Create initial files from repo-scaffolder

Author: Nolski

.github/CODEOWNERS.md

@@ -0,0 +1,35 @@
+# Code Owners
+
+<!-- TODO: Who are the points of contact in your project who are responsible/accountable for the project? This can often be an engineering or design manager or leader, who may or may not be the primary maintainers of the project. List them by GitHub Username-->
+
+
+- nolski
+- zungundp
+
+
+## Repo Domains
+
+<!--
+The Repo Domains section of your CODEOWNERS.md file helps manage code review responsibilities efficiently. Each domain represents a different aspect of the repository, such as documentation, frontend, backend, DevOps, testing, etc. In this section, list each domain and assign the appropriate GitHub usernames or teams responsible for that domain. This ensures that pull requests (PRs) are reviewed by the right experts, maintaining high code quality and relevance.
+
+For example:
+
+/docs/ @doc-team @johnsmith @janedoe
+
+/frontend/ @frontend-team @alice @bob
+
+/backend/ @backend-team @charlie @dana
+
+Furthermore, GitHub teams are a good feature for managing groups of contributors who need to be notified about specific domains within a repository. By creating and using GitHub teams, you can allow contributors to ping multiple relevant experts simultaneously.
+
+To set up GitHub teams:
+
+- Navigate to your organization's settings and select "Teams".
+- Create a new team for each domain, such as @frontend-team, @backend-team, or @doc-team.
+- Add the relevant members to each team. Ensure that the team includes all the individuals who should be notified about PRs in their domain.
+- When filling out the Repo Domains section in your CODEOWNERS.md file, use the team handles instead of or alongside individual usernames. This way, when a contributor opens a PR affecting a specific domain, they can simply tag the team, and every member of that team will be notified.
+
+-->
+
+/docs/ {Git usernames of documentation owners}  
+/frontend/ {Git usernames of frontend owners}

.github/ISSUE_TEMPLATE/add_team_request.md

@@ -0,0 +1,20 @@
+---
+name: Add Team to Repository Request Ticket
+about: Ticket for requesting team to be added to repository
+title: "[REQUEST]: "
+labels: # TODO: Add labels for categorization of requests
+assignees: # TODO: Add organization owner or help desk team
+---
+
+## Request a New Team to be Added to a Repository
+
+Please fill out the form below to request a new team to be added to a repository.
+
+### Information Required
+
+Team Name: <!-- Provide the team name you'd like to grant access to the repo -->
+Reason for Access: <!-- Provide a 1-2 sentence explanation for access -->
+
+### Additional Notes (Optional)
+
+<!-- Provide any additional context or requests -->

.github/ISSUE_TEMPLATE/outside_collaborator_request.md

@@ -0,0 +1,22 @@
+---
+name: Outside Collaborator Repository Access Request Ticket
+about: Ticket for requesting outside collaborator to be added to repository
+title: "[REQUEST]: "
+labels: # TODO: Add labels for categorization of requests
+assignees: # TODO: Add organization owner or help desk team
+---
+
+## Request an outside collaborator to be added to repository
+
+For individuals that are not members of the UNDP GitHub organization, these outside collaborators can request access to a repository. Fill out this issue to file the request or make a pull request to the `COMMUNITY.md` file, then a repository admin will grant access.
+
+### Information Required
+
+Name of individual:
+GitHub username:
+Role in project:
+Role in repository according to COMMUNITY.md (Maintainer, Approver, Reviewer):
+
+### Additional Notes (Optional)
+
+<!-- Provide any additional context or requests -->

.github/codejson/cookiecutter.json

@@ -0,0 +1,67 @@
+{
+    "project_name": "UNDP National Carbon Credit Registry", 
+    "project_repo_name": "undp-national-carbon-registry",
+    "project_org": "UNDP", 
+    "description": "A short description of the project.",
+    "long_description": "A longer description of the project.",
+    "status": ["ideation", "development", "alpha", "beta", "release candidate", "production", "archival"],
+    "license": ["CC0-1.0", "Apache-2.0", "MIT", "MPL-2.0", "GPL-2.0-only", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-only", "LGPL-3.0-only", "BSD-2-Clause", "BSD-3-Clause", "EPL-2.0", "Other"],
+    "usage_type" : ["openSource", "governmentWideReuse", "exemptByLaw", "exemptByNationalSecurity", "exemptByAgencySystem", "exemptByAgencyMission", "exemptByCIO", "exemptByPolicyDate"],
+    "repository_host": ["github.com/CMSgov", "github.com/CMS-Enterprise", "github.com/DSACMS", "github.cms.gov", "CCSQ GitHub"],
+    "repository_visibility": ["public", "private"],
+    "vcs": ["git", "hg", "svn", "rcs", "bzr"],
+    "forks": 0,
+    "platforms": "web, windows, mac, linux, ios, android, other",
+    "categories": "healthcare",
+    "software_type":["standalone/mobile", "standalone/iot", "standalone/desktop", "standalone/web", "standalone/backend", "standalone/other", "addon", "library", "configurationFiles"],
+    "languages": "",
+    "maintenance": ["internal", "contract", "community", "none"],
+    "contract_number": 0,
+    "tags": "dsacms-tier2",
+    "contact_email": "opensource@cms.hhs.gov",
+    "contact_name": "CMS Open Source Program Office",
+    "feedback_mechanisms": "https://github.com/UNDP/undp-national-carbon-registry/issues",
+    "localisation": ["true", "false"],
+    "repository_type" : ["Package", "Website", "Standards", "Libraries", "Data", "Apps", "Tools", "APIs", "Docs"],
+    "user_input": ["Yes", "No"],
+    "fisma_level": ["Low", "Moderate", "High"],
+    "group": "CMS/OA/DSAC",    
+    "projects": "",
+    "systems": "",
+    "upstream": "",
+    "subset_in_healthcare": "Policy, Operational, Medicare, Medicaid",
+    "user_type": "Providers, Patients, Government",
+   "__prompts__": {
+        "project_name": "What is the name of the project or software?",
+        "project_repo_name": "What is the name of the repository?",
+        "project_org": "What CMS GitHub organization is it under?",
+        "description": "Provide a short description of the software. It should be a single line containing a single sentence. Maximum 150 characters are allowed.",
+        "long_description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.",
+        "status": "What is the status of the project?",
+        "license": "What license is the project under?",
+        "usage_type": "What is the usage type for this project? For more information on each option, visit github.com/DSACMS/gov-codejson",
+        "repository_host": "Where is the repository hosted?",
+        "vcs": "What version control system is used?",
+        "forks": "How many forks does the repository have?",
+        "platforms": "What platform does the software runs on? Separate items by commas.",
+        "categories": "What categories best describes the project? Separate items by commas. List of categories here: https://yml.publiccode.tools/categories-list.html?highlight=categories",
+        "software_type": "What type of software is the project?",
+        "languages": "What programming language(s) is the software written in? Separate items by commas.",
+        "maintenance": "How is the software maintained?",
+        "contract_number": "What is the contractor number of the project?",
+        "tags": "Provide a list of tags to describe the software for search. Separate items by commas.",
+        "contact_name": "A point of contact is needed for the project. What is the name of the point of contact?",
+        "contact_email": "What is email address of the point of contact?",
+        "feedback_mechanisms": "What are methods a repository receives feedback from the community (e.g. URL to GitHub repository issues page, website, email)",
+        "localisation": "Does the software support multiple spoken languages?",
+        "repository_type": "What type of repository is this project?",
+        "user_input": "Does the project accept user input? (e.g. allows user to query a database, allows login by users, upload files, etc.)",
+        "fisma_level": "What FISMA level is this project classified as? Learn more: https://security.cms.gov/learn/federal-information-security-modernization-act-fisma#perform-system-risk-categorization",
+        "group": "Which group at CMS is the project part of?",
+        "projects": "What project is the repository associated with? Separate items by commas.",
+        "systems": "What systems does the repository use or interface with? Separate items by commas.",
+        "upstream": "What upstream dependencies does the repository use? Separate items by commas.",
+        "subset_in_healthcare": "Which subset of healthcare does the project belong to?",
+        "user_type": "Who are the intended users?"
+    }
+}

.github/workflows/auto-changelog.yml

@@ -0,0 +1,15 @@
+name: Changelog
+on:
+  release:
+    types:
+      - created
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Auto Generate changelog"
+        uses: heinrichreimer/action-github-changelog-generator@v2.3
+        with:
+          
+          token: ${{ secrets.GITHUB_TOKEN }}
+          

.github/workflows/contributors.yml

@@ -0,0 +1,78 @@
+name: Update Contributors Information
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    # Weekly on Saturdays.
+    - cron: "30 1 * * 6"
+  push:
+    branches: [main]
+
+jobs:
+  update-contributors:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  
+
+      - name: Update contributor list
+        id: contrib_list
+        uses: akhilmhdh/contributors-readme-action@v2.3.10
+        env:
+          
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          
+        with:
+          readme_path: COMMUNITY.md
+          use_username: false
+          commit_message: "update contributors information"
+
+      - name: Get contributors count
+        id: get_contributors
+        env:
+          
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          
+
+        run: |
+            OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1)
+            REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2)
+            QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }'
+
+            CONTRIBUTORS=$(gh api \
+              -H "Accept: application/vnd.github+json" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              "/repos/$OWNER/$REPO/contributors?per_page=100" | \
+              jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length')
+
+            echo "Total contributors: $CONTRIBUTORS"
+            echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT
+
+
+      - name: Update COMMUNITY.md
+        run: |
+          
+          CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}"
+          
+
+          perl -i -pe 's/(<!--CONTRIBUTOR COUNT START-->).*?(<!--CONTRIBUTOR COUNT END-->)/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md
+
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+          git add COMMUNITY.md
+          git commit -m "update contributors count to $CONTRIBUTORS" || exit 0
+
+      - name: Push protected
+        uses: CasperWA/push-protected@v2
+        with:
+          
+          token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }}
+          
+
+          branch: main

.github/workflows/gitleaks.yml

@@ -0,0 +1,15 @@
+name: Check for Secrets
+on:
+    pull_request:
+    push:
+
+jobs:
+  scan-for-secrets:
+    name: Run gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with: {fetch-depth: 0}
+
+      - name: Check for GitLeaks
+        uses: gacts/gitleaks@v1

.github/workflows/repoHygieneCheck.yml

@@ -0,0 +1,80 @@
+name: "Repository Hygiene Check"
+on:
+  push:
+    branches:
+      - 'main'
+  workflow_dispatch:
+
+jobs:
+  check-first-run:
+    name: Check For First Run
+    runs-on: ubuntu-latest
+    outputs:
+      
+      should_run: ${{ steps.check.outputs.should_run }}
+      
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - id: check
+        run: |
+          # If manually triggered, always run
+          
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+          
+            echo "should_run=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+          
+          # Check if initialization label exists
+          has_label=$(gh label list --json name | jq '.[] | select(.name=="repolinter-initialized")')
+
+          if [[ -z "$has_label" ]]; then
+            # First time - create label and allow run
+            gh label create repolinter-initialized --description "Marks repo as having run initial repolinter check"
+            echo "should_run=true" >> $GITHUB_OUTPUT
+          else
+            echo "should_run=false" >> $GITHUB_OUTPUT
+          fi
+        env:
+          
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          
+
+  resolve-repolinter-json:
+    name: Get Repolinter Config
+    needs: check-first-run
+    
+    if: needs.check-first-run.outputs.should_run == 'true'
+    
+    uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main
+    with: 
+      url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier2/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json'
+  
+  repolinter-checks:
+    name: Tier 2 Checks
+    needs: [check-first-run, resolve-repolinter-json]
+    
+    if: needs.check-first-run.outputs.should_run == 'true'
+    
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    env:
+      
+      RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json }}
+      
+    steps:
+      - uses: actions/checkout@v4
+      - run: echo $RAW_JSON > repolinter.json
+      - uses: DSACMS/repolinter-action@main
+        with:
+          config_file: 'repolinter.json'
+          output_type: 'pull-request'
+          pull_request_labels: 'repolinter-initialized, cms-oss, cms-gov'
+          
+          token: ${{ secrets.REPOLINTER_AUTO_TOKEN }}
+