Merge pull request #207 from DSACMS/dev

Merge Dev into Main

.github/extendJSON/resolve.py

@@ -1,5 +1,6 @@
 import sys
 import json
+import pydash
 from urllib.request import urlopen, Request
 
 def get_json_dict_from_url(url):
@@ -28,6 +29,8 @@ def resolve_extended_json_file(file_data_dict):
 
     resolve = resolve_extended_json_file(superJsonDict)
 
+    pydash.merge(resolve, file_data_dict)
+
     resolve['rules'].update(file_data_dict)
     resolve['rules'].pop('axioms')
     resolve['rules'].pop('$schema')

.github/workflows/checklistMarkdownToPDF.yml

@@ -0,0 +1,68 @@
+name: Converting outbound checklists from .md to .pdf
+on:
+    pull_request:
+        types: [opened, synchronize]
+    # Paths can be used to only trigger actions when you have edited checklist files
+        branches:
+        - 'checklists/**'
+        paths:
+        - 'tier*/checklist.md'
+
+jobs:
+  get-changed-directories:
+    name: Get changed directories
+    runs-on: ubuntu-latest
+    outputs:
+      tiers: ${{ steps.list-dirs.outputs.tiers }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+      - name: Get changed directories
+        id: get-dirs
+        uses: tj-actions/changed-files@v45
+        with:
+          dir_names: "true"
+      - name: List all changed tier directories
+        id: list-dirs
+        env:
+          ALL_CHANGED_FILES: ${{ steps.get-dirs.outputs.all_changed_files }}
+        run: |
+          # Obtain changed tier directories and format into array
+          DIRS=$(echo "$ALL_CHANGED_FILES" | grep -oE 'tier[^ ]*' | sed 's/^/"/; s/$/"/' | paste -sd, -)
+
+          # Output the array
+          TIER_DIRS="[$DIRS]"
+          echo "$TIER_DIRS"
+
+          echo "tiers=$TIER_DIRS" >> "$GITHUB_OUTPUT" 
+
+  convert-to-pdf:
+    name: Build PDF
+    runs-on: ubuntu-latest
+    needs: get-changed-directories
+    permissions:
+        contents: write
+    strategy:
+        max-parallel: 1
+        matrix:
+            tier: ${{ fromJSON(needs.get-changed-directories.outputs.tiers) }}  # List of changed tier directories
+    steps:
+      - uses: actions/checkout@v4
+        with:
+            ref: ${{ github.head_ref }}
+      - name: Generate PDF for ${{ matrix.tier }}
+        uses: baileyjm02/markdown-to-pdf@v1
+        with:
+          input_path: ${{ matrix.tier }}/checklist.md
+          images_dir: assets
+          image_import: ../assets
+          output_dir: ${{ matrix.tier }}/
+          build_html: false
+      - name: Commit and push ${{ matrix.tier }} PDF
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: "Updated ${{ matrix.tier }} checklist pdf"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/checks.yml

@@ -49,6 +49,8 @@ jobs:
           #
           # Default: "[Repolinter] Open Source Policy Issues"
           output_name: '[Repolinter] Tier 3 Repository Hygiene Issue'
+          label_name: 'Tier 3 Remediation'
+          label_color: 'ff69b4'
 
           # The default token is the repolinter token for the DSACMS org
           # You can change it if needed.

maturity-model-tiers.md

@@ -60,7 +60,7 @@ This document outlines the maturity model tiers.
 | File                     | Tier 0 | Tier 1 | Tier 2 | Tier 3 | Tier 4 |
 |--------------------------|--------|--------|--------|--------|--------|
 | LICENSE                  | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ |
-| SECURITY.md              | $\color{lightcoral}\large{\textsf{N}}$  | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ |
+| SECURITY.md              | $\color{blue}\large{\textsf{R}}$  | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ |
 | README.md                | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ |
 | CONTRIBUTING.md          | $\color{blue}\large{\textsf{R}}$ | $\color{blue}\large{\textsf{R}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$ |
 | MAINTAINERS.md           | $\color{lightcoral}\large{\textsf{N}}$ | $\color{lightcoral}\large{\textsf{N}}$ | $\color{blue}\large{\textsf{R}}$ | $\color{green}\large{\textsf{M}}$ | $\color{green}\large{\textsf{M}}$  |
@@ -98,7 +98,7 @@ This document outlines the maturity model tiers.
     <tr>
       <td>SECURITY.md</td>
       <td>Security & Responsible Disclosure Policy</td>
-      <td>$\color{lightcoral}\large{\textsf{N}}$</td>
+      <td>$\color{blue}\large{\textsf{R}}$</td>
       <td>$\color{green}\large{\textsf{M}}$</td>
       <td>$\color{green}\large{\textsf{M}}$</td>
       <td>$\color{green}\large{\textsf{M}}$</td>

requirements.txt

@@ -1 +1 @@
-cookiecutter==2.4.0
+cookiecutter==2.6.0

tier0/README.md

@@ -0,0 +1,26 @@
+# Tier 0: Private Repository
+
+## What is a Tier 0 Project?
+
+A **Tier 0** project is an **experimental or historical** repository that is **private** and generally used by a single developer or a small group. It typically includes working projects, example scripts, or early prototypes that serve as a foundation for future work or experimentation. This type of project is not shared publicly and often remains private due to its preliminary or incomplete nature.
+
+The main purpose of a Tier 0 project is to provide a space for initial development, exploration, and testing. These repositories generally lack formal documentation or governance structures that are typical of more mature projects.
+
+### Key Characteristics of a Tier 0 Project:
+- **Private** and often limited to individual or small team access.
+- Primarily **experimental or developmental** in nature.
+
+---
+
+## Files for a Tier 0 Project
+
+Although these projects are private, there are specific files that are required and recommended to include in the repository as part of the CMS Open Source Program Office's repository hygiene guidelines and standards.
+
+| **File**              | **Requirement** | **Description**                                                                                             |
+|-----------------------|-----------------|-------------------------------------------------------------------------------------------------------------|
+| `LICENSE`             | Mandatory        | Defines the licensing terms under which the project is distributed. |
+| `SECURITY.md`         | Recommended       | Outlines the agency's security policies, including how to report security issues or vulnerabilities in the code. |
+| `README.md`           |  Mandatory     | Provides an overview of the project, including its purpose, setup instructions, or any relevant notes for the developer(s). |
+| `CONTRIBUTING.md`     | Recommended        | Guidelines for contributing, useful if the project is later opened to collaborators or transitioned to a public repository. |
+
+For more information about sections and content within the files above, please visit [maturity-model-tiers.md](https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md).

tier0/{{cookiecutter.project_slug}}/README.md

@@ -20,9 +20,9 @@ TODO: Recommended to include since this is an agency-led project -->
 ### Team Mission
 TODO: Recommended to include since this is an agency-led project -->
 
-## Author / Team
+<!-- ## Core Team
 
-A full list of contributors can be found on [https://github.cms.gov/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors](https://github.cms.gov/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors).
+A full list of contributors can be found on [https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors](https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors). -->
 
 <!--
 ## Documentation Index
@@ -40,11 +40,11 @@ TODO: Using the "tree -d" command can be a helpful way to generate this informat
 **{list directories and descriptions}**
 -->
 
-## Running Locally
+<!--- 
+## Local Development
 
 ### Installation
-
-<!--- Example Install Instructions
+Example Install Instructions
 
 1. Clone the repo
 

tier0/{{cookiecutter.project_slug}}/SECURITY.md

@@ -0,0 +1,12 @@
+# Security and Responsible Disclosure Policy
+
+The Centers for Medicare & Medicaid Services is committed to ensuring the security of the American public by protecting their information from unwarranted disclosure. We want security researchers to feel comfortable reporting vulnerabilities they have discovered so we can fix them and keep our users safe. We developed our disclosure policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith.
+
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+
+Review the HHS Disclosure Policy and websites in scope:
+[https://www.hhs.gov/vulnerability-disclosure-policy/index.html](https://www.hhs.gov/vulnerability-disclosure-policy/index.html).
+
+This policy describes *what systems and types of research* are covered under this
+policy, *how to send* us vulnerability reports, and *how long* we ask security
+researchers to wait before publicly disclosing vulnerabilities.

tier1/checklist.md

@@ -34,7 +34,6 @@ This is a review process to approve CMS-developed software to be released open s
 [Flipping the Switch: Making the Repository Public](#flipping-the-switch-making-the-repository-public)
 
 
-
 ### State the Benefits of Open Sourcing the Project
 
 - [ ] **Cost Savings**

tier1/{{cookiecutter.project_slug}}/.github/codejson/hooks/post_gen_project.py

@@ -23,8 +23,17 @@ def get_scc_labor_hours():
         try:
             #Run scc and load results into a dictionary
             #assuming we are in the .git directory of the repo
-            d = json.loads(subprocess.run(["scc","..", "--format","json2"],check=True, capture_output=True).stdout)
-
+            cmd = ['scc', '..', '--format', 'json2', '--exclude-file']
+
+            # Currently only supports specific files
+            files_to_exclude = [
+                "checks.yml,README.md,CONTIRBUTING.md,LICENSE,repolinter.json,SECURITY.md"
+            ]
+
+            cmd.extend(files_to_exclude)
+
+            d = json.loads(subprocess.run(cmd,check=True, capture_output=True).stdout) 
+
             l_hours = d['estimatedScheduleMonths'] * 730.001
 
             return round(l_hours,2)
@@ -42,6 +51,13 @@ def prompt_exemption_text(exemptionType):
     print(f"You have selected {exemptionType} for your Usage Type.")
     return input("Please provide a one or two sentence justification for the exemption used: ")
 
+def format_multi_select_fields(text):
+    new_text = text.split(",")
+
+    new_text = [text.strip() for text in new_text]
+
+    return new_text
+
 def update_code_json(json_file_path):
     # Read the JSON 
     with open(json_file_path, 'r') as file:
@@ -50,18 +66,25 @@ def update_code_json(json_file_path):
     # Add date_information and labor hours to the JSON
     data['date'] = get_date_fields()
 
+    # Calculate labor hours
     hours = get_scc_labor_hours()
     if hours:
         data['laborHours'] = hours
     else:
         data['laborHours'] = None
 
+    # Check if usageType is an exemption
     if data['permissions']['usageType'].startswith('exempt'):
         exemption_text = prompt_exemption_text(data['permissions']['usageType'])
         data['permissions']['exemptionText'] = exemption_text
     else:
         del data['permissions']['exemptionText']
 
+    # Format multi-select options
+    data['categories'] = format_multi_select_fields(data['categories'][0])
+    data['languages'] = format_multi_select_fields(data['languages'][0])
+    data['tags'] = format_multi_select_fields(data['tags'][0])
+
     # Update the JSON 
     with open(json_file_path, 'w') as file:
         json.dump(data, file, indent = 2)

tier1/{{cookiecutter.project_slug}}/README.md

@@ -18,7 +18,7 @@ TODO: Recommended to include since this is an agency-led project -->
 
 ## Core Team
 
-A full list of contributors can be found on [https://github.cms.gov/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors](https://github.cms.gov/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors).
+A full list of contributors can be found on [https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors](https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/graphs/contributors).
 
 <!--
 ## Documentation Index

tier2/checklist.md

@@ -3,8 +3,7 @@
 
 ### Instructions
 
-This is a review process to approve CMS-developed software to be released open source at [github.cms.gov](https://github.cms.gov/).
-If you would like your repository to be released, please complete the following steps.
+This is a review process to approve CMS-developed software to be released open source at [github.cms.gov](https://github.cms.gov/). If you would like your repository to be released, please complete the following steps.
 
 [Instructions](#instructions)
 
@@ -35,7 +34,6 @@ If you would like your repository to be released, please complete the following
 [Flipping the Switch: Making the Repository Public](#flipping-the-switch-making-the-repository-public)
 
 
-
 ### State the Benefits of Open Sourcing the Project
 
 - [ ] **Cost Savings**

tier2/{{cookiecutter.project_slug}}/.github/codejson/hooks/post_gen_project.py

@@ -23,7 +23,16 @@ def get_scc_labor_hours():
         try:
             #Run scc and load results into a dictionary
             #assuming we are in the .git directory of the repo
-            d = json.loads(subprocess.run(["scc","..", "--format","json2"],check=True, capture_output=True).stdout)
+            cmd = ['scc', '..', '--format', 'json2', '--exclude-file']
+
+            # Currently only supports specific files
+            files_to_exclude = [
+                "checks.yml,auto-changelog.yml,contributors.yml,code.json,checklist.md,checklist.pdf,README.md,CONTIRBUTING.md,LICENSE,MAINTAINERS.md,repolinter.json,SECURITY.md,CODE_OF_CONDUCT.md,CODEOWNERS.md,COMMUNITY_GUIDELINES.md"
+            ]
+
+            cmd.extend(files_to_exclude)
+
+            d = json.loads(subprocess.run(cmd,check=True, capture_output=True).stdout)
 
             l_hours = d['estimatedScheduleMonths'] * 730.001
 
@@ -42,6 +51,13 @@ def prompt_exemption_text(exemptionType):
     print(f"You have selected {exemptionType} for your Usage Type.")
     return input("Please provide a one or two sentence justification for the exemption used: ")
 
+def format_multi_select_fields(text):
+    new_text = text.split(",")
+
+    new_text = [text.strip() for text in new_text]
+
+    return new_text
+
 def update_code_json(json_file_path):
     # Read the JSON 
     with open(json_file_path, 'r') as file:
@@ -50,18 +66,25 @@ def update_code_json(json_file_path):
     # Add date_information and labor hours to the JSON
     data['date'] = get_date_fields()
 
+    # Calculate labor hours
     hours = get_scc_labor_hours()
     if hours:
         data['laborHours'] = hours
     else:
         data['laborHours'] = None
 
+    # Check if usageType is an exemption
     if data['permissions']['usageType'].startswith('exempt'):
         exemption_text = prompt_exemption_text(data['permissions']['usageType'])
         data['permissions']['exemptionText'] = exemption_text
     else:
         del data['permissions']['exemptionText']
 
+    # Format multi-select options
+    data['categories'] = format_multi_select_fields(data['categories'][0])
+    data['languages'] = format_multi_select_fields(data['languages'][0])
+    data['tags'] = format_multi_select_fields(data['tags'][0])
+
     # Update the JSON 
     with open(json_file_path, 'w') as file:
         json.dump(data, file, indent = 2)