diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml new file mode 100644 index 0000000..a227476 --- /dev/null +++ b/.github/workflows/scheduled-repository-template-sync.yaml @@ -0,0 +1,54 @@ +name: Repository Template Sync + +on: + schedule: + - cron: '0 0 1 * *' + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + checks: read + +jobs: + update-external-repo: + runs-on: ubuntu-latest + + steps: + - name: Check out the repository + uses: actions/checkout@v4 + + - name: Check out external repository + uses: actions/checkout@v4 + with: + repository: NHSDigital/nhs-notify-repository-template + path: nhs-notify-repository-template + token: ${{ github.token }} + + - name: Run syncronisation script + run: | + ./scripts/githooks/sync-template-repo.sh + + - name: Create Pull Request + if: ${{ !env.ACT }} + uses: peter-evans/create-pull-request@v7.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Drift from template + branch: scheduledTemplateRepositorySync + delete-branch: true + title: '[Template Sync] Drift from template-repository remediation' + body: | + # Resultant drift from repository template + + ## Who should respond to this PR? + The team which owns the responsibility for this component repository. You may want to consult other contributors. + + ## How to progress this PR + The repositories guardians should review the contents of the PR and decide how to proceed, you may wish to back-out certain changes or accept them from the upstream `nhsdigital/nhs-notify-repository-template` repository. + + If there are changes you do not wish to see again, it is recommended you add exclusions to `scripts/config/.repository-template-sync-ignore`. + labels: | + template + automation + draft: false diff --git a/scripts/config/.repository-template-sync-ignore b/scripts/config/.repository-template-sync-ignore new file mode 100644 index 0000000..7564f3e --- /dev/null +++ b/scripts/config/.repository-template-sync-ignore @@ -0,0 +1,18 @@ +# Files and folders to ignore when syncing nhs-notify-repository-template back in to this repository +scripts/config/.repository-template-sync-ignore +.github/workflows/ +nhs-notify-repository-template/ + +# Files and Folders in this repository to ignore +.vscode/ +CHANGELOG.md +project.code-workspace +README.md +VERSION + +# Files and Folders in the template repository to disregard +.devcontainer/ +.github/workflows/cicd-*.yaml +*/examples/ +docs/ +infrastructure/terraform/components/ diff --git a/scripts/githooks/sync-template-repo.sh b/scripts/githooks/sync-template-repo.sh new file mode 100755 index 0000000..060aaa4 --- /dev/null +++ b/scripts/githooks/sync-template-repo.sh @@ -0,0 +1,110 @@ +#!/bin/bash + +set -euo pipefail + +# Script to synchronise the nhs-notify-template-repository with this repository +# +# Usage: +# $ [options] ./check-terraform-format.sh +# +# Options: +# new_only=true # Only identify new files from the template-repository +# changes_only=true # Only identify files which have drifted from the template-repository + +# ============================================================================== + +# Command line prameters +new_only=${new_only:-false} +changes_only=${changes_only:-false} + +# Set variables +TEMPLATE_REPO_DIR="nhs-notify-repository-template" +IGNORE_FILE="scripts/config/.repository-template-sync-ignore" + +# Check if the template directory exists +if [ ! -d "${TEMPLATE_REPO_DIR}" ]; then + echo "Template directory ${TEMPLATE_REPO_DIR} not found!" + exit 1 +fi + +# Check if the .template-ignore file exists, create an empty one if not +if [ ! -f "${IGNORE_FILE}" ]; then + echo "# Files and folders to ignore when syncing ${TEMPLATE_REPO_DIR} back in to this repository" > ${IGNORE_FILE} + echo "# Files and Folders in this repository to ignore" >> ${IGNORE_FILE} + echo "# Files and Folders in the template repository to disregard" >> ${IGNORE_FILE} +fi + +# Read the .template-ignore file into an array +while IFS= read -r line || [ -n "$line" ]; do + IGNORED_PATHS+=("$line") +done < "$IGNORE_FILE" + +# Check if a file is ignored. +is_ignored() { + local file=${1} + + # Ignore .git directories and files + if [[ "$file" == *.git/* ]]; then + return 0 + fi + + for ignored in "${IGNORED_PATHS[@]}"; do + if [[ -n "$ignored" && "$file" =~ $ignored ]]; then + return 0 + fi + done + return 1 +} + +# Navigate to the template directory +cd "${TEMPLATE_REPO_DIR}" || exit +FILES_ADDED=() +FILES_WITH_CHANGES=() + +# Loop through all files in the template directory +while IFS= read -r -d '' file; do + relative_path="${file#./}" # Remove leading './' + + # Check if the file is ignored + if is_ignored "$relative_path"; then + echo "Ignoring $relative_path" + continue + fi + + target_path="../$relative_path" + mkdir -p "$(dirname "$target_path")" + + # Copy the file to the root directory if it doesn't exist or is different + if [ ! -f "$target_path" ] && [ "$changes_only" == false ]; then + echo "Copying $relative_path to the repository" + FILES_ADDED+=("${relative_path}") + cp "$file" "$target_path" + + else + # If the file exists, check if it's different + if [ "$new_only" == false ]; then + if ! diff -q "$file" "$target_path" > /dev/null 2>&1; then + echo "Merging changes from $relative_path" + FILES_WITH_CHANGES+=("${relative_path}") + cp "$file" "$target_path" + fi + fi + fi +done < <(find . -type f -print0) + +echo "${#FILES_ADDED[@]}" files added, "${#FILES_WITH_CHANGES[@]}" files with changes detected. + +echo ------------------------------------------ + +if [ "$changes_only" == false ]; then + echo ------------------------------------------ + echo "New files added:" + printf ' - %s\n' "${FILES_ADDED[@]}" +fi + + +if [ "$new_only" == false ]; then + echo ------------------------------------------ + echo "Changed files:" + printf ' - %s\n' "${FILES_WITH_CHANGES[@]}" +fi