feat: initial commit

.gitattributes

@@ -0,0 +1 @@
+dist/** -diff linguist-generated=true 

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: 'npm'
+    # Look for `package.json` and `lock` files in the `root` directory
+    directory: '/'
+    # Check the npm registry for updates every day (weekdays)
+    schedule:
+      interval: 'daily'

.github/workflows/ci.yml

@@ -0,0 +1,63 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - run: npm ci
+
+    - run: npm run test
+
+    - run: npm run lint
+
+    - run: npm run build
+
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@v2
+
+    - run: npm ci
+
+    - run: npm run build
+
+    # Ensure dist is built, committed, and pushed
+    - name: Build and commit
+      if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      run: |
+        git config --global user.name "GitHub Actions"
+        git config --global user.email 'github-actions@users.noreply.github.com'
+        git add dist/
+        git commit -m "chore: Update dist" || echo "No changes to commit"
+        git push origin HEAD:main
+
+    # Use GitHub App token because we want to trigger the versioning.yml workflow, and GITHUB_TOKEN can't trigger other workflows
+    # Permissions:
+    #   - Contents: Read & write
+    #   - Metadata: Read-only
+    #   - Pull requests: Read & write
+    - name: Generate token
+      if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      id: generate_token
+      uses: tibdex/github-app-token@v1
+      with:
+        app_id: ${{ secrets.APP_ID }}
+        private_key: ${{ secrets.PRIVATE_KEY }}
+
+    - name: Release
+      if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      uses: google-github-actions/release-please-action@v2.7.0
+      with:
+        token: ${{ steps.generate_token.outputs.token }}
+        release-type: node
+        package-name: release-tester

.github/workflows/test.yml

@@ -0,0 +1,18 @@
+name: 'build-test'
+on:
+  workflow_dispatch:
+    inputs:
+      owner:
+        description: 'Owner of actions to retrieve'
+        required: true
+
+jobs:
+  build: # make sure build/ci work properly
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          owner: ${{ github.event.inputs.owner }}

.github/workflows/versioning.yml

@@ -0,0 +1,15 @@
+name: Versioning
+
+on:
+  release:
+    types: [published, edited]
+
+jobs:
+  actions-tagger:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: Actions-R-Us/actions-tagger@v2
+        env:
+          GITHUB_TOKEN: "${{ github.token }}"
+        with:
+          publish_latest_tag: false

.gitignore

@@ -0,0 +1,99 @@
+# Dependency directory
+node_modules
+
+# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# OS metadata
+.DS_Store
+Thumbs.db
+
+# Ignore built ts files
+__tests__/runner/*
+lib/**/*

LICENSE

@@ -0,0 +1,22 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2020 John Bohannon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,111 @@
+<p align="center">
+  <a href="https://github.com/actions/typescript-action/actions"><img alt="typescript-action status" src="https://github.com/actions/typescript-action/workflows/build-test/badge.svg"></a>
+</p>
+
+# Workflow Reports Action
+
+An action for generating reports on how a user or organization (`owner`) is using GitHub Actions. It parses the workflows of the _default branch_ and produces JSON report artifact that you may download.
+
+Why? So you can:
+- See **which actions your org depends on**, including versions
+- Get a **clickable list of all workflows**
+- Gain insight into **what triggers your workflows**
+- Understand the **length and complexity of your workflows**
+
+_Note: This action is in early stages. Please consider opening an issue for feedback and feature requests._ 🙌
+
+## Usage
+
+### Manual report
+
+```yaml
+on:
+  workflow_dispatch:
+    inputs:
+      owner:
+        description: 'Owner of actions to retrieve'
+        required: true
+
+name: Generate report
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: imjohnbo/workflow-reports-action@v0 # still in early stages :-)
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        owner: octocat # user or org, e.g. octocat or octocat-org
+```
+
+### Scheduled report
+
+```yaml
+on:
+  # https://crontab.guru/
+  schedule:	
+  - cron: 0 12 1 * *
+
+name: Generate report
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: imjohnbo/workflow-reports-action@v0 # still in early stages :-)
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        owner: octocat-org # user or org, e.g. octocat or octocat-org
+```
+
+## Example report
+
+```js
+{
+    workflows: [
+        {
+            name: 'My Workflow',
+            path: 'https://github.com/path/to/my-workflow.yml',
+            triggers: '"push"',
+            jobs_count: 1,
+            steps_count: 1
+        },
+        {
+            name: 'Test Workflow',
+            path:
+                'https://github.com/path/to/my-test-workflow.yml',
+            triggers: {
+                "pull_request": {
+                    "types": [
+                        "opened",
+                        "reopened"
+                    ]
+                }
+            }
+        }
+    ],
+    actions: {
+        'actions/checkout@v1': 4,
+        'octokit/request-action@v1.x': 1,
+        './': 1,
+        'actions/setup-node@v1': 2
+    }
+}
+```
+
+## Known limitations
+
+Known limitations:
+- Rate limits with `GITHUB_TOKEN` could be a problem when generating a report for a larger organization.
+  - Workaround: use a Personal Access Token or GitHub App installation access token for a higher limit
+- Only reports on workflows in the default branch
+
+## Contributing
+
+[Pull requests](https://github.com/imjohnbo/workflow-reports-action/pulls) and [feature requests](https://github.com/imjohnbo/workflow-reports-action/issues) welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for more.
+
+## License
+
+[MIT](LICENSE)

action.yml

@@ -0,0 +1,13 @@
+name: 'Workflow Reports Action'
+description: 'Generate reports on how a user or organization uses GitHub Actions'
+author: 'John Bohannon'
+inputs:
+  owner:
+    required: false
+    description: The owner (user or organization) to generate reports for. Defaults to the owner of the workflow calling the action.
+outputs:
+  report:
+    description: JSON string of report.
+runs:
+  using: 'node12'
+  main: 'dist/index.js'