name: Monthly Cross-stack Report on: schedule: - cron: '10 7 1 * *' workflow_dispatch: permissions: contents: read actions: read jobs: monthly-report: name: Monthly report runs-on: ubuntu-latest steps: - name: Generate report env: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} run: | set -euo pipefail NOW_UTC="$(date -u +'%Y-%m-%d %H:%M:%S UTC')" OUT_DIR="artifacts" OUT_FILE="$OUT_DIR/monthly-cross-stack-report-$(date -u +'%Y-%m-%d').md" mkdir -p "$OUT_DIR" WORKFLOWS_JSON="$(curl -sS -H "Authorization: Bearer $GH_TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/$GH_REPO/actions/workflows?per_page=100")" RUNS_JSON="$(curl -sS -H "Authorization: Bearer $GH_TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/$GH_REPO/actions/runs?per_page=20")" LABELS_JSON="$(curl -sS -H "Authorization: Bearer $GH_TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/$GH_REPO/labels?per_page=100")" PROTECTION_STATUS_AND_BODY="$(curl -sS -w "\n%{http_code}" -H "Authorization: Bearer $GH_TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/$GH_REPO/branches/main/protection")" PROTECTION_HTTP_CODE="$(echo "$PROTECTION_STATUS_AND_BODY" | tail -n1)" PROTECTION_JSON="$(echo "$PROTECTION_STATUS_AND_BODY" | sed '$d')" EXPECTED_LABELS=(core api web e2e deploy infra docs) MISSING_LABELS=() for lbl in "${EXPECTED_LABELS[@]}"; do if ! echo "$LABELS_JSON" | jq -e --arg L "$lbl" '.[] | select(.name == $L)' >/dev/null; then MISSING_LABELS+=("$lbl") fi done REQUIRED_CHECKS_LIST="(unknown)" if [ "$PROTECTION_HTTP_CODE" = "200" ]; then REQUIRED_CHECKS_LIST="$(echo "$PROTECTION_JSON" | jq -r ' [ (.required_status_checks.contexts // [])[], (.required_status_checks.checks // [])[].context ] | unique | .[] ' 2>/dev/null || true)" if [ -z "$REQUIRED_CHECKS_LIST" ]; then REQUIRED_CHECKS_LIST="(none)" fi fi { echo "# Monthly Cross-stack Report" echo echo "Generated: $NOW_UTC" echo "Repository: $GH_REPO" echo echo "## Branch Protection (main) — Required Status Checks" if [ "$PROTECTION_HTTP_CODE" != "200" ]; then echo "- Note: branch protection endpoint not readable with current token (HTTP $PROTECTION_HTTP_CODE)." elif [ "$REQUIRED_CHECKS_LIST" = "(none)" ]; then echo "- No required status checks configured." else echo "$REQUIRED_CHECKS_LIST" | while IFS= read -r ctx; do [ -n "$ctx" ] && echo "- $ctx" done fi echo echo "## Expected Labels" if [ ${#MISSING_LABELS[@]} -eq 0 ]; then echo "- All expected labels are present: core, api, web, e2e, deploy, infra, docs" else echo "- Missing labels: ${MISSING_LABELS[*]}" fi echo echo "## Active Workflows" echo "$WORKFLOWS_JSON" | jq -r '.workflows[] | "- \(.name) [\(.state)]"' echo echo "## Latest Runs (Top 10)" echo "$RUNS_JSON" | jq -r '.workflow_runs[:10][] | "- \(.name) | \(.event) | \(.status) | \(.conclusion // "in_progress") | \(.html_url)"' } > "$OUT_FILE" cat "$OUT_FILE" >> "$GITHUB_STEP_SUMMARY" - name: Upload report artifact uses: actions/upload-artifact@v4 with: name: monthly-cross-stack-report path: artifacts/monthly-cross-stack-report-*.md