ACCESSIBILITY.md/.github/workflows/maintain-trusted-sources.yml at main · JoeOakhartNava/ACCESSIBILITY.md · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Maintain TRUSTED_SOURCES.yaml

on:
  schedule:
    # Run monthly on the 1st at 00:00 UTC
    - cron: '0 0 1 * *'
  workflow_dispatch:
    inputs:
      full_scan:
        description: 'Perform full scan including topic_tags update'
        required: false
        type: boolean
        default: false
      skip_validation:
        description: 'Skip URL validation (metadata enrichment only)'
        required: false
        type: boolean
        default: false

permissions:
  contents: write
  pull-requests: write

jobs:
  maintain-sources:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'
          cache: 'pip'

      - name: Install dependencies
        run: |
          pip install -r .github/scripts/requirements.txt

      - name: Run maintenance script
        run: |
          python .github/scripts/maintain_trusted_sources.py \
            ${{ inputs.full_scan && '--full-scan' || '' }} \
            ${{ inputs.skip_validation && '--skip-validation' || '' }}

      - name: Check for changes
        id: check_changes
        run: |
          if git diff --quiet examples/TRUSTED_SOURCES.yaml .github/data/url_error_history.json; then
            echo "has_changes=false" >> $GITHUB_OUTPUT
          else
            echo "has_changes=true" >> $GITHUB_OUTPUT
          fi

      - name: Create Pull Request
        if: steps.check_changes.outputs.has_changes == 'true'
        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: 'chore: Update TRUSTED_SOURCES.yaml metadata'
          title: 'Monthly maintenance of TRUSTED_SOURCES.yaml'
          body: |
            ## Automated Maintenance Report

            This PR contains automated updates to `TRUSTED_SOURCES.yaml`:

            - ✅ URL validation completed
            - 📝 Metadata enrichment performed
            - 🔍 Quality checks passed

            ### Changes Made

            - URLs returning 404 have been flagged or removed per policy
            - Missing metadata fields have been filled in where possible
            - Content freshness has been evaluated
            - License and owner information has been updated

            ### Review Guidelines

            Please review:
            1. Any sources marked as "not active" - verify they should be inactive
            2. Any sources removed - confirm they had 404 errors twice
            3. Newly added metadata - verify accuracy
            4. License detections - confirm they are correct

            **Note**: This is an automated PR. Please carefully review all changes before merging.

            ---
            Generated by `.github/workflows/maintain-trusted-sources.yml`
          branch: automated/maintain-trusted-sources
          delete-branch: true
          labels: |
            automated
            maintenance
            documentation

      - name: Summary
        if: always()
        run: |
          echo "## Maintenance Summary" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          if [ "${{ steps.check_changes.outputs.has_changes }}" == "true" ]; then
            echo "✅ Changes detected and PR created" >> $GITHUB_STEP_SUMMARY
          else
            echo "✅ No changes needed - all sources are up to date" >> $GITHUB_STEP_SUMMARY
          fi