Collect and Publish Repo-Health Data for All public Repositories

[feanil]

The description of the story is available in this comment of the story

[jmbowman]

My understanding of what's needed for this:

• Create a private repository to store the results of the health checks. (Private recommended because some checks report on potential security risks that still need to be evaluated or resolved.)
• Figure out what subset of the checks you want to make public, and create a configuration for that; it's probably ok to just add that directly to https://github.com/openedx/edx-repo-health/blob/master/repo_health_dashboard/configuration.yaml .
• Create a workflow in the new repo to run the shared repo health workflow. See the sample code below, slightly tweaked from the current state of 2U's version of this. The variables related to Google Sheets can be left blank if you don't plan to publish to a Google Sheet. The bot variables should correspond to the user created for [GH Request] Create a new bot that runs repo health job on openedx repos #738 (or perhaps a different one with similar permissions). You could put the workflow in a different repo if you'd like, but a private one is advised to minimize risk of leaking security check data or private repo information in a public workflow log.
• Decide which user interface(s) to provide for the data. 2U currently uses a Google Sheet, local Metabase instances, and a script to generate a console report. Other options that have been considered are Streamlit (prototype), Redash, Apache Superset, Datasette, Jupyter Notebooks, Backstage, and Tableau.

name: Repo Health Workflow Call

on:
  schedule:
    # Run at 00:00 UTC everyday. For details, see https://crontab.guru/#0_0_*_*_*
    - cron: "0 0 * * *"
  workflow_dispatch:
    inputs:
      repo_health_branch:
        description: "Target branch of edx repo health to use for running checks"
        type: string
        default: "master"
        required: false
      report_date:
        description: "The date for which repo health data is required. (format: YYYY-MM-DD)"
        type: string
        default: ""
        required: false

jobs:
  call-repo-health-job-workflow:
    uses: openedx/.github/.github/workflows/repo-health-job.yml@master
    with:
      REPORT_DATE: ${{ github.event.inputs.report_date }}
      EDX_REPO_HEALTH_BRANCH: ${{ github.event.inputs.repo_health_branch }}
      ORG_NAMES: "openedx"  
      REPOS_TO_IGNORE: ""
      TARGET_REPO_TO_STORE_REPORTS: "openedx/name_of_the_repository_created_above"
      REPO_HEALTH_GOOGLE_CREDS_FILE: ${{ secrets.REPO_HEALTH_GOOGLE_CREDS_FILE }}
      REPO_HEALTH_REPOS_WORKSHEET_ID: ${{ secrets.REPO_HEALTH_REPOS_WORKSHEET_ID }}
      REPO_HEALTH_OWNERSHIP_SPREADSHEET_URL: ${{ secrets.REPO_HEALTH_OWNERSHIP_SPREADSHEET_URL }}
    secrets:
      REPO_HEALTH_BOT_TOKEN: ${{ secrets.repo_health_bot_token }}
      REPO_HEALTH_BOT_EMAIL: "repo_health_bot@edx.org"

[jmbowman]

I confirmed with the Arbi-BOM team that the steps above seem generally accurate, and there shouldn't be any blockers to starting on it. The only thing currently preventing 2U from switching over to the new workflow is a problem with the Google Sheet updating code which is still being debugged.