Toolbox to help developers and open source referents to have cleaner projects in GitHub organizations, and more.
Toolbox is mainly written in Shell because this language is very efficient for files processing and provides a strong and rich standard API with cool primitives and nice performances due to system calls. It helps also to call system primitives easily. Contains also Ruby scripts. Ruby are shiny gems, I love them. Python is also used. And a bit of PHP because it is nice to use several languages we are not used to (stop the routine!). For these needs scripting is enough.
You should have mainly the following environments bellow, but have a look on each folder README:
- Bash version 3.2.5
- Ruby version 2.7.1
- Python version 3.7
There are 5 folders containing scripts and programs to make your life a bit easier:
- toolbox/diver contains scripts to scrap data in Git logs and histories, look for sensitive data in sources, etc ;
- toolbox/github contains scripts and programs to make requests to GitHub API so as to automate some actions ;
- toolbox/gitlab contains scripts and programs to make requests to GitLab API so as to automate some actions ;
- toolbox/LicensesInventory contains program to get licenses of third party components thanks to dependency manager files ;
- toolbox/utils contains scripts to generate texts and stuff like that.
Feel free to read each README available in all of the subdirectories listed above.
To be sure you have a ready-to-run project, you can run the following dry-run command which will check if runtimes, third party tools and files are available.
bash dry-run.sh
Renovate is used to as to try to keep updated dependencies of the project. A renovate.json must be added at the project root with cofiguration details ; but the organization admins must enable it (through the admin console). By default Dependabot was enabled for this project but has been replaced by Renovate.
Gitleaks is used so as to look for secrets and leak of sensitive data. A gitleaks.toml file has been placed at the project root, picked from the Gitleaks repository, to define rules. A gitleaks-action.yml is also defined to define the GitHub Action to call and some secrets to use to do so. The GITLEAKS_LICENSE is defined in the organization level, only the organization admins can make it visible to projects. This key (dedicated to organization) has been asked to the Gitleaks team and received gratefully from them.
The Developer Certificate of Origin is applied here thanks to a Probot bot. On pull requests all commits must be signed off. This control is processed in an action.