Sync files (mainly MD) from .github to other repos

[yada]

Reason/Context

We need to use the .github repo as our single source of truth for all the community health files we would generally have to duplicate in each (or multiple) repository. All community contributions on these files (PR) will be accepted in this repo (.github) and synced to the others; no update on the destination repo will be allowed.

Warning: any new files (new creation) must be added to the exclusion regex of each repo/workflow auto-build process, ex: https://github.com/microcks/microcks/blob/master/.github/workflows/build-verify.yml

Description

The current files concerned are:

• .github/ADOPTERS.md
• .github/BACKERS.md
• .github/CHANGELOG.md
• .github/CODE_OF_CONDUCT.md
• .github/CONTRIBUTING.md
• .github/GOVERNANCE.md
• .github/MAINTAINERS.md
• .github/ROADMAP.md
• .github/SECURITY.md

⚠️ All of them need to be first added to the exclusion regex of each repo/workflow auto-build process ⚠️

Implementation ideas

Sync for each file proposition is:

• .github/ADOPTERS.md 👉 sync to all Microcks' repos
• .github/BACKERS.md 👉 sync to all Microcks' repos
• .github/CHANGELOG.md 👉 sync to Microcks main repo only
• .github/CODE_OF_CONDUCT.md 👉 sync to all Microcks' repos
• .github/CONTRIBUTING.md 👉 sync to all Microcks' repos
• .github/GOVERNANCE.md 👉 sync to all Microcks' repos
• .github/MAINTAINERS.md 👉 sync to all Microcks' repos IF maintainers for specific repos are in the same file TODO?
• .github/ROADMAP.md 👉 sync to all Microcks' repos
• .github/SECURITY.md 👉 sync to all Microcks' repos

Ideally, the sync process needs to be fully automated using GitHub actions:

• on each merge, file changes
• replace (if it exists also) destination files

[yada]

List of tasks to perform and take care of in order of priority and execution:

• [x] Agree on the list of files concerned (any files not in .github we may have missed?)
• [x] Agree on file destinations (from .github to repo)
• [x] Update ALL exclusion regex of each repo/workflow auto-build process (each repo concerned)
• [x] Sync GitHub action to find, test and put in .github workflow

[yada]

By the way, we should add the LICENSE file (Apache License 2.0) to this repo so we can copy it (sync) to the others. Ex: sync to https://github.com/microcks/community

[yada]

GitHub action that can help from our AsyncAPI friends: https://github.com/derberg/manage-files-in-multiple-repositories?tab=readme-ov-file

[lbroudoux]

I think the first step is to define the different kinds of repos we have under the Microcks organization. As those different kinds of repos don't have the same licensing or security scanning requirements, this could help us putting the right effot as the right place.

I see at least 4 different categories of repositories:

• Repos that host delivered components - microcks, microcks-testcontainers-java, microcks-operator, microcks-quarkus, etc..
• Repos that host demonstrations - microcks-quarkus-demo, microcks-testcontainers-node-nest-demo, api-lifecycle, api-tooling, etc...
• Repos that host documentation - microcks.io and microcks.github.io
• Repos that contain community resources - .github, community-mocks, microcks-quickstarters, etc...

At first, I was wondering if repos containing ecosystem plugins (like Jenkins plugin, Backstage plugin, etc...) had to be considered differently but it's still components we're delivering for and that targets production usage. So it fits in the 1st category.

What do you think? Do you agree with this way of sorting things?

Now what is the impact of this categorization? I see we have different needs and constraints depending on the type of repo.

Needs/Constraints	Delivered components	Demonstrations	Documentation	Community resources
Apache 2.0 License	✅		✅
Licence Scanning	✅
Security Scanning	✅
Security Infos	✅			✅
QA Scanning	✅
MIT License		✅		✅
Infos in README	✅	✅	✅	✅
Dependency Policy	✅	✅	✅	✅
Codeowners	✅	✅	✅	✅
Maintainers	✅	✅	✅	✅
Contribution guide	✅		✅	✅
Staling of issues	✅
Governance infos	✅		✅	✅
Changelog infos	✅
Roadmap infos	✅
Adopters & Backers infos	✅			✅
Code of conduct	✅	✅	✅	✅
Welcome new users	✅	✅	✅	✅
CLO Monitor (*1)/LFX Insights presence	✅ with code and community checks		✅ with docs checks

In addition, putting Security, License or QA Scanning in place has some consequences as we also need to set up some additiional tools like Sonar (QA & Security), FOSSA (License) and Quay.io/Docker Scout (Security of container image).

Also, all the files mentioned above cannot be synced as-is. Typically:

• The CHANGELOG.md is specific for each repo as it contains a link to the repo releases
• The CONTRIBUTING.md file is quite generic but may require some repo-specific information on build tools and others.

(*1): See, CLOMonitor checks description: https://clomonitor.io/docs/topics/checks/

[yada]

Make sense and looks good to me 👍

[lbroudoux]

Comprehensive list in different repos categories (as of today 😉)

Delivered components

• microcks
• microcks-cli
• microcks-operator
• microcks-ansible-operator
• microcks-postman-runtime
• microcks-testcontainers-java
• microcks-testcontainers-go
• microcks-testcontainers-node
• microcks-quarkus
• microcks-java-client
• microcks-go-client
• microcks-docker-desktop-extension
• microcks-backstage-provider
• microcks-jenkins-plugin
• microcks-spectral-ruleset
• import-github-action
• test-github-action
• hub.microcks.io

Demonstrations

• microcks-testcontainers-java-spring-demo
• microcks-testcontainers-node-nest-demo
• microcks-testcontainers-go-demo
• api-lifecycle
• api-tooling

Documentation

• microcks.io

Community resources

• .github
• community
• microcks-quickstarters
• community-mocks

[yada]

I think we also need to include some workflow, ex: welcome-new-users.yml can be copied to all repos @lbroudoux agree?

[yada]

As a test and first workflow for this issue, let's start by replicating CODE_OF_CONDUCT.md to all repos:

• [x] Update ALL exclusion regex of each repo/workflow auto-build process
• [x] Activate replication workflow for CoC
• [x] Validate and update it for the other files

[yada]

CLOMonitor data source update (add repos and checks as described above) has been requested; see: https://github.com/cncf/clomonitor/pull/1571

[yada]

Sync and merged in all repos as described above done ✅ for files:

• Adopters infos
• Code of conduct

[yada]

https://github.com/microcks/.github/issues/16#issuecomment-2298916186 updated for #22

[yada]

https://github.com/microcks/.github/issues/16#issuecomment-2298916186 updated for #21

[lbroudoux]

A suggestion: we should update some PR descriptions that are not 100% correct according to semantic commit messages practices.

Typically, synchronization of files like ADOPTERS, BACKERS, GOVERNANCE, CODE_OF_CONDUCT, etc... should be marked as chore: update ADOPTERS.md from global .github repo and not not ci: ....

Stale issues management and welcoming new users tasks should be kept as ci: ...

[yada]

@lbroudoux Good point +1