Templates and commandline tools for creating repositories for US Federal open source projects
- python
- github cli
- cookiecutter
- repolinter
If you do not know what tier your project is, the cookiecutter will walk you through questions to figure out what tier you need. Run:
cookiecutter https://github.com/DSACMS/repo-scaffolder
If you know what tier you need, you can run the cookiecutter for an individual tier. Use the below command with X substituted for the tier number.
cookiecutter https://github.com/DSACMS/repo-scaffolder --directory=tierX
To add code.json into your project, navigate to your project's .github directory and run the following cookiecutter command. You will be asked questions about the project (see cookiecutter.json) in order to collect and store this metadata in code.json.
cookiecutter . --directory=codejson
You can update existing projects with the repo scaffolder. Using the -s flag on cookiecutter will not overwrite existing files. Follow these steps:
- Create a new branch in your repo
- cd into folder above
- run:
cookiecutter -f -s https://github.com/DSACMS/repo-scaffolder --directory=tierX - Make sure when answering the questions you use the existing folder/project name
- Raise pr into main
When creating projects, if you want to receive updates then add dsacms-tierX as a github topic to the repo. The scaffolder repo includes github workflows that will find all repos with that tag and can raise a pull request with an updated string or adding a file. See actions.md for more information.
At a top level, each tier consists of a folder for hooks, a folder containing the files to be added ({{cookiecutter.project_slug}}), and a cookiecutter.json defining the questions cookiecutter asks. These naming conventions must be
followed as that is what cookiecutter picks up. The hooks folder needs to be duplicated in each tier. The folder
containing the files to be added can include slugged out variables such as {{ cookiecutter.project_name }} that can
be filled in by the answers to cookiecutter.json. For example, {{ cookiecutter.project_name }} will be filled in by
this question - "project_name": "My Project",. See the cookiecutter docs
for more information.
Repolinter is a tool maintained by the TODOGroup for checking repositories for common open source issues, using pre-defined rulesets. This can be run stand-alone as a script, pre-commit in your IDE, or post-commit or within CI/CD systems!
✔ = Pass
✖ = Fail
⚠ = Warn
Tiers of level 1 thru 4 have repolinter.json file in their projects. Tier1 has detailed configuration of all the rules. All the other tiers extends their previous tiers and has only the rule and the level configuration.
Sample commands to run with the given repolinter.json path:
repolinter lint .
repolinter lint tier4/\{\{cookiecutter.project_slug\}\}
See our Maturity Model Tiers Document for reference: https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.pdf
This project was developed as a collaboration between the United States Digital Service (USDS.gov), The Department of Health and Human Services (HHS.gov), The Digital Service at the Centers for Medicare & Medicaid Services (CMS.gov) and The USDigitalResponse.org.
We adhere to the CMS Open Source Policy. If you have any questions, just shoot us an email.
Submit a vulnerability: Vulnerability reports can be submitted through Bugcrowd. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see SECURITY.md.
A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software.
In the spirit of Executive Order 14028 - Improving the Nation’s Cyber Security, a SBOM for this repository is provided here: https://github.com/DSACMS/repo-scaffolder/network/dependencies.
For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication as indicated in LICENSE.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.