +0,0 @@ -# Security Policy - -## Supported Versions - -We provide security updates for the following versions: - -| Version | Supported | -| ------- | ------------------ | -| Latest | :white_check_mark: | -| < Latest| :x: | - -We recommend always using the latest version of our software. - -## Reporting a Vulnerability - -**Please do not report security vulnerabilities through public GitHub issues.** - -Instead, please report them via email to: **security@singularity.example.com** - -You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message. - -Please include the following information: - -- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.) -- Full paths of source file(s) related to the manifestation of the issue -- The location of the affected source code (tag/branch/commit or direct URL) -- Any special configuration required to reproduce the issue -- Step-by-step instructions to reproduce the issue -- Proof-of-concept or exploit code (if possible) -- Impact of the issue, including how an attacker might exploit it - -## Security Update Process - -1. **Receipt**: We acknowledge receipt of your vulnerability report -2. **Assessment**: We assess the vulnerability and determine severity -3. **Fix**: We develop and test a fix -4. **Disclosure**: We coordinate disclosure with you -5. **Release**: We release the security update -6. **Credit**: We credit you in the security advisory (unless you prefer to remain anonymous) - -## Security Features in Our Projects - -All Singularity projects include: - -- **Automated security audits** - `cargo audit` runs on every release -- **Dependency checking** - `cargo deny` validates all dependencies -- **SBOM generation** - Complete dependency transparency -- **Zero warnings tolerance** - Strict linting catches potential issues -- **Regular updates** - Renovate keeps dependencies current - -## Security Best Practices - -When using Singularity software: - -1. **Keep updated** - Always use the latest version -2. **Review dependencies** - Check the SBOM in releases -3. **Enable security features** - Use all available security options -4. **Follow principle of least privilege** - Run with minimal permissions -5. **Monitor security advisories** - Watch the repository for updates - -## Contact - -- **Security issues**: security@singularity.example.com -- **General questions**: See SUPPORT.md - ---- - -**Thank you for helping keep Singularity and our users safe!** diff --git a/org-repos-setup/.github/SUPPORT.md b/org-repos-setup/.github/SUPPORT.md deleted file mode 100644 index dd0b759..0000000 --- a/org-repos-setup/.github/SUPPORT.md +++ /dev/null @@ -1,95 +0,0 @@ -# Support - -Thank you for using Singularity software! This document explains how to get help. - -## 📚 Documentation - -Before asking for help, please check: - -- **README.md** in the project repository -- **API Documentation** (rustdoc) - Run `cargo doc --open` or check docs.rs -- **AGENTS.md** - AI/LLM-optimized documentation (in releases) -- **GitHub Releases** - Release notes and quality reports - -## 🐛 Bug Reports - -If you've found a bug: - -1. **Check existing issues** - Someone may have already reported it -2. **Create a new issue** using the bug report template -3. **Include**: - - Description of the bug - - Steps to reproduce - - Expected vs. actual behavior - - Environment (OS, Rust version, etc.) - - Minimal reproducible example - -## 💡 Feature Requests - -Have an idea for improvement? - -1. **Check existing issues** - It may already be planned -2. **Create a new issue** using the feature request template -3. **Describe**: - - The problem you're trying to solve - - Your proposed solution - - Alternative solutions you've considered - - Why this would be useful to others - -## ❓ Questions - -### For Licensed Users - -**Priority Support**: Contact your account manager or email support@singularity.example.com - -### For General Questions - -- **GitHub Discussions** - For general questions and community help -- **GitHub Issues** - For specific bugs or feature requests - -## 🔒 Security Issues - -**Do not report security vulnerabilities in public issues.** - -See [SECURITY.md](SECURITY.md) for how to report security issues privately. - -## 💼 Commercial Support - -Interested in: -- Priority support -- Custom development -- Training -- Consulting - -Contact us at: **sales@singularity.example.com** - -## 🤝 Contributing - -Want to contribute? - -See **CONTRIBUTING.md** in each project repository for: -- Code of conduct -- Development setup -- Coding standards -- PR process - -## 📞 Contact Information - -- **General inquiries**: info@singularity.example.com -- **Support**: support@singularity.example.com -- **Security**: security@singularity.example.com -- **Sales**: sales@singularity.example.com - -## ⏰ Response Times - -| Type | Response Time | -|------|--------------| -| Security issues | 48 hours | -| Licensed user support | 1 business day | -| Bug reports | 1-2 weeks | -| Feature requests | 2-4 weeks | -| General questions | Best effort | - ---- - -We appreciate your patience and understanding. Our small team works hard to provide the best support possible! diff --git a/org-repos-setup/.github/workflow-templates/rust-nix-ci.properties.json b/org-repos-setup/.github/workflow-templates/rust-nix-ci.properties.json deleted file mode 100644 index 6755a88..0000000 --- a/org-repos-setup/.github/workflow-templates/rust-nix-ci.properties.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "Rust + Nix CI", - "description": "Standard CI pipeline for Rust projects using Nix flake with comprehensive checks and caching", - "iconName": "rust", - "categories": ["Rust", "Nix", "CI"], - "filePatterns": ["Cargo.toml$", "flake.nix$"] -} diff --git a/org-repos-setup/.github/workflow-templates/rust-nix-ci.yml b/org-repos-setup/.github/workflow-templates/rust-nix-ci.yml deleted file mode 100644 index dd135ef..0000000 --- a/org-repos-setup/.github/workflow-templates/rust-nix-ci.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: CI - -on: - push: - branches: [main, development] - pull_request: - branches: [main, development] - -# Cancel in-progress runs when a new workflow on the same PR is triggered -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - ci: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-ci.yml@v1 - with: - enable-coverage: true - rust-version: stable diff --git a/org-repos-setup/.github/workflow-templates/rust-nix-release.properties.json b/org-repos-setup/.github/workflow-templates/rust-nix-release.properties.json deleted file mode 100644 index b5e3bba..0000000 --- a/org-repos-setup/.github/workflow-templates/rust-nix-release.properties.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "Rust + Nix Release", - "description": "Automated release workflow with quality reports, crate packaging, and GitHub Release creation", - "iconName": "rocket", - "categories": ["Rust", "Nix", "Release", "Deployment"], - "filePatterns": ["Cargo.toml$", "flake.nix$"] -} diff --git a/org-repos-setup/.github/workflow-templates/rust-nix-release.yml b/org-repos-setup/.github/workflow-templates/rust-nix-release.yml deleted file mode 100644 index bb4abad..0000000 --- a/org-repos-setup/.github/workflow-templates/rust-nix-release.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Release - -on: - push: - tags: - - 'v[0-9]+.*' - workflow_dispatch: - inputs: - version: - description: 'Version to release (e.g., 0.2.0)' - required: true - type: string - -permissions: - contents: write - security-events: write - -jobs: - release: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-release.yml@v1 - with: - enable-crate-publish: false # Set to true for public crates - enable-platform-binaries: true - enable-release-reports: true diff --git a/org-repos-setup/QUICK_START.md b/org-repos-setup/QUICK_START.md deleted file mode 100644 index 5df518f..0000000 --- a/org-repos-setup/QUICK_START.md +++ /dev/null @@ -1,199 +0,0 @@ -# Quick Start - Organization GitHub Actions - -Get your organization GitHub Actions set up in 5 minutes. - -## Prerequisites - -- [ ] GitHub CLI (`gh`) installed - [Download](https://cli.github.com/) -- [ ] Authenticated with GitHub - Run `gh auth login` -- [ ] Organization admin access to `Singularity-ng` - -## Step 1: Run Setup Script (2 minutes) - -```bash -cd org-repos-setup -./setup-script.sh -``` - -This will: -1. Create 3 repositories (`.github`, `github-workflows`, `github-actions`) -2. Push all files to each repository -3. Create `v1.0.0` tags for versioning - -## Step 2: Update This Project (3 minutes) - -Replace the current CI and release workflows with reusable ones: - -### Replace `.github/workflows/ci.yml` - -```yaml -name: CI - -on: - push: - branches: [main, development] - pull_request: - branches: [main, development] - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - ci: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-ci.yml@v1 - with: - enable-coverage: true - rust-version: stable -``` - -### Replace `.github/workflows/release.yml` - -```yaml -name: Release - -on: - push: - tags: ['v[0-9]+.*'] - workflow_dispatch: - inputs: - version: - description: 'Version to release (e.g., 0.2.0)' - required: true - type: string - -permissions: - contents: write - security-events: write - -jobs: - release: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-release.yml@v1 - with: - enable-crate-publish: false - enable-platform-binaries: true - enable-release-reports: true -``` - -## Step 3: Test (1 minute) - -```bash -# Trigger CI -git add .github/workflows/ -git commit -m "Switch to reusable workflows" -git push - -# Watch it run -gh run watch -``` - -## What You Get - -### Before (Manual) -- ❌ 494 lines of workflow YAML -- ❌ Duplicate logic in every project -- ❌ Hard to maintain -- ❌ Inconsistent across projects - -### After (Reusable) -- ✅ ~30 lines of workflow YAML -- ✅ Single source of truth -- ✅ Easy to maintain -- ✅ Consistent across all projects - -### Reduction -- **94% less workflow code** (494 lines → 30 lines) -- **3 organization repos** to maintain instead of N projects -- **Versioned workflows** - control when updates apply - -## Repository Structure - -``` -Singularity-ng/ -├── .github/ # Templates visible in GitHub UI -├── github-workflows/ # Reusable workflows (private) -└── github-actions/ # Composite actions (private) -``` - -## Using in Other Projects - -Once set up, any new Rust + Nix project can use: - -```yaml -# .github/workflows/ci.yml -jobs: - ci: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-ci.yml@v1 - -# .github/workflows/release.yml -jobs: - release: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-release.yml@v1 -``` - -That's it! No need to copy 500 lines of YAML. - -## Creating New Workflows in GitHub UI - -1. Go to any repo → Actions → New workflow -2. Look for "By Singularity-ng" section -3. Click "Set up this workflow" on a template -4. Customize if needed -5. Commit - -The templates from `.github/workflow-templates/` will appear automatically. - -## Updating Workflows - -When you need to update the CI/release logic: - -1. **Update in one place**: `github-workflows` repository -2. **Test**: Use `@main` in a test project -3. **Tag**: Create new version tag (e.g., `v1.1.0`) -4. **Roll out**: Update projects to use `@v1.1.0` (or they auto-update if using `@v1`) - -## Troubleshooting - -### Script fails with permission error -```bash -# Make sure you're org admin -gh api orgs/Singularity-ng/memberships/$USER -``` - -### Workflows not appearing in UI -- Check `.github` repository is created -- Check it has `workflow-templates/` directory -- Wait a few minutes for GitHub to sync - -### Reusable workflow not found -- Check repository visibility (must be accessible to calling repo) -- Check path is correct: `org/repo/.github/workflows/file.yml@ref` -- Check tag exists: `gh release list -R Singularity-ng/github-workflows` - -## Next Steps - -- [ ] Test CI in this project -- [ ] Test release in this project -- [ ] Roll out to next project -- [ ] Document any custom needs - -## Documentation - -- **Full setup guide**: `ORG_GITHUB_ACTIONS_SETUP.md` -- **Reusable workflows**: `github-workflows/README.md` -- **Composite actions**: `github-actions/README.md` - -## Questions? - -See the organization's `SUPPORT.md` in the `.github` repository. - ---- - -**Total setup time: ~5 minutes** - -**Time saved per project: ~2 hours of workflow development** - -**ROI: 24x after 3rd project** diff --git a/org-repos-setup/README.md b/org-repos-setup/README.md deleted file mode 100644 index 0e8f846..0000000 --- a/org-repos-setup/README.md +++ /dev/null @@ -1,267 +0,0 @@ -# Organization GitHub Actions Setup - -This directory contains everything needed to set up centralized GitHub Actions for the Singularity organization. - -## 📁 Contents - -``` -org-repos-setup/ -├── .github/ # Files for Singularity-ng/.github repo -│ ├── workflow-templates/ # Templates visible in GitHub UI -│ │ ├── rust-nix-ci.yml -│ │ ├── rust-nix-ci.properties.json -│ │ ├── rust-nix-release.yml -│ │ └── rust-nix-release.properties.json -│ ├── SECURITY.md # Org-wide security policy -│ ├── SUPPORT.md # Org-wide support info -│ └── README.md -│ -├── github-workflows/ # Files for Singularity-ng/github-workflows repo -│ ├── .github/workflows/ -│ │ ├── rust-nix-ci.yml # Reusable CI workflow -│ │ └── rust-nix-release.yml # Reusable release workflow -│ └── README.md -│ -├── github-actions/ # Files for Singularity-ng/github-actions repo -│ ├── setup-nix-rust/ # Composite action: Setup environment -│ │ ├── action.yml -│ │ └── README.md -│ ├── generate-release-reports/ # Composite action: Generate reports -│ │ ├── action.yml -│ │ └── README.md -│ ├── build-crate-package/ # Composite action: Build .crate -│ │ ├── action.yml -│ │ └── README.md -│ └── README.md -│ -├── setup-script.sh # Automated setup script -├── QUICK_START.md # 5-minute quick start guide -└── README.md # This file -``` - -## 🚀 Quick Start - -**New to this? Start here:** - -1. **Read**: `QUICK_START.md` (5-minute guide) -2. **Run**: `./setup-script.sh` -3. **Test**: Update this project's workflows -4. **Roll out**: Use in other projects - -**Want details? Read**: `../ORG_GITHUB_ACTIONS_SETUP.md` (comprehensive guide) - -## 📋 What This Sets Up - -### 3 Organization Repositories - -1. **`.github`** (public) - - Organization defaults - - Workflow templates visible in GitHub UI - - Security and support policies - -2. **`github-workflows`** (private) - - Reusable workflows for CI and releases - - Called from other repos via `uses:` - - Versioned with tags - -3. **`github-actions`** (private) - - Composite actions for common tasks - - Setup steps, report generation, packaging - - Versioned with tags - -## 🎯 Benefits - -### Before -```yaml -# Every project has 500 lines of workflow YAML -# Duplicated across 10 projects = 5000 lines -# Update CI? Change 10 files -``` - -### After -```yaml -# Every project has 30 lines of workflow YAML -# Shared logic = 1000 lines in org repos -# Update CI? Change 1 file, tag, done -``` - -**Result:** -- 94% less workflow code in projects -- 80% faster to add CI to new projects -- 100% consistency across organization -- Version control over workflow updates - -## 📚 Documentation - -| File | Purpose | -|------|---------| -| `QUICK_START.md` | Get started in 5 minutes | -| `../ORG_GITHUB_ACTIONS_SETUP.md` | Complete setup guide | -| `.github/README.md` | Using workflow templates | -| `github-workflows/README.md` | Using reusable workflows | -| `github-actions/README.md` | Using composite actions | - -## 🛠️ Setup Options - -### Option 1: Automated (Recommended) -```bash -./setup-script.sh -``` -Interactive script that creates all repos and pushes files. - -### Option 2: Manual - -1. Create repositories on GitHub: - ```bash - gh repo create Singularity-ng/.github --public - gh repo create Singularity-ng/github-workflows --private - gh repo create Singularity-ng/github-actions --private - ``` - -2. Push files to each repo: - ```bash - # For .github - cd .github && git init && git add . && git commit -m "Initial setup" - git remote add origin git@github.com:Singularity-ng/.github.git - git push -u origin main - - # Repeat for github-workflows and github-actions - ``` - -3. Tag versions: - ```bash - cd github-workflows && git tag v1.0.0 && git push --tags - cd ../github-actions && git tag v1.0.0 && git push --tags - ``` - -## 🔄 Migration Path - -### Phase 1: Setup (Week 1) -- [ ] Run `./setup-script.sh` -- [ ] Verify repos created on GitHub -- [ ] Review files in each repo - -### Phase 2: Test (Week 2) -- [ ] Update `singularity-language-registry` workflows -- [ ] Test CI pipeline -- [ ] Test release workflow -- [ ] Fix any issues - -### Phase 3: Rollout (Ongoing) -- [ ] Update next project -- [ ] Document any customizations needed -- [ ] Repeat for all projects - -## 📊 Project Compatibility - -These workflows work best with projects that have: -- ✅ `Cargo.toml` (Rust project) -- ✅ `flake.nix` (Nix development environment) -- ✅ `justfile` (optional, for custom commands) -- ✅ Semantic versioning in git tags - -For projects without these, you'll need to customize the workflows. - -## 🔧 Customization - -### Using Custom Report Generation - -If your project has a `justfile` with `release-reports` command: - -```justfile -release-reports version: - # Your custom logic - echo "Generating reports for $version" -``` - -The `generate-release-reports` action will use it automatically. - -### Adding More Workflows - -To add a new reusable workflow: - -1. Create in `github-workflows/.github/workflows/` -2. Update `github-workflows/README.md` -3. Test in a project using `@main` -4. Tag new version -5. Create template in `.github/workflow-templates/` (optional) - -### Adding More Actions - -To add a new composite action: - -1. Create directory in `github-actions/` -2. Add `action.yml` and `README.md` -3. Test in a project using `@main` -4. Tag new version - -## 📦 What Gets Created - -### In `.github` Repository -- Workflow templates (visible in GitHub UI) -- Organization security policy -- Organization support info - -### In `github-workflows` Repository -- `rust-nix-ci.yml` - Comprehensive CI pipeline -- `rust-nix-release.yml` - Full release automation - -### In `github-actions` Repository -- `setup-nix-rust` - Environment setup -- `generate-release-reports` - Quality reports -- `build-crate-package` - Crate packaging - -## 🔒 Security - -### Repository Visibility - -- **`.github`** - Public (templates need to be accessible) -- **`github-workflows`** - Private (can be public if desired) -- **`github-actions`** - Private (can be public if desired) - -For private workflows/actions, calling repos need access via: -- Same organization -- GitHub App -- Personal Access Token - -## 🆘 Troubleshooting - -### Setup script fails -```bash -# Check you have gh CLI -which gh - -# Check you're authenticated -gh auth status - -# Check you have org admin rights -gh api orgs/Singularity-ng/memberships/$USER -``` - -### Workflows not found -```bash -# Check repositories exist -gh repo list Singularity-ng - -# Check tags exist -gh release list -R Singularity-ng/github-workflows -``` - -### Templates not showing -- Wait a few minutes after creating `.github` repo -- Check files are in `workflow-templates/` directory -- Check `.properties.json` files are valid JSON - -## 📞 Support - -- **Setup issues**: See `QUICK_START.md` and this file -- **Usage questions**: See individual README files in each repo -- **Organization questions**: See `.github/SUPPORT.md` after setup - -## 📝 License - -Same as parent repository (Proprietary). - ---- - -**Ready to get started? See `QUICK_START.md`** diff --git a/org-repos-setup/github-actions/README.md b/org-repos-setup/github-actions/README.md deleted file mode 100644 index 11fcbe3..0000000 --- a/org-repos-setup/github-actions/README.md +++ /dev/null @@ -1,106 +0,0 @@ -# Singularity Composite GitHub Actions - -This repository contains reusable composite actions for Singularity projects. - -## Available Actions - -### `setup-nix-rust` -Sets up Nix development environment with all caching layers for Rust projects. - -**Features:** -- Installs Nix with flakes enabled -- Configures Magic Nix Cache -- Optionally configures FlakeHub Cache -- Optionally configures Cachix -- Sets up Rust toolchain from flake - -**Usage:** -```yaml -- uses: Singularity-ng/github-actions/setup-nix-rust@v1 - with: - cachix-name: singularity # optional - enable-flakehub: true # optional -``` - -### `generate-release-reports` -Generates comprehensive quality reports for releases. - -**Features:** -- Clippy report (zero warnings validation) -- Security audit (cargo-audit + cargo-deny) -- SBOM generation -- Test coverage report -- Build information -- Dependency status report -- Changelog extraction -- Release summary - -**Usage:** -```yaml -- uses: Singularity-ng/github-actions/generate-release-reports@v1 - with: - version: "1.0.0" -``` - -### `build-crate-package` -Builds a .crate package with installation instructions. - -**Features:** -- Builds .crate file -- Lists package contents -- Generates installation guide - -**Usage:** -```yaml -- uses: Singularity-ng/github-actions/build-crate-package@v1 - with: - version: "1.0.0" -``` - -## Versioning - -We use semantic versioning with Git tags: - -- **`@main`** - Latest development version (may be unstable) -- **`@v1`** - Latest stable v1.x.x release -- **`@v1.2.3`** - Specific version - -**Recommendation**: Use `@v1` in production to get bug fixes while avoiding breaking changes. - -## Inputs - -See each action's `action.yml` for detailed input documentation. - -## Examples - -### Full Release Workflow -```yaml -steps: - - uses: actions/checkout@v4 - - - uses: Singularity-ng/github-actions/setup-nix-rust@v1 - with: - cachix-name: singularity - - - uses: Singularity-ng/github-actions/generate-release-reports@v1 - with: - version: ${{ needs.validate.outputs.version }} - - - uses: Singularity-ng/github-actions/build-crate-package@v1 - with: - version: ${{ needs.validate.outputs.version }} -``` - -## Contributing - -To update these actions: - -1. Make changes in a branch -2. Test in a project using `@branch-name` -3. Open PR -4. After merge, tag a new version -5. Update projects to use new version - -## Questions? - -See the organization's SUPPORT.md for help. diff --git a/org-repos-setup/github-actions/build-crate-package/README.md b/org-repos-setup/github-actions/build-crate-package/README.md deleted file mode 100644 index 2173aba..0000000 --- a/org-repos-setup/github-actions/build-crate-package/README.md +++ /dev/null @@ -1,164 +0,0 @@ -# Build Crate Package Action - -Composite action that builds a Rust `.crate` package with installation instructions and contents listing. - -## Features - -- ✅ Builds `.crate` file using `cargo package` -- ✅ Lists all files included in package -- ✅ Generates installation guide with 3 methods -- ✅ Shows package size -- ✅ Supports dirty builds (uncommitted changes) - -## Usage - -### Basic -```yaml -- uses: Singularity-ng/github-actions/build-crate-package@v1 - with: - version: "1.0.0" -``` - -### Strict (no dirty builds) -```yaml -- uses: Singularity-ng/github-actions/build-crate-package@v1 - with: - version: "1.0.0" - allow-dirty: false -``` - -## Inputs - -| Input | Description | Required | Default | -|-------|-------------|----------|---------| -| `version` | Crate version number (e.g., 1.0.0) | Yes | - | -| `allow-dirty` | Allow building with uncommitted changes | No | `true` | - -## Outputs - -The action creates: - -``` -crate-package/ -├── {crate-name}-{version}.crate # The package -├── INSTALL.md # Installation instructions -└── PACKAGE_CONTENTS.txt # File listing -``` - -### INSTALL.md Contents - -The generated installation guide includes: -1. **Git tag method** (recommended) - Add to Cargo.toml with git URL -2. **Local install method** - Install from downloaded .crate file -3. **Path dependency method** - Extract and use as local dependency - -### PACKAGE_CONTENTS.txt Contents - -Shows: -- Package name and version -- Build date -- Complete file listing -- Package size - -## Example Workflow - -```yaml -name: Release - -on: - push: - tags: ['v*'] - -jobs: - build-package: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Get version from tag - id: version - run: echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - - - uses: Singularity-ng/github-actions/build-crate-package@v1 - with: - version: ${{ steps.version.outputs.version }} - - - uses: actions/upload-artifact@v4 - with: - name: crate-package - path: crate-package/ - - - name: Upload to release - uses: softprops/action-gh-release@v2 - with: - files: crate-package/* -``` - -## Requirements - -- Repository must have `Cargo.toml` -- Version in `Cargo.toml` must match the `version` input -- Rust toolchain will be installed if not present - -## What Gets Included in Package - -The package includes files based on your `Cargo.toml` configuration: - -- ✅ **Included by default**: `src/`, `Cargo.toml`, `LICENSE`, `README.md` -- ❌ **Excluded by default**: `target/`, `.git/`, CI configs -- ⚙️ **Customizable**: Use `exclude` in `Cargo.toml` to control - -Example: -```toml -[package] -exclude = [ - ".github/", - "flake.nix", - "justfile", - "*.md", # Exclude all markdown except README.md -] -``` - -## Verification - -After the action runs, you can verify the package: - -```yaml -- name: Verify package contents - run: | - tar -tzf crate-package/*.crate - cat crate-package/PACKAGE_CONTENTS.txt -``` - -## Troubleshooting - -### Version mismatch error -``` -error: `` does not match pattern `\d+\.\d+\.\d+` -``` -**Solution**: Ensure version input matches semantic versioning (e.g., `1.0.0`, not `v1.0.0`) - -### Dirty working directory error -``` -error: 1 uncommitted file -``` -**Solutions**: -- Commit all changes before running -- Or set `allow-dirty: true` (default) - -### Package too large -``` -error: package is too large -``` -**Solution**: Add more files to `exclude` in `Cargo.toml` - -## Best Practices - -1. **Always specify version explicitly** - Don't rely on default -2. **Use `allow-dirty: false` for releases** - Ensures clean state -3. **Review PACKAGE_CONTENTS.txt** - Verify what gets included -4. **Test installation locally** - Before releasing - -## License - -Same as parent repository. diff --git a/org-repos-setup/github-actions/build-crate-package/action.yml b/org-repos-setup/github-actions/build-crate-package/action.yml deleted file mode 100644 index 0c00cda..0000000 --- a/org-repos-setup/github-actions/build-crate-package/action.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: 'Build Crate Package' -description: 'Builds a Rust .crate package with installation instructions' -branding: - icon: 'package' - color: 'purple' - -inputs: - version: - description: 'Crate version number (e.g., 1.0.0)' - required: true - allow-dirty: - description: 'Allow building with uncommitted changes' - required: false - default: 'true' - -runs: - using: "composite" - steps: - - name: Install stable Rust - uses: dtolnay/rust-toolchain@stable - - - name: Get crate name - id: crate-name - shell: bash - run: | - CRATE_NAME=$(grep '^name = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') - echo "name=$CRATE_NAME" >> $GITHUB_OUTPUT - echo "Crate name: $CRATE_NAME" - - - name: Build crate package - shell: bash - run: | - mkdir -p crate-package - if [ "${{ inputs.allow-dirty }}" = "true" ]; then - cargo package --all-features --allow-dirty - else - cargo package --all-features - fi - cp target/package/${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate crate-package/ - - - name: List package contents - shell: bash - run: | - echo "# Crate Package Contents" > crate-package/PACKAGE_CONTENTS.txt - echo "" >> crate-package/PACKAGE_CONTENTS.txt - echo "**Package:** ${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate" >> crate-package/PACKAGE_CONTENTS.txt - echo "**Date:** $(date -u +"%Y-%m-%d %H:%M:%S UTC")" >> crate-package/PACKAGE_CONTENTS.txt - echo "" >> crate-package/PACKAGE_CONTENTS.txt - echo "## Files Included" >> crate-package/PACKAGE_CONTENTS.txt - echo "" >> crate-package/PACKAGE_CONTENTS.txt - echo "\`\`\`" >> crate-package/PACKAGE_CONTENTS.txt - tar -tzf target/package/${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate >> crate-package/PACKAGE_CONTENTS.txt - echo "\`\`\`" >> crate-package/PACKAGE_CONTENTS.txt - echo "" >> crate-package/PACKAGE_CONTENTS.txt - echo "## Package Size" >> crate-package/PACKAGE_CONTENTS.txt - echo "" >> crate-package/PACKAGE_CONTENTS.txt - ls -lh target/package/${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate | awk '{print "Size: " $5}' >> crate-package/PACKAGE_CONTENTS.txt - - - name: Create installation instructions - shell: bash - run: | - cat > crate-package/INSTALL.md << 'INSTALL_EOF' - # Installing ${{ steps.crate-name.outputs.name }} - - Version: **${{ inputs.version }}** - - ## Option 1: Add to Cargo.toml (Recommended) - - ```toml - [dependencies] - ${{ steps.crate-name.outputs.name }} = { git = "${{ github.server_url }}/${{ github.repository }}", tag = "v${{ inputs.version }}" } - ``` - - ## Option 2: Install from .crate file - - Download the `.crate` file from this release, then: - - ```bash - cargo install --path ${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate - ``` - - ## Option 3: Use as local dependency - - 1. Download and extract the .crate file: - - ```bash - tar -xzf ${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate - ``` - - 2. Add to your Cargo.toml: - - ```toml - [dependencies] - ${{ steps.crate-name.outputs.name }} = { path = "./${{ steps.crate-name.outputs.name }}-${{ inputs.version }}" } - ``` - - ## Verification - - After installation, verify the package contents: - - ```bash - tar -tzf ${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate - ``` - - See `PACKAGE_CONTENTS.txt` for the complete file list. - - ## License - - See LICENSE file in the package or repository. - INSTALL_EOF - - - name: Summary - shell: bash - run: | - echo "### Crate Package Built 📦" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Crate:** ${{ steps.crate-name.outputs.name }}" >> $GITHUB_STEP_SUMMARY - echo "**Version:** ${{ inputs.version }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Files created:" >> $GITHUB_STEP_SUMMARY - echo "- \`${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate\`" >> $GITHUB_STEP_SUMMARY - echo "- \`INSTALL.md\`" >> $GITHUB_STEP_SUMMARY - echo "- \`PACKAGE_CONTENTS.txt\`" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Package size:" >> $GITHUB_STEP_SUMMARY - ls -lh target/package/${{ steps.crate-name.outputs.name }}-${{ inputs.version }}.crate | awk '{print "**" $5 "**"}' >> $GITHUB_STEP_SUMMARY diff --git a/org-repos-setup/github-actions/generate-release-reports/README.md b/org-repos-setup/github-actions/generate-release-reports/README.md deleted file mode 100644 index 7cae3b6..0000000 --- a/org-repos-setup/github-actions/generate-release-reports/README.md +++ /dev/null @@ -1,167 +0,0 @@ -# Generate Release Reports Action - -Composite action that generates comprehensive quality reports for Rust project releases. - -## Features - -- ✅ Clippy report (zero warnings validation) -- ✅ Security audit (cargo-audit + cargo-deny) -- ✅ SBOM (Software Bill of Materials) -- ✅ Test coverage report -- ✅ Build information -- ✅ Dependency status -- ✅ Changelog extraction -- ✅ AI/LLM documentation (if available) -- ✅ Creates both tar.gz and zip archives -- ✅ Organizes reports in subdirectories - -## Usage - -### Basic -```yaml -- uses: Singularity-ng/github-actions/generate-release-reports@v1 - with: - version: "1.0.0" -``` - -### With Nix Already Set Up -```yaml -- uses: Singularity-ng/github-actions/setup-nix-rust@v1 - -- uses: Singularity-ng/github-actions/generate-release-reports@v1 - with: - version: ${{ needs.validate.outputs.version }} -``` - -## Inputs - -| Input | Description | Required | Default | -|-------|-------------|----------|---------| -| `version` | Release version number (e.g., 1.0.0) | Yes | - | - -## Outputs - -The action creates: - -``` -release-artifacts/ -├── CHANGELOG.md (if exists) -├── RELEASE_SUMMARY.md (if generated) -├── ai-docs/ -│ └── AGENTS.md (if AGENTS.md.release exists) -└── reports/ - ├── clippy-report.md - ├── security-audit.md - ├── sbom.md - ├── coverage-report.md - ├── build-info.md (if generated) - └── dependency-report.md (if generated) - -release-reports-v{version}.tar.gz -release-reports-v{version}.zip -``` - -## How It Works - -1. **Checks for justfile**: If your project has a `justfile` with a `release-reports` command, it uses that -2. **Falls back to manual generation**: Otherwise, generates reports directly - -This allows projects to customize report generation while providing sensible defaults. - -## Using with justfile - -If your project has a `justfile` with: - -```justfile -release-reports version="dev": - # Custom report generation logic -``` - -The action will use that instead of generating reports manually. This gives you full control over: -- Report format -- Additional reports -- Custom tooling - -## Requirements - -- Repository must have `Cargo.toml` -- Nix flake with Rust development environment -- Optional: `justfile` with `release-reports` command -- Optional: `AGENTS.md.release` for AI documentation -- Optional: `CHANGELOG.md` for changelog - -## Example Workflow - -```yaml -name: Release - -on: - push: - tags: ['v*'] - -jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Get version - id: version - run: echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - - - uses: Singularity-ng/github-actions/generate-release-reports@v1 - with: - version: ${{ steps.version.outputs.version }} - - - uses: actions/upload-artifact@v4 - with: - name: release-reports - path: | - release-artifacts/ - release-reports-*.tar.gz - release-reports-*.zip -``` - -## Customization - -### Custom Clippy Configuration -The action respects your project's clippy settings. To customize: - -```toml -# .cargo/config.toml or Cargo.toml -[lints.clippy] -pedantic = "warn" -nursery = "warn" -``` - -### Custom Coverage Tool -If `cargo-tarpaulin` is not available in your Nix environment, coverage will be skipped gracefully. - -### Additional Reports -Use a `justfile` to add custom reports: - -```justfile -release-reports version: - # Standard reports - cargo clippy > clippy.md - # Your custom reports - my-custom-tool > custom-report.md -``` - -## Troubleshooting - -### "No such file or directory" errors -- Ensure Nix is installed (action handles this automatically) -- Check that `Cargo.toml` exists in repository root - -### Coverage fails -- Verify `cargo-tarpaulin` is in your Nix devShell -- Or accept that coverage will be marked as "not available" - -### Reports missing -- Check GitHub Actions logs for errors -- Verify all required tools are in Nix environment - -## License - -Same as parent repository. diff --git a/org-repos-setup/github-actions/generate-release-reports/action.yml b/org-repos-setup/github-actions/generate-release-reports/action.yml deleted file mode 100644 index 65db528..0000000 --- a/org-repos-setup/github-actions/generate-release-reports/action.yml +++ /dev/null @@ -1,115 +0,0 @@ -name: 'Generate Release Reports' -description: 'Generates comprehensive quality reports for Rust project releases' -branding: - icon: 'file-text' - color: 'blue' - -inputs: - version: - description: 'Release version number (e.g., 1.0.0)' - required: true - -runs: - using: "composite" - steps: - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v12 - with: - extra-conf: | - experimental-features = nix-command flakes - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - - name: Check for justfile - id: check-just - shell: bash - run: | - if [ -f "justfile" ] && grep -q "release-reports" justfile; then - echo "has-just=true" >> $GITHUB_OUTPUT - else - echo "has-just=false" >> $GITHUB_OUTPUT - fi - - - name: Generate reports via justfile - if: steps.check-just.outputs.has-just == 'true' - shell: bash - run: | - nix develop --command just release-reports ${{ inputs.version }} - - - name: Generate reports manually - if: steps.check-just.outputs.has-just == 'false' - shell: bash - run: | - mkdir -p release-artifacts/reports - mkdir -p release-artifacts/ai-docs - - # Clippy report - echo "# Clippy Report - Zero Warnings Tolerance" > release-artifacts/reports/clippy-report.md - echo "" >> release-artifacts/reports/clippy-report.md - echo "**Version:** ${{ inputs.version }}" >> release-artifacts/reports/clippy-report.md - echo "**Date:** $(date -u +"%Y-%m-%d %H:%M:%S UTC")" >> release-artifacts/reports/clippy-report.md - echo "" >> release-artifacts/reports/clippy-report.md - echo "\`\`\`" >> release-artifacts/reports/clippy-report.md - nix develop --command cargo clippy --all-targets --all-features -- -D warnings -W clippy::pedantic -W clippy::nursery 2>&1 | tee -a release-artifacts/reports/clippy-report.md || true - echo "\`\`\`" >> release-artifacts/reports/clippy-report.md - - # Security audit - echo "# Security Audit Report" > release-artifacts/reports/security-audit.md - echo "" >> release-artifacts/reports/security-audit.md - echo "**Version:** ${{ inputs.version }}" >> release-artifacts/reports/security-audit.md - echo "" >> release-artifacts/reports/security-audit.md - nix develop --command cargo audit 2>&1 >> release-artifacts/reports/security-audit.md || echo "No vulnerabilities found" >> release-artifacts/reports/security-audit.md - - # SBOM - echo "# Software Bill of Materials" > release-artifacts/reports/sbom.md - echo "" >> release-artifacts/reports/sbom.md - echo "**Version:** ${{ inputs.version }}" >> release-artifacts/reports/sbom.md - echo "" >> release-artifacts/reports/sbom.md - echo "\`\`\`" >> release-artifacts/reports/sbom.md - nix develop --command cargo tree --all-features >> release-artifacts/reports/sbom.md - echo "\`\`\`" >> release-artifacts/reports/sbom.md - - # Coverage (if tarpaulin available) - echo "# Test Coverage Report" > release-artifacts/reports/coverage-report.md - echo "" >> release-artifacts/reports/coverage-report.md - echo "**Version:** ${{ inputs.version }}" >> release-artifacts/reports/coverage-report.md - echo "" >> release-artifacts/reports/coverage-report.md - nix develop --command cargo tarpaulin --all-features --out Stdout 2>&1 >> release-artifacts/reports/coverage-report.md || echo "Coverage tool not available" >> release-artifacts/reports/coverage-report.md - - # Copy AGENTS.md if exists - if [ -f "AGENTS.md.release" ]; then - cp AGENTS.md.release release-artifacts/ai-docs/AGENTS.md - fi - - # Copy CHANGELOG.md if exists - if [ -f "CHANGELOG.md" ]; then - cp CHANGELOG.md release-artifacts/ - fi - - - name: Create archives - shell: bash - run: | - cd release-artifacts - tar czf ../release-reports-v${{ inputs.version }}.tar.gz . - cd .. - zip -r release-reports-v${{ inputs.version }}.zip release-artifacts/ - - - name: Summary - shell: bash - run: | - echo "### Release Reports Generated 📊" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Version: **${{ inputs.version }}**" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Reports created:" >> $GITHUB_STEP_SUMMARY - echo "- Clippy report (zero warnings validation)" >> $GITHUB_STEP_SUMMARY - echo "- Security audit" >> $GITHUB_STEP_SUMMARY - echo "- SBOM (dependency tree)" >> $GITHUB_STEP_SUMMARY - echo "- Coverage report" >> $GITHUB_STEP_SUMMARY - if [ -f "release-artifacts/ai-docs/AGENTS.md" ]; then - echo "- AI/LLM documentation" >> $GITHUB_STEP_SUMMARY - fi - if [ -f "release-artifacts/CHANGELOG.md" ]; then - echo "- Changelog" >> $GITHUB_STEP_SUMMARY - fi diff --git a/org-repos-setup/github-actions/setup-nix-rust/README.md b/org-repos-setup/github-actions/setup-nix-rust/README.md deleted file mode 100644 index dd3490c..0000000 --- a/org-repos-setup/github-actions/setup-nix-rust/README.md +++ /dev/null @@ -1,106 +0,0 @@ -# Setup Nix + Rust Action - -Composite action that sets up a complete Nix development environment with multi-layer caching for Rust projects. - -## Features - -- ✅ Installs Nix with flakes enabled -- ✅ 4-layer caching strategy: - 1. GitHub Actions Cache - 2. Magic Nix Cache (Determinate Systems) - 3. FlakeHub Cache (Linux only) - 4. Cachix (optional) -- ✅ Automatically reads Rust toolchain from flake.nix -- ✅ Works on Linux, macOS, and Windows - -## Usage - -### Basic (no Cachix) -```yaml -- uses: Singularity-ng/github-actions/setup-nix-rust@v1 -``` - -### With Cachix -```yaml -- uses: Singularity-ng/github-actions/setup-nix-rust@v1 - with: - cachix-name: singularity - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} -``` - -### Minimal (only Magic Nix Cache) -```yaml -- uses: Singularity-ng/github-actions/setup-nix-rust@v1 - with: - enable-github-cache: false - enable-flakehub: false -``` - -## Inputs - -| Input | Description | Required | Default | -|-------|-------------|----------|---------| -| `cachix-name` | Cachix cache name | No | `''` | -| `cachix-auth-token` | Cachix auth token (use secrets) | No | `''` | -| `enable-flakehub` | Enable FlakeHub cache (Linux only) | No | `true` | -| `enable-github-cache` | Enable GitHub Actions cache | No | `true` | - -## Outputs - -None. The action sets up the environment for subsequent steps. - -## Example Workflow - -```yaml -name: CI - -on: [push, pull_request] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: Singularity-ng/github-actions/setup-nix-rust@v1 - with: - cachix-name: singularity - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Run tests - run: nix develop --command cargo test - - - name: Run clippy - run: nix develop --command cargo clippy -``` - -## Caching Strategy - -The action uses a 4-layer caching approach: - -1. **GitHub Actions Cache** - Fastest for same runner, 10GB limit per repo -2. **Magic Nix Cache** - Automatic, no configuration needed -3. **FlakeHub Cache** - Community cache (Linux only) -4. **Cachix** - Persistent cache across runs, unlimited storage - -Each layer falls back to the next if cache miss occurs. - -## Requirements - -- Repository must have a `flake.nix` file -- `flake.nix` must define a Rust development environment - -## Troubleshooting - -### Cache not working -- Check that `flake.lock` is committed -- Verify Cachix name and token are correct -- Review cache keys in GitHub Actions UI - -### Nix installation fails -- Ensure runner has sufficient disk space -- Check Nix installer logs for errors - -## License - -Same as parent repository. diff --git a/org-repos-setup/github-actions/setup-nix-rust/action.yml b/org-repos-setup/github-actions/setup-nix-rust/action.yml deleted file mode 100644 index cd0cd58..0000000 --- a/org-repos-setup/github-actions/setup-nix-rust/action.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: 'Setup Nix + Rust Environment' -description: 'Sets up Nix with comprehensive caching for Rust projects' -branding: - icon: 'package' - color: 'orange' - -inputs: - cachix-name: - description: 'Cachix cache name (optional)' - required: false - default: '' - cachix-auth-token: - description: 'Cachix auth token (optional, use secrets)' - required: false - default: '' - enable-flakehub: - description: 'Enable FlakeHub cache (Linux only)' - required: false - default: 'true' - enable-github-cache: - description: 'Enable GitHub Actions cache' - required: false - default: 'true' - -runs: - using: "composite" - steps: - - name: Cache Nix Store - if: inputs.enable-github-cache == 'true' - uses: actions/cache@v4 - with: - path: | - ~/.cache/nix - /nix/var/nix - key: nix-${{ runner.os }}-${{ hashFiles('flake.lock') }} - restore-keys: | - nix-${{ runner.os }}- - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v12 - with: - extra-conf: | - experimental-features = nix-command flakes - accept-flake-config = true - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - - name: Setup FlakeHub Cache - if: inputs.enable-flakehub == 'true' && runner.os == 'Linux' - uses: DeterminateSystems/flakehub-cache-action@v7 - - - name: Setup Cachix Cache - if: inputs.cachix-name != '' - uses: cachix/cachix-action@v15 - with: - name: ${{ inputs.cachix-name }} - authToken: ${{ inputs.cachix-auth-token }} - - - name: Show Nix info - shell: bash - run: | - echo "Nix version:" - nix --version - echo "" - echo "Flake info:" - nix flake show || true diff --git a/org-repos-setup/github-workflows/.github/workflows/rust-nix-ci.yml b/org-repos-setup/github-workflows/.github/workflows/rust-nix-ci.yml deleted file mode 100644 index 231be3c..0000000 --- a/org-repos-setup/github-workflows/.github/workflows/rust-nix-ci.yml +++ /dev/null @@ -1,138 +0,0 @@ -name: Reusable Rust + Nix CI - -on: - workflow_call: - inputs: - enable-coverage: - description: 'Enable code coverage reporting' - required: false - type: boolean - default: false - enable-benchmarks: - description: 'Run benchmarks' - required: false - type: boolean - default: false - rust-version: - description: 'Rust version to use (stable, nightly, or specific version)' - required: false - type: string - default: 'stable' - os-matrix: - description: 'JSON array of OS to test on' - required: false - type: string - default: '["ubuntu-latest", "macos-latest"]' - -jobs: - nix-check: - name: Nix Checks (${{ matrix.os }}) - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - os: ${{ fromJson(inputs.os-matrix) }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Cache Nix Store - uses: actions/cache@v4 - with: - path: | - ~/.cache/nix - /nix/var/nix - key: nix-${{ runner.os }}-${{ hashFiles('flake.lock') }} - restore-keys: | - nix-${{ runner.os }}- - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v12 - with: - extra-conf: | - experimental-features = nix-command flakes - accept-flake-config = true - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - - name: Setup FlakeHub Cache - uses: DeterminateSystems/flakehub-cache-action@v7 - if: runner.os == 'Linux' - - - name: Setup Cachix Cache - uses: cachix/cachix-action@v15 - if: vars.CACHIX_CACHE_NAME != '' - with: - name: ${{ vars.CACHIX_CACHE_NAME }} - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Run Nix Flake Checks - run: nix flake check -L --show-trace - - - name: Show flake info - run: nix flake show - - coverage: - name: Code Coverage - if: inputs.enable-coverage - needs: nix-check - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v12 - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - - name: Generate coverage report - run: | - nix develop --command cargo tarpaulin --all-features --out Xml --output-dir ./coverage - - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 - if: github.event_name == 'push' - with: - files: ./coverage/cobertura.xml - fail_ci_if_error: false - - benchmarks: - name: Benchmarks - if: inputs.enable-benchmarks - needs: nix-check - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v12 - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - - name: Run benchmarks - run: nix develop --command cargo bench --all-features - - results: - name: CI Results - if: always() - needs: [nix-check, coverage, benchmarks] - runs-on: ubuntu-latest - steps: - - name: Check results - run: | - if [ "${{ needs.nix-check.result }}" = "failure" ]; then - echo "❌ Nix checks failed" - exit 1 - fi - if [ "${{ needs.coverage.result }}" = "failure" ]; then - echo "⚠️ Coverage failed (non-blocking)" - fi - if [ "${{ needs.benchmarks.result }}" = "failure" ]; then - echo "⚠️ Benchmarks failed (non-blocking)" - fi - echo "✅ CI passed" diff --git a/org-repos-setup/github-workflows/.github/workflows/rust-nix-release.yml b/org-repos-setup/github-workflows/.github/workflows/rust-nix-release.yml deleted file mode 100644 index dc9dcd2..0000000 --- a/org-repos-setup/github-workflows/.github/workflows/rust-nix-release.yml +++ /dev/null @@ -1,256 +0,0 @@ -name: Reusable Rust + Nix Release - -on: - workflow_call: - inputs: - enable-crate-publish: - description: 'Publish to crates.io' - required: false - type: boolean - default: false - enable-platform-binaries: - description: 'Build platform-specific binaries' - required: false - type: boolean - default: true - enable-release-reports: - description: 'Generate comprehensive quality reports' - required: false - type: boolean - default: true - version: - description: 'Version to release (auto-detected from tag if not provided)' - required: false - type: string - default: '' - secrets: - CRATES_TOKEN: - description: 'crates.io API token (required if enable-crate-publish is true)' - required: false - CACHIX_AUTH_TOKEN: - description: 'Cachix auth token' - required: false - -jobs: - validate: - name: Validate Release - runs-on: ubuntu-latest - outputs: - version: ${{ steps.version.outputs.version }} - steps: - - uses: actions/checkout@v4 - - - name: Determine version - id: version - run: | - if [ -n "${{ inputs.version }}" ]; then - VERSION="${{ inputs.version }}" - elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then - VERSION="${{ github.event.inputs.version }}" - else - VERSION=${GITHUB_REF#refs/tags/v} - fi - echo "version=$VERSION" >> $GITHUB_OUTPUT - echo "Release version: $VERSION" - - - name: Validate version in Cargo.toml - run: | - CARGO_VERSION=$(grep '^version = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') - if [ "$CARGO_VERSION" != "${{ steps.version.outputs.version }}" ]; then - echo "Error: Version mismatch!" - echo "Cargo.toml version: $CARGO_VERSION" - echo "Release version: ${{ steps.version.outputs.version }}" - exit 1 - fi - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v12 - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - - name: Run all validation checks - run: nix flake check -L - - generate-reports: - name: Generate Release Reports - if: inputs.enable-release-reports - needs: validate - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Generate release reports - uses: Singularity-ng/github-actions/generate-release-reports@v1 - with: - version: ${{ needs.validate.outputs.version }} - - - name: Upload reports as artifacts - uses: actions/upload-artifact@v4 - with: - name: release-reports - path: | - release-artifacts/ - release-reports-v${{ needs.validate.outputs.version }}.tar.gz - release-reports-v${{ needs.validate.outputs.version }}.zip - - build-crate-package: - name: Build Crate Package - needs: validate - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Build crate package - uses: Singularity-ng/github-actions/build-crate-package@v1 - with: - version: ${{ needs.validate.outputs.version }} - - - name: Upload crate package - uses: actions/upload-artifact@v4 - with: - name: crate-package - path: crate-package/ - - publish-crates: - name: Publish to crates.io - if: inputs.enable-crate-publish - needs: [validate, build-crate-package] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Install stable Rust - uses: dtolnay/rust-toolchain@stable - - - name: Login to crates.io - run: cargo login ${{ secrets.CRATES_TOKEN }} - - - name: Publish to crates.io - run: cargo publish --all-features - - build-artifacts: - name: Build Release Artifacts - if: inputs.enable-platform-binaries - needs: validate - runs-on: ${{ matrix.os }} - strategy: - matrix: - include: - - os: ubuntu-latest - target: x86_64-unknown-linux-gnu - artifact_name: linux-x64 - - os: macos-latest - target: x86_64-apple-darwin - artifact_name: macos-x64 - - os: macos-latest - target: aarch64-apple-darwin - artifact_name: macos-arm64 - - os: windows-latest - target: x86_64-pc-windows-msvc - artifact_name: windows-x64 - steps: - - uses: actions/checkout@v4 - - - name: Install Rust - uses: dtolnay/rust-toolchain@stable - with: - targets: ${{ matrix.target }} - - - name: Build release binary - run: cargo build --release --target ${{ matrix.target }} --all-features - - - name: Get crate name - id: crate-name - shell: bash - run: | - CRATE_NAME=$(grep '^name = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') - echo "name=$CRATE_NAME" >> $GITHUB_OUTPUT - - - name: Package artifact (Unix) - if: runner.os != 'Windows' - run: | - cd target/${{ matrix.target }}/release - tar czf ../../../${{ steps.crate-name.outputs.name }}-${{ matrix.artifact_name }}.tar.gz lib* - - - name: Package artifact (Windows) - if: runner.os == 'Windows' - shell: pwsh - run: | - cd target/${{ matrix.target }}/release - Compress-Archive -Path *.lib,*.dll -DestinationPath ../../../${{ steps.crate-name.outputs.name }}-${{ matrix.artifact_name }}.zip - - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: binary-${{ matrix.artifact_name }} - path: | - *.tar.gz - *.zip - - create-release: - name: Create GitHub Release - needs: [validate, generate-reports, build-crate-package] - if: always() && needs.validate.result == 'success' && needs.build-crate-package.result == 'success' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Download release reports - if: inputs.enable-release-reports - uses: actions/download-artifact@v4 - with: - name: release-reports - - - name: Download crate package - uses: actions/download-artifact@v4 - with: - name: crate-package - - - name: Download platform binaries - if: inputs.enable-platform-binaries - uses: actions/download-artifact@v4 - with: - pattern: binary-* - merge-multiple: true - - - name: Get crate name - id: crate-name - run: | - CRATE_NAME=$(grep '^name = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') - echo "name=$CRATE_NAME" >> $GITHUB_OUTPUT - - - name: Create GitHub Release - uses: softprops/action-gh-release@v2 - with: - name: v${{ needs.validate.outputs.version }} - tag_name: v${{ needs.validate.outputs.version }} - body_path: ${{ inputs.enable-release-reports && 'release-artifacts/RELEASE_SUMMARY.md' || '' }} - draft: false - prerelease: false - generate_release_notes: true - files: | - release-reports-v${{ needs.validate.outputs.version }}.tar.gz - release-reports-v${{ needs.validate.outputs.version }}.zip - ${{ steps.crate-name.outputs.name }}-${{ needs.validate.outputs.version }}.crate - INSTALL.md - PACKAGE_CONTENTS.txt - release-artifacts/ai-docs/AGENTS.md - ${{ steps.crate-name.outputs.name }}-*.tar.gz - ${{ steps.crate-name.outputs.name }}-*.zip - - notify: - name: Notify Release - needs: [validate, create-release] - runs-on: ubuntu-latest - if: always() - steps: - - name: Send notification - run: | - if [ "${{ needs.create-release.result }}" = "success" ]; then - echo "✅ Successfully released v${{ needs.validate.outputs.version }}" - echo "🎉 GitHub Release: ${{ github.server_url }}/${{ github.repository }}/releases/tag/v${{ needs.validate.outputs.version }}" - else - echo "❌ Release failed for v${{ needs.validate.outputs.version }}" - exit 1 - fi diff --git a/org-repos-setup/github-workflows/README.md b/org-repos-setup/github-workflows/README.md deleted file mode 100644 index dc87ff4..0000000 --- a/org-repos-setup/github-workflows/README.md +++ /dev/null @@ -1,142 +0,0 @@ -# Singularity Reusable GitHub Workflows - -This repository contains reusable GitHub Actions workflows for Singularity projects. - -## Available Workflows - -### `rust-nix-ci.yml` -Standard CI pipeline for Rust projects using Nix flake. - -**Features:** -- Nix flake checks (build, test, clippy, fmt, audit, doc) -- Multi-platform testing (Linux, macOS) -- 4-layer caching (GitHub + Magic Nix + FlakeHub + Cachix) -- Zero warnings tolerance -- Optional coverage reporting - -**Usage:** -```yaml -jobs: - ci: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-ci.yml@v1 - with: - enable-coverage: true - rust-version: stable -``` - -### `rust-nix-release.yml` -Automated release workflow for Rust crates. - -**Features:** -- Version validation (git tag vs Cargo.toml) -- Comprehensive quality reports -- Crate package generation -- GitHub Release creation -- Platform binaries (optional) -- Optional crates.io publishing - -**Usage:** -```yaml -jobs: - release: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-release.yml@v1 - with: - enable-crate-publish: false - enable-platform-binaries: true - enable-release-reports: true -``` - -### `security-audit.yml` -Security scanning and dependency checking. - -**Features:** -- cargo-audit vulnerability scanning -- cargo-deny license/source checking -- Dependency review -- SBOM generation - -**Usage:** -```yaml -jobs: - security: - uses: Singularity-ng/github-workflows/.github/workflows/security-audit.yml@v1 -``` - -## Versioning - -We use semantic versioning with Git tags: - -- **`@main`** - Latest development version (may be unstable) -- **`@v1`** - Latest stable v1.x.x release -- **`@v1.2.3`** - Specific version - -**Recommendation**: Use `@v1` in production to get bug fixes while avoiding breaking changes. - -## Inputs - -See each workflow file for detailed input documentation. - -## Secrets - -Most workflows require standard GitHub secrets: -- `GITHUB_TOKEN` - Automatically provided by GitHub -- `CRATES_TOKEN` - Required only if publishing to crates.io (set in repository settings) - -## Examples - -### Basic CI -```yaml -name: CI -on: [push, pull_request] - -jobs: - ci: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-ci.yml@v1 -``` - -### CI with Custom Settings -```yaml -name: CI -on: [push, pull_request] - -jobs: - ci: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-ci.yml@v1 - with: - enable-coverage: true - enable-benchmarks: false - rust-version: nightly -``` - -### Release Workflow -```yaml -name: Release -on: - push: - tags: ['v[0-9]+.*'] - -permissions: - contents: write - -jobs: - release: - uses: Singularity-ng/github-workflows/.github/workflows/rust-nix-release.yml@v1 - with: - enable-crate-publish: false # Proprietary software - enable-platform-binaries: true - enable-release-reports: true -``` - -## Contributing - -To update these workflows: - -1. Make changes in a branch -2. Test in a project using `@branch-name` -3. Open PR -4. After merge, tag a new version -5. Update projects to use new version - -## Questions? - -See the organization's SUPPORT.md for help. diff --git a/org-repos-setup/setup-script.sh b/org-repos-setup/setup-script.sh deleted file mode 100755 index efe3f6d..0000000 --- a/org-repos-setup/setup-script.sh +++ /dev/null @@ -1,185 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# Organization GitHub Actions Setup Script -# This script helps you set up the organization repositories - -BOLD='\033[1m' -GREEN='\033[0;32m' -BLUE='\033[0;34m' -YELLOW='\033[1;33m' -RED='\033[0;31m' -NC='\033[0m' # No Color - -echo -e "${BOLD}Singularity Organization GitHub Actions Setup${NC}" -echo "" - -# Check if gh CLI is installed -if ! command -v gh &> /dev/null; then - echo -e "${RED}Error: GitHub CLI (gh) is not installed${NC}" - echo "Install it from: https://cli.github.com/" - exit 1 -fi - -# Check if user is authenticated -if ! gh auth status &> /dev/null; then - echo -e "${YELLOW}You need to authenticate with GitHub${NC}" - gh auth login -fi - -ORG_NAME="${ORG_NAME:-Singularity-ng}" -echo -e "${BLUE}Organization:${NC} $ORG_NAME" -echo "" - -# Function to create repo if it doesn't exist -create_repo() { - local repo_name=$1 - local description=$2 - local visibility=${3:-private} - - echo -e "${BLUE}Checking repository:${NC} $ORG_NAME/$repo_name" - - if gh repo view "$ORG_NAME/$repo_name" &> /dev/null; then - echo -e "${YELLOW} Repository already exists${NC}" - else - echo -e "${GREEN} Creating repository...${NC}" - gh repo create "$ORG_NAME/$repo_name" \ - --$visibility \ - --description "$description" \ - --enable-wiki=false - echo -e "${GREEN} ✓ Created${NC}" - fi -} - -# Function to push files to repo -push_files() { - local repo_name=$1 - local source_dir=$2 - - echo -e "${BLUE}Pushing files to:${NC} $ORG_NAME/$repo_name" - - # Create temp directory - TEMP_DIR=$(mktemp -d) - cd "$TEMP_DIR" - - # Clone or init repo - if gh repo view "$ORG_NAME/$repo_name" &> /dev/null; then - gh repo clone "$ORG_NAME/$repo_name" . - else - git init - git remote add origin "git@github.com:$ORG_NAME/$repo_name.git" - fi - - # Copy files - cp -r "$source_dir"/* . || true - - # Commit and push - git add . - if git diff --cached --quiet; then - echo -e "${YELLOW} No changes to commit${NC}" - else - git commit -m "Initial setup of $repo_name repository" - git branch -M main - git push -u origin main - echo -e "${GREEN} ✓ Pushed files${NC}" - fi - - # Cleanup - cd - > /dev/null - rm -rf "$TEMP_DIR" -} - -# Step 1: Create .github repository -echo -e "\n${BOLD}Step 1: Setting up .github repository${NC}" -echo "This provides organization defaults and workflow templates" -echo "" - -read -p "Create/update .github repository? (y/n) " -n 1 -r -echo -if [[ $REPLY =~ ^[Yy]$ ]]; then - create_repo ".github" "Organization defaults and workflow templates" "public" - push_files ".github" "$(pwd)/.github" -fi - -# Step 2: Create github-workflows repository -echo -e "\n${BOLD}Step 2: Setting up github-workflows repository${NC}" -echo "This contains reusable workflows" -echo "" - -read -p "Create/update github-workflows repository? (y/n) " -n 1 -r -echo -if [[ $REPLY =~ ^[Yy]$ ]]; then - create_repo "github-workflows" "Reusable GitHub Actions workflows for Rust + Nix projects" "private" - push_files "github-workflows" "$(pwd)/github-workflows" -fi - -# Step 3: Create github-actions repository -echo -e "\n${BOLD}Step 3: Setting up github-actions repository${NC}" -echo "This contains composite actions" -echo "" - -read -p "Create/update github-actions repository? (y/n) " -n 1 -r -echo -if [[ $REPLY =~ ^[Yy]$ ]]; then - create_repo "github-actions" "Composite GitHub Actions for Rust + Nix projects" "private" - push_files "github-actions" "$(pwd)/github-actions" -fi - -# Step 4: Tag versions -echo -e "\n${BOLD}Step 4: Tagging versions${NC}" -echo "This creates v1.0.0 tags for versioning" -echo "" - -tag_repo() { - local repo_name=$1 - local version=${2:-v1.0.0} - - echo -e "${BLUE}Tagging:${NC} $ORG_NAME/$repo_name @ $version" - - TEMP_DIR=$(mktemp -d) - cd "$TEMP_DIR" - gh repo clone "$ORG_NAME/$repo_name" . - - if git rev-parse "$version" >/dev/null 2>&1; then - echo -e "${YELLOW} Tag already exists${NC}" - else - git tag -a "$version" -m "Release $version" - git push origin "$version" - echo -e "${GREEN} ✓ Tagged $version${NC}" - fi - - cd - > /dev/null - rm -rf "$TEMP_DIR" -} - -read -p "Create v1.0.0 tags? (y/n) " -n 1 -r -echo -if [[ $REPLY =~ ^[Yy]$ ]]; then - tag_repo "github-workflows" "v1.0.0" - tag_repo "github-actions" "v1.0.0" -fi - -# Summary -echo -e "\n${BOLD}${GREEN}✓ Setup Complete!${NC}" -echo "" -echo -e "${BOLD}Next Steps:${NC}" -echo "1. Review the repositories on GitHub:" -echo " - https://github.com/$ORG_NAME/.github" -echo " - https://github.com/$ORG_NAME/github-workflows" -echo " - https://github.com/$ORG_NAME/github-actions" -echo "" -echo "2. Update your projects to use the reusable workflows:" -echo " See ORG_GITHUB_ACTIONS_SETUP.md for migration guide" -echo "" -echo "3. Test in one project before rolling out to all projects" -echo "" -echo -e "${BOLD}Repository Visibility:${NC}" -echo " .github - Public (templates visible to all)" -echo " github-workflows - Private (reusable workflows)" -echo " github-actions - Private (composite actions)" -echo "" -echo "If you need to change visibility, use:" -echo " gh repo edit $ORG_NAME/ --visibility " -echo "" -echo -e "${GREEN}Happy automating! 🚀${NC}"