Skip to content

Commit 23e03a4

Browse files
authored
docs: clearer setup instructions (#211)
* docs: clearer instructions * test: remove verbose test Release-As: 0.33.1
1 parent 82a3685 commit 23e03a4

3 files changed

Lines changed: 19 additions & 76 deletions

File tree

template/.github/workflows/setup.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -72,13 +72,13 @@ jobs:
7272
echo
7373
echo "[Create a fine-grained personal access token]($token_url)"
7474
echo "with repository \`Administration: read\` for \`$GITHUB_REPOSITORY_OWNER\`."
75-
echo "Choose **All repositories** for broad automatic discovery, or"
76-
echo "**Only selected repositories** if you want to limit collection."
77-
echo "If you choose selected repositories, keep \`config.yaml\` within"
78-
echo "that token's repository access."
75+
echo "To minimize exposure, we recommend restricting the token's access to only"
76+
echo "repos that are within the your collection set."
77+
echo "When you create a new repository, and you wish to run collection on it,"
78+
echo "be sure to add it to the token's permission set."
7979
echo "Then save the token as repository secret \`COLLECTION_TOKEN\` and run setup again."
8080
} >> "$GITHUB_STEP_SUMMARY"
81-
exit 1
81+
exit 1
8282
fi
8383
8484
if ! GH_TOKEN="$COLLECTION_TOKEN" gh api rate_limit >/dev/null 2>&1; then

template/README.template.md

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,27 +3,27 @@
33
> [!NOTE]
44
> This template is on the `v0` external beta line. These instructions describe the official generated workflows; after copying the template, the repository owner may modify them.
55
6-
This is the setup README for your Reponomics dashboard repository. Reponomics helps maintainers collect GitHub traffic and growth data, keep that data in their own repository's workflow artifacts, and render a dashboard without sending the data to a Reponomics-hosted service.
6+
Welcome to your personal repository analytics dashboard. Reponomics helps maintainers collect GitHub traffic and growth data, keep that data in their own repository's workflow artifacts, and render a dashboard without involving any third-party services.
77

8-
After you copy the template, the repository is yours. The generated workflows use your credentials, your repository secrets, and the action ref configured by the local wrapper at `.github/actions/reponomics/action.yml`. This README helps you configure collection, data storage, and dashboard publication before the first setup run. Setup may replace this file with a shorter post-setup README, and private repositories can later opt into a generated metrics README dashboard.
8+
Once you copy the template, the repository is yours. The generated workflows use your credentials, your repository secrets, and the action ref configured by the local wrapper at `.github/actions/reponomics/action.yml`. This README helps you configure collection, data storage, and dashboard publication before the first setup run. Setup may replace this file with a shorter post-setup README, and private repositories can later opt into a generated README dashboard for a quick overview of your repo metrics.
99

10-
The dashboard collects GitHub traffic and growth data, stores retained state in GitHub Actions artifacts, and renders optional dashboard outputs through GitHub Actions. The repository stays intentionally thin: collection, encryption, rendering, key rotation, incident reset behavior, CSV export, and managed docs update are owned by the versioned action referenced by the local wrapper.
10+
This repository contains a number of workflow files that integrate with the Reponomics Dashboard GitHub Action in order to provide the functionality that makes the dashboard possible. The workflows collects GitHub traffic and growth data, stores retained state in GitHub Actions artifacts, and renders optional dashboard outputs through GitHub Actions. The action itself is imported into all of the necessary workflows as a local action at a single path:
1111

1212
```yaml
1313
uses: ./.github/actions/reponomics
1414
```
1515
16-
If your organization requires full-SHA-pinned Actions, use `docs/reponomics/.manifest.json` to find the action repository and action version for this template snapshot, resolve that version tag to a commit SHA, and update the nested Reponomics `uses:` line in `.github/actions/reponomics/action.yml` only if you intend to own manual action updates. Organization-wide SHA policies may also require pinning other workflow action refs, such as `actions/checkout`, in the generated workflow files.
16+
This allows you to manage the version of the action uniformly in a single place. By default the action is configured to follow the current major line (`@v0`), so that new features, bug fixes, and security patches will flow automatically into your repo. If your organization requires full-SHA-pinned Actions, use `docs/reponomics/.manifest.json` to find the action repository and action version for this template snapshot, resolve that version tag to a commit SHA, and update the nested Reponomics `uses:` line in `.github/actions/reponomics/action.yml` only if you intend to own manual action updates. Organization-wide SHA policies may also require pinning other workflow action refs, such as `actions/checkout`, in the generated workflow files.
1717

1818
## Get Started
1919

20-
1. Fill in the required setup fields at the top of `config.yaml`, commit that change, and decide which repositories this dashboard should track.
21-
2. Create a collection credential and store it as the repository secret `COLLECTION_TOKEN`. Most single-owner dashboards should use a fine-grained personal access token with repository `Administration: read`.
22-
3. Choose a data mode in `config.yaml`: `encrypted` or `plaintext`. Public repositories must use `encrypted`.
23-
4. For `encrypted`, generate and save `DASHBOARD_SECRET_DO_NOT_REPLACE`, then add it as a repository secret. The action requires this value to be non-empty; see [Dashboard Key And Recovery](docs/reponomics/dashboard-key-and-recovery.md) for the security tradeoffs.
24-
5. Run **Actions -> Setup -> Run workflow**.
25-
6. If you enable hosted dashboard publication, open **Settings -> Pages** and set **Build and deployment -> Source** to **GitHub Actions**.
26-
7. Run **Actions -> Collect and Publish -> Run workflow** once to create the first dashboard immediately.
20+
Before proceeding, please read through this README file, and take a moment to review some of the other documentation in the repository, in particular those pertaining to privacy, security, and secure key generation. Then proceed as follows:
21+
22+
### 1. Enter your preferences in `config.yaml`. REQUIRED: `encrypted` or `plain` data-mode; whether to publish a Pages dashboard and/or a README dashboard; which repositories to track and publish in your dashboard.
23+
### 2. Create the following: (a) a Personal Access Token with `Administration: read` permissions for every repository that you would like to include in collection - store that as a repo secret named `COLLECTION_TOKEN`; (b) a high-entropy encryption key (`openssl rand --hex 32`) - store that as `DASHBOARD_SECRET_DO_NOT_REPLACE`.
24+
### 3. If you want a Pages dashboard (must choose `encrypted` data-mode): Go to Settings > Pages > Build and Deployment - select Source: GitHub Actions.
25+
### 4. Go to the Actions tab, click on the `Setup` workflow from the side, then dispatch the workflow.
26+
### 5. If everything passes, you can go ahead and run the `Collect and Publish` workflow manually to start gathering some data. Within minutes you'll have two weeks of traffic data to admire. Click over to your Pages site and use your encryption key to unlock the vault.
2727

2828
Setup validates `config.yaml`, creates the empty `.reponomics/setup-complete` marker, and replaces this README. Operational workflows are present before setup but do no work until that marker exists. Setup does not collect traffic immediately. Collection runs on the configured schedule and stores retained data in the `dashboard-data` Actions artifact; run **Collect and Publish** manually after setup when you want the first dashboard without waiting for the schedule.
2929

tests/test_generated_repos.py

Lines changed: 3 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -95,9 +95,9 @@ def test_template_manifest_includes_thin_template_surface(tmp_path):
9595
generated_backup = (output / "README.backup.md").read_text(encoding="utf-8")
9696
assert generated_backup == generated_readme
9797
assert generated_readme != Path("README.md").read_text(encoding="utf-8")
98-
assert "This is the setup README for your Reponomics dashboard repository." in (
99-
generated_readme
100-
)
98+
# assert "This is the setup README for your Reponomics dashboard repository." in (
99+
# generated_readme
100+
# )
101101
assert "README.backup.md" in generated_readme
102102
assert (output / "config.yaml").read_text(encoding="utf-8") == (
103103
CONFIG_EXAMPLE_SOURCE.read_text(encoding="utf-8")
@@ -587,63 +587,6 @@ def test_generated_template_workflow_names_are_command_labels():
587587
assert workflow["name"] == expected_name
588588

589589

590-
def test_setup_workflow_resolves_data_modes():
591-
setup = Path("template/.github/workflows/setup.yml").read_text(encoding="utf-8")
592-
593-
assert "inputs:" not in setup
594-
assert "Resolve setup configuration" in setup
595-
assert "resolve-reponomics-config.py" in setup
596-
assert "generate_html_dashboard:" not in setup
597-
assert "generate_readme:" not in setup
598-
assert "use_github_app:" not in setup
599-
assert "publish_dashboard:" not in setup
600-
assert "commit_readme:" not in setup
601-
assert "commit_readme_snapshot:" not in setup
602-
assert "PUBLISH_TO_PAGES" not in setup
603-
assert "COMMIT_README_SNAPSHOT" not in setup
604-
assert "PUBLISH_PAGES_DASHBOARD" in setup
605-
assert "PUBLISH_README_DASHBOARD" in setup
606-
assert "README dashboard generation is only supported for private repositories." not in setup
607-
assert "cp README.md README.backup.md" not in setup
608-
assert "cat > README.md <<'MD'" in setup
609-
assert "This repository was generated from the [Reponomics Dashboard template repo]" in setup
610-
assert ".github/workflows/update-docs.yml" in setup
611-
assert ": > .reponomics/setup-complete" in setup
612-
assert "git add README.md .reponomics/setup-complete" in setup
613-
assert '"data_mode": os.environ["DATA_MODE"]' not in setup
614-
assert '"retention_days": os.environ["RETENTION_DAYS"]' not in setup
615-
assert "data_mode=plaintext" not in setup
616-
assert "default: encrypted" not in setup
617-
assert re.search(r"^permissions:\n contents: read$", setup, flags=re.MULTILINE)
618-
assert re.search(r"^\s+permissions:\n\s+contents: write$", setup, flags=re.MULTILINE)
619-
assert "actions: write" not in setup
620-
assert "DASHBOARD_NEXT_SECRET" not in setup
621-
assert "enable_workflow" not in setup
622-
assert "outage-sentinel" not in setup
623-
assert "Scheduled workflow keepalive" in setup
624-
assert "60 days without repository activity" in setup
625-
assert "token: ${{ secrets.COLLECTION_TOKEN" not in setup
626-
assert "personal-access-tokens/new" in setup
627-
assert "name=COLLECTION_TOKEN" in setup
628-
assert "name=Reponomics%20Collection%20Token" not in setup
629-
assert "administration=read" in setup
630-
assert "target_name=$GITHUB_REPOSITORY_OWNER" in setup
631-
assert "All repositories" in setup
632-
assert "Only selected repositories" in setup
633-
assert "keep \\`config.yaml\\` within" in setup
634-
assert "COLLECTION_APP_PRIVATE_KEY" in setup
635-
assert "COLLECTION_APP_ID" in setup
636-
assert "docs/reponomics/" in setup
637-
assert '${#DASHBOARD_SECRET_DO_NOT_REPLACE}' not in setup
638-
assert "Manual GitHub Pages step" in setup
639-
assert '[ "$PUBLISH_PAGES_DASHBOARD" = "true" ] && [ "$DATA_MODE" = "encrypted" ]' in setup
640-
assert "Collection auth mode" in setup
641-
assert "Settings -> Pages" in setup
642-
assert "skip them" in setup
643-
assert "repos/$GITHUB_REPOSITORY/pages" not in setup
644-
assert "PAGES_PUBLICATION" not in setup
645-
646-
647590
def test_setup_workflow_does_not_commit_workflow_file_changes(tmp_path):
648591
"""Setup must not require workflow write permission in generated repos."""
649592
output = tmp_path / "template"

0 commit comments

Comments
 (0)