Initial commit

Author: Lstedmanfalls

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @mindbuttergold/admin

.github/workflows/check-community-approval.yaml

@@ -0,0 +1,26 @@
+name: Check Community Approval
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - labeled
+      - unlabeled
+
+permissions:
+  contents: read
+
+jobs:
+  check_approval:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for community approval
+        run: |
+          if [[ "${{ contains(github.event.pull_request.labels.*.name, 'community-approved') }}" == "true" ]]; then
+            echo "This PR has met the requirements for community approval."
+          else
+            echo "::error::This PR has not met the requirements for community approval."
+            exit 1
+          fi

.github/workflows/check-pr-thumbs-up.yaml

@@ -0,0 +1,78 @@
+name: Check PR Thumbs Up and Manage Labels
+
+on:
+  schedule:
+    - cron: '0 5 * * *'   # Runs daily at 10:00 PM MST (5:00 AM UTC next day)
+    - cron: '0 13 * * *'  # Runs daily at 6:00 AM MST (1:00 PM UTC)  
+    - cron: '0 19 * * *'  # Runs daily at 12:00 PM MST (7:00 PM UTC)
+
+permissions:
+  contents: read
+
+jobs:
+  check-pr-thumbs-up:
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.LABEL_PRS_TOKEN }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get Open PR numbers
+        id: get-open-prs
+        run: |
+          OPEN_PR_NUMS=$(gh api "/repos/${GITHUB_REPOSITORY}/pulls?state=open" -q '.[].number' | tr '\n' ' ' | sed 's/[[:space:]]*$//')
+
+          if [ -z "$OPEN_PR_NUMS" ]; then
+            echo "No open PRs found."
+            exit 0
+          fi
+
+          echo "The following PR numbers are open: $OPEN_PR_NUMS"
+          echo "OPEN_PR_NUMS=$OPEN_PR_NUMS" >> $GITHUB_ENV
+          echo "open_prs=true" >> $GITHUB_OUTPUT
+
+      - name: Get PR Thumbs Up Counts and Manage Labels
+        if: steps.get-open-prs.outputs.open_prs == 'true'
+        run: |
+          OPEN_PR_NUMS="${{ env.OPEN_PR_NUMS }}"
+          eval "set -- $OPEN_PR_NUMS"
+
+          for PR_NUMBER in "$@"; do
+
+            PR_AUTHOR=$(gh api repos/${GITHUB_REPOSITORY}/pulls/$PR_NUMBER --jq '.user.login')
+            
+            THUMBS_UP_COUNT_EXCLUDING_AUTHOR=$(gh api \
+              -H "Accept: application/vnd.github+json" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              "/repos/${GITHUB_REPOSITORY}/issues/$PR_NUMBER/reactions" \
+              -q "[.[] | select(.content == \"+1\" and .user.login != \"$PR_AUTHOR\")] | length")   
+            echo "PR #$PR_NUMBER has $THUMBS_UP_COUNT_EXCLUDING_AUTHOR thumbs up excluding from the author."
+
+            if [ "$THUMBS_UP_COUNT_EXCLUDING_AUTHOR" -ge 5 ]; then
+              echo "Adding 'community-approved' label to PR #$PR_NUMBER."
+              gh api -X POST \
+                -H "Accept: application/vnd.github+json" \
+                -H "X-GitHub-Api-Version: 2022-11-28" \
+                "/repos/${GITHUB_REPOSITORY}/issues/$PR_NUMBER/labels" \
+                -f "labels[]=community-approved" > /dev/null
+            
+            else
+              echo "PR #$PR_NUMBER does not have enough thumbs up reactions."
+
+              HAS_COMMUNITY_APPROVED_LABEL=$(gh api \
+                -H "Accept: application/vnd.github+json" \
+                -H "X-GitHub-Api-Version: 2022-11-28" \
+                "/repos/${GITHUB_REPOSITORY}/issues/$PR_NUMBER/labels" \
+                -q '[.[] | select(.name == "community-approved")] | length')
+              
+              if [ "$HAS_COMMUNITY_APPROVED_LABEL" -gt 0 ]; then
+                echo "PR #$PR_NUMBER has the 'community-approved' label."
+                echo "Removing 'community-approved' label from PR #$PR_NUMBER."
+                gh api -X DELETE \
+                  -H "Accept: application/vnd.github+json" \
+                  -H "X-GitHub-Api-Version: 2022-11-28" \
+                  "/repos/${GITHUB_REPOSITORY}/issues/$PR_NUMBER/labels/community-approved" > /dev/null
+              fi
+            fi
+          done

.github/workflows/ossf-scorecard.yaml

@@ -0,0 +1,30 @@
+name: OSSF Scorecard
+on:
+  schedule:
+    - cron: '0 5 * * 1' # Every Sunday at 10pm MST (5:00 UTC)
+  push:
+    branches: [ "main" ]
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@v2.4.2
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          repo_token: ${{ secrets.OSSF_SCORECARD_TOKEN }}
+          publish_results: true

.github/workflows/semver-release.yaml

@@ -0,0 +1,38 @@
+name: Semver Release
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - name: Install Conventional Commits Preset Dependency
+        run: npm i conventional-changelog-conventionalcommits@v9 -D
+
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npx semantic-release@24

.github/workflows/validate-pr-title.yaml

@@ -0,0 +1,21 @@
+name: "Validate PR Title"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - reopened
+
+permissions:
+  contents: read
+
+jobs:
+  validate_pr_title:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,6 @@
+# IDE specific files
+.idea/
+.vscode/
+
+# Mac
+.DS_Store

.releaserc.yaml

@@ -0,0 +1,9 @@
+{
+  "preset": "conventionalcommits",
+  "plugins":
+    [
+      "@semantic-release/commit-analyzer",
+      "@semantic-release/release-notes-generator",
+      "@semantic-release/github",
+    ],
+}

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 mindbuttergold
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,30 @@
+# template-repo
+
+[![CodeQL](https://github.com/mindbuttergold/template-repo/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/mindbuttergold/template-repo/actions/workflows/github-code-scanning/codeql) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/mindbuttergold/template-repo/badge)](https://scorecard.dev/viewer/?uri=github.com/mindbuttergold/template-repo) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10740/badge)](https://www.bestpractices.dev/projects/10740)
+
+Template repo with foundational config and workflows applicable across all repository setups
+
+## Included Components
+
+This template repository provides the following components:
+- README.md
+- Minimal .gitignore
+- MIT OSS License
+- CODEOWNERS file
+- Semantic Release config file and Github Actions workflow
+  - Automatically handles repository releases based on Conventional Commit standards
+- PR title validation Github Actions workflow
+  - Ensures PR title complies with Conventional Commit standards for use with squash merging / semantic release automation
+- Custom PR thumbs up check Github Actions workflow
+  - Checks all open PRs in the repo for thumbs up reactions from at least 5 community members, excluding the PR author
+  - If 5+ thumbs up on PR, automatically adds "community-approved" label to PR
+  - If "community-approved" label was previously added, but thumbs up reduced to below 5, it removes the label
+- Custom community approval label check
+  - Checks if the "community-approved" label is present on the PR
+  - Serves as a required check for PR mergeability
+
+## Usage
+
+Admin / maintainers of the mindbuttergold organization can use this template to create a new repository. The new repository will contain all of the files in this repository.
+
+The only repo-specific changes that need to be made for the new repo are to this README. The badge URLs must be updated, and the openssf best practices self-certification process must be re-conducted for each repo.