Bootstrap repository for v1.0.0

[nwiltsie]

Description

Continuing on from the discussion in https://github.com/uclahs-cds/group-infrastructure/discussions/62#discussioncomment-9135287, this repository is the new home of the build-and-deploy-docs action from https://github.com/uclahs-cds/tool-Nextflow-action.

Nearly all of the code in the PR is identical to the old action, with a few tweaks that I'll detail below.

Substantial Changes

I wanted to include the actions/checkout step inside this action, but as the original was a Docker container action there was not a simple mechanism to add that in.

To work around that, I modified this example and buried the original action into an internal-action folder. Then, I added a new wrapper composite action with the same arguments that ran actions/checkout before calling the internal-action.

Similar to the discussion in uclahs-cds/tool-static-analysis#1 (comment) (composite actions can't access the github context), that does require copying the internal-action folder into the .git/ folder of the calling repository to work.

tool-generate-docs/action.yml

Lines 14 to 25 in b8f9612

	runs:
	using: "composite"
	steps:
	- uses: actions/checkout@v4
	- shell: bash
	run: cp -r '${{ github.action_path }}/internal-action' .git/
	- uses: ./.git/internal-action
	with:
	readme: ${{ inputs.readme }}
	mkdocs_config: ${{ inputs.mkdocs_config }}

The only file that needed to be changed to make this work was the (not actually involved with the action) helper script backfill.py:

--- tool-Nextflow-action/build-and-deploy-docs/backfill.py	2024-03-07 13:10:16
+++ tool-generate-docs/internal-action/backfill.py	2024-04-23 14:01:58
@@ -134,6 +134,7 @@

     checkrun(
         ["docker", "build", ".", "-t", image],
+        cwd=Path(__file__).parent,
         context="building Docker image"
     )

The rest of the copied files are identical:

• Dockerfile
• action.py
• create_mkdocs_config.py
• requirements.txt
• action.yml

Checklist

• This PR does NOT contain Protected Health Information (PHI). A repo may need to be deleted if such data is uploaded.
  Disclosing PHI is a major problem¹ - Even a small leak can be costly².

• This PR does NOT contain germline genetic data³, RNA-Seq, DNA methylation, microbiome or other molecular data⁴.

• This PR does NOT contain other non-plain text files, such as: compressed files, images (e.g. .png, .jpeg), .pdf, .RData, .xlsx, .doc, .ppt, or other output files.

  To automatically exclude such files using a .gitignore file, see here for example.

• I have read the code review guidelines and the code review best practice on GitHub check-list.

• I have set up or verified the main branch protection rule following the github standards before opening this pull request.

• The name of the branch is meaningful and well formatted following the standards, using [AD_username (or 5 letters of AD if AD is too long)]-[brief_description_of_branch].

• I have added the major changes included in this pull request to the CHANGELOG.md under the next release version or unreleased, and updated the date.

Footnotes

1. UCLA Health reaches $7.5m settlement over 2015 breach of 4.5m patient records ↩

2. The average healthcare data breach costs $2.2 million, despite the majority of breaches releasing fewer than 500 records. ↩

3. Genetic information is considered PHI.
   Forensic assays can identify patients with as few as 21 SNPs ↩

4. RNA-Seq, DNA methylation, microbiome, or other molecular data can be used to predict genotypes (PHI) and reveal a patient's identity. ↩

[wiz-inc-8da00b022c]

Wiz Scan Summary

IaC Misconfigurations
Vulnerabilities
Sensitive Data
Total
Secrets

[nwiltsie]

Ignore Wiz, it's wrong:

Docker actions must be run by the default Docker user (root). Do not use the USER instruction in your Dockerfile, because you won't be able to access the GITHUB_WORKSPACE directory. For more information, see "Variables" and USER reference in the Docker documentation.

[yashpatel6]

Minor comment but otherwise looks good!