Initial commit with latest state

Author: KittyChiu

.devcontainer/devcontainer.json

@@ -0,0 +1,97 @@
+{
+	"image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+	"features": {
+		"ghcr.io/devcontainers/features/github-cli:1": {},
+		"ghcr.io/devcontainers/features/go:1": {
+			"version": "1.24"
+		},
+		"ghcr.io/github/features/goproxy:1": {},
+		"ghcr.io/github/features/go-linter:2": {},
+		"ghcr.io/devcontainers/features/sshd:1": {
+			"version": "latest"
+		},
+		"ghcr.io/devcontainers/features/node:1": {
+			"nodeGypDependencies": true,
+			"version": "lts",
+			"nvmVersion": "latest"
+		},
+		"ghcr.io/devcontainers/features/hugo:1": {
+			"extended": true,
+			"version": "latest"
+		}
+	},
+	"onCreateCommand": ".devcontainer/on-create-command.sh",
+	"postCreateCommand": "./tools/setup",
+	"containerEnv": {
+		"GOPROXY": "https://goproxy.githubapp.com/mod,https://proxy.golang.org/,direct",
+		"GOPRIVATE": "",
+		"GONOPROXY": "",
+		"GONOSUMDB": "github.com/github/*"
+	},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"golang.go",
+				// Recommended for Hextra theme
+				"mhutchie.git-graph",
+				"esbenp.prettier-vscode",
+				"tamasfe.even-better-toml",
+				"budparr.language-hugo-vscode",
+
+				// Recommended extensions from https://gohugo.io/tools/editors/#visual-studio-code
+				// Front Matter CMS: https://marketplace.visualstudio.com/items?itemName=eliostruyf.vscode-front-matter
+				"eliostruyf.vscode-front-matter",
+
+				// Hugo Helper: https://marketplace.visualstudio.com/items?itemName=rusnasonov.vscode-hugo
+				"rusnasonov.vscode-hugo",
+
+				// Hugo Language and Syntax Support: https://marketplace.visualstudio.com/items?itemName=budparr.language-hugo-vscode
+				"budparr.language-hugo-vscode",
+
+				// Hugo Themer: https://marketplace.visualstudio.com/items?itemName=eliostruyf.vscode-hugo-themer
+				"eliostruyf.vscode-hugo-themer",
+
+				// hugofy: https://marketplace.visualstudio.com/items?itemName=akmittal.hugofy
+				"akmittal.hugofy",
+
+				// Hugo Shortcode Syntax Highlighting: https://marketplace.visualstudio.com/items?itemName=kaellarkin.hugo-shortcode-syntax
+				"kaellarkin.hugo-shortcode-syntax"
+			],
+			"settings": {
+				"go.lintFlags": [
+					"--config=/workspaces/.golangci.toml",
+					"--whole-files",
+					"--new-from-rev=origin/main"
+				]
+			}
+		},
+		"codespaces": {
+			"repositories": {
+				"github/go-linter": {
+					"permissions": {
+						"contents": "read",
+						"packages": "read"
+					}
+				},
+				"github/features": {
+					"permissions": {
+						"contents": "read",
+						"packages": "read"
+					}
+				},
+				"github/*": {
+					"permissions": {
+						"contents": "read",
+						"packages": "read"
+					}
+				}
+			}
+		}
+	},
+	"forwardPorts": [1313],
+	"portsAttributes": {
+		"8080": {
+			"label": "dev-server"
+		}
+	}
+}

.devcontainer/on-create-command.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+
+/usr/local/share/goproxy-init.sh
+/usr/local/share/go-linter-init.sh

.github/CODEOWNERS

@@ -0,0 +1,7 @@
+
+# Default owners for all files in the repository
+* @github/github-well-architected-admins @github/cse-intelligence-engine-squad @bot-digital-customer-success @github/github-well-architected-maintainers
+
+# Owners for .github and script directories
+# This includes CICD workflows, and other CSE-specific configurations
+/.github/ @github/github-well-architected-admins @github/cse-intelligence-engine-squad @bot-digital-customer-success

.github/dependabot.yaml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "CI/CD"
+      - "dependabot"
+    commit-message:
+      prefix: ci
+    groups:
+      actions-deps:
+        patterns:
+          - "*"
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      npm-deps:
+        patterns:
+          - "*"

.github/dependency-review-config.yml

@@ -0,0 +1,11 @@
+fail-on-severity: moderate
+
+comment-summary-in-pr: always
+
+# allow-licenses:
+#   - MIT
+
+fail-on-scopes:
+  - development
+  - runtime
+  - unknown

.github/linters/.markdownlint.json

@@ -0,0 +1,6 @@
+{
+	"default": true,
+  "MD013": false,
+  "MD033": false,
+	"MD060": false
+}

.github/workflows/deploy-merged-pr.yml

@@ -0,0 +1,197 @@
+name: Merge Contribution to Internal
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+permissions:
+  contents: read
+  pull-requests: read
+  checks: read
+  actions: read
+  
+jobs:
+  check-merge-state:
+    if: github.event.review.state == 'approved'
+    runs-on: ubuntu-latest
+    env:
+      PR_NUMBER: ${{ github.event.pull_request.number }}
+      SOURCE_REPO: ${{ github.repository }}
+    outputs:
+      checks_passed: ${{ steps.verify_checks.outputs.checks_passed }}
+    steps:
+      - name: Wait for Status Checks and Verify
+        id: verify_checks
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          MAX_ATTEMPTS=120  # 120 attempts * 30 seconds = 60 minutes max
+          ATTEMPT=0
+          
+          while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
+            echo "Checking status checks (attempt $((ATTEMPT + 1))/$MAX_ATTEMPTS)..."
+            
+            # Get PR status checks
+            STATUS_JSON=$(gh pr view $PR_NUMBER --json statusCheckRollup --repo $SOURCE_REPO)
+            
+            # Filter for CheckRun entries only and not this current job
+            CHECK_RUNS=$(echo "$STATUS_JSON" | jq '[.statusCheckRollup[] | select(.__typename == "CheckRun") | select(.name != "check-merge-state" and .name != "dispatch-to-internal")]')
+            
+            # Check if all checks are completed
+            INCOMPLETE_COUNT=$(echo "$CHECK_RUNS" | jq '[.[] | select(.status != "COMPLETED")] | length')
+            
+            if [ "$INCOMPLETE_COUNT" -eq 0 ]; then
+              echo "All checks are completed!"
+              
+              # Check conclusions - must be SUCCESS, NEUTRAL, or SKIPPED
+              FAILED_CHECKS=$(echo "$CHECK_RUNS" | jq '[.[] | select(.conclusion != "SUCCESS" and .conclusion != "NEUTRAL" and .conclusion != "SKIPPED")]')
+              FAILED_COUNT=$(echo "$FAILED_CHECKS" | jq 'length')
+              
+              if [ "$FAILED_COUNT" -eq 0 ]; then
+                echo "All checks passed with acceptable conclusions!"
+                echo "checks_passed=true" >> $GITHUB_OUTPUT
+                break
+              else
+                echo "Some checks failed:"
+                echo "$FAILED_CHECKS" | jq -r '.[] | "  - \(.name): \(.conclusion)"'
+                echo "checks_passed=false" >> $GITHUB_OUTPUT
+                exit 1
+              fi
+            else
+              echo "$INCOMPLETE_COUNT checks still running. Waiting 30 seconds..."
+              ATTEMPT=$((ATTEMPT + 1))
+              if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                sleep 30
+              fi
+            fi
+          done
+          
+          if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
+            echo "Timed out waiting for checks to complete"
+            echo "checks_passed=false" >> $GITHUB_OUTPUT
+            exit 1
+          fi
+
+      # OSS App
+      - name: Generate GitHub App Token
+        id: pr_app_token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.WELLARCHITECTED_OSS_APP_ID }}
+          private-key: ${{ secrets.WELLARCHITECTED_OSS_APP_PRIVATE_KEY }}
+          owner: github
+          repositories: |
+            github-well-architected
+          permission-pull-requests: write
+          permission-contents: write
+
+      - name: Enable Auto-Merge
+        if: steps.verify_checks.outputs.checks_passed == 'true'
+        env:
+          GH_TOKEN: ${{ steps.pr_app_token.outputs.token }}
+        run: |
+          echo "Enabling auto-merge for PR #$PR_NUMBER..."
+          gh pr merge $PR_NUMBER --auto --squash --repo $SOURCE_REPO
+          echo "Auto-merge enabled successfully!"
+
+  dispatch-to-internal:
+    needs: check-merge-state
+    if: needs.check-merge-state.outputs.checks_passed == 'true' && github.event.review.state == 'approved'
+    runs-on: ubuntu-latest
+    env:
+      SOURCE_REPO: github/github-well-architected
+      TARGET_REPO: github/github-well-architected-internal
+      PR_HEAD_BRANCH: ${{ github.event.pull_request.head.ref }}
+      PR_NUMBER: ${{ github.event.pull_request.number }}
+      ENVIRONMENT: staging
+    steps:
+      # OSS App
+      - name: Generate GitHub App Token
+        id: dispatch_app_token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.WELLARCHITECTED_OSS_APP_ID }}
+          private-key: ${{ secrets.WELLARCHITECTED_OSS_APP_PRIVATE_KEY }}
+          owner: github
+          repositories: |
+            github-well-architected
+            github-well-architected-internal
+          permission-deployments: write
+          permission-contents: write
+
+      - name: Create deployment
+        id: create_deployment
+        env:
+          GH_TOKEN: ${{ steps.dispatch_app_token.outputs.token }}
+        run: |
+          ################################################################          
+          # Check for existing deployments
+          # If found, delete the latest one to avoid outdated deployments
+
+          EXISTING_DEPLOYMENT_LATEST=$(gh api \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "/repos/$SOURCE_REPO/deployments?ref=$PR_HEAD_BRANCH&environment=$ENVIRONMENT" \
+            --jq '[.[] | select(.task == "deploy")] | sort_by(.created_at) | reverse | .[0].id // empty')
+
+          if [ -n "$EXISTING_DEPLOYMENT_LATEST" ] && [ "$EXISTING_DEPLOYMENT_LATEST" != "null" ]; then
+            echo "Found existing deployment with ID: $EXISTING_DEPLOYMENT_LATEST"
+            echo "existing_deployment_id=$EXISTING_DEPLOYMENT_LATEST" >> $GITHUB_OUTPUT
+
+            # Delete existing deployment 
+            gh api \
+              --method DELETE \
+              -H "Accept: application/vnd.github+json" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              /repos/$SOURCE_REPO/deployments/$EXISTING_DEPLOYMENT_LATEST
+          fi
+
+          ################################################################          
+          # Create new deployment
+
+          DEPLOYMENT_RESPONSE=$(gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /repos/$SOURCE_REPO/deployments \
+            --input - <<-EOF
+          {
+            "ref": "$PR_HEAD_BRANCH",
+            "environment": "$ENVIRONMENT",
+            "description": "Deploy requested from PR $PR_NUMBER (branch: $PR_HEAD_BRANCH)",
+            "auto_merge": false,
+            "required_contexts": []
+          }
+          EOF
+            )
+          DEPLOYMENT_ID=$(echo "$DEPLOYMENT_RESPONSE" | jq -r '.id')
+          echo "deployment_id=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT
+          echo "Created new deployment with ID: $DEPLOYMENT_ID"
+          
+      - name: Update Deployment Status
+        env:
+          GH_TOKEN: ${{ steps.dispatch_app_token.outputs.token }}
+          NEW_DEPLOYMENT_ID: ${{ steps.create_deployment.outputs.deployment_id }}
+          EXISTING_DEPLOYMENT_LATEST: ${{ steps.create_deployment.outputs.existing_deployment_id }}
+        run: |
+          gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /repos/$SOURCE_REPO/deployments/$NEW_DEPLOYMENT_ID/statuses \
+            -f "state=in_progress" \
+            -f "description=Deployment dispatched to internal repository for processing."
+
+      - name: Repository Dispatch to Internal Repo
+        env:
+          GH_TOKEN: ${{ steps.dispatch_app_token.outputs.token }}
+        run: |
+          gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /repos/$TARGET_REPO/dispatches \
+            -f 'event_type=opensource-sync-to-publish' \
+            -f "client_payload[pr_url]=${{ github.event.pull_request.html_url }}" \
+            -f "client_payload[pr_number]=$PR_NUMBER" \
+            -f "client_payload[head_ref]=$PR_HEAD_BRANCH" \