LizardByte
diff --git a/‎.github/workflows/pytest.yml‎ ‎.github/workflows/ci-tests.yml‎.github/workflows/pytest.yml renamed to .github/workflows/ci-tests.yml
Lines changed: 41 additions & 9 deletions b/‎.github/workflows/pytest.yml‎ ‎.github/workflows/ci-tests.yml‎.github/workflows/pytest.yml renamed to .github/workflows/ci-tests.yml
Lines changed: 41 additions & 9 deletions
diff --git a/‎.gitignore‎
Lines changed: 11 additions & 0 deletions b/‎.gitignore‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎actions/audit_repos/README.md‎
Lines changed: 230 additions & 0 deletions b/‎actions/audit_repos/README.md‎
Lines changed: 230 additions & 0 deletions
@@ -1,5 +1,5 @@
 ---
-name: Pytest
+name: CI Tests
 permissions:
   contents: write  # write is required for release_setup
 
@@ -21,7 +21,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  pytest:
+  tests:
     runs-on: ${{ matrix.runner }}
     env:
       INPUT_PYTHON_VERSION: '3.12'
@@ -41,6 +41,11 @@ jobs:
         with:
           python-version: ${{ env.INPUT_PYTHON_VERSION }}
 
+      - name: Set up Node
+        uses: actions/setup-node@v5
+        with:
+          node-version: latest
+
       - name: Install Python Dependencies
         shell: bash
         run: |
@@ -49,8 +54,12 @@ jobs:
             -r requirements.txt \
             -r requirements-dev.txt
 
+      - name: Install Node Dependencies
+        shell: bash
+        run: npm install
+
       - name: Test with pytest
-        id: test
+        id: pytest
         env:
           INPUT_GITHUB_TOKEN: ${{ github.actor == 'dependabot[bot]' && secrets.GH_BOT_TOKEN || secrets.GITHUB_TOKEN }}
         shell: bash
@@ -63,41 +72,64 @@ jobs:
           fi
           echo "::endgroup::"
 
-          echo "::group::Run Tests"
+          echo "::group::Run Python Tests"
           python -m pytest \
             -rxXs \
             --tb=native \
             --verbose \
             --color=yes \
             --cov=actions \
-            --junitxml=junit.xml \
+            --cov-report=xml:coverage/python-coverage.xml \
+            --cov-report=json:coverage/python-coverage.json \
+            --junitxml=junit-python.xml \
             -o junit_family=legacy \
             tests
           echo "::endgroup::"
 
+      - name: Test with Jest
+        id: jest
+        if: >-
+          always() &&
+          (steps.pytest.outcome == 'success' || steps.pytest.outcome == 'failure')
+        env:
+          FORCE_COLOR: true
+        shell: bash
+        run: npm test
+
       - name: Upload test results to Codecov
         # any except canceled or skipped
         if: >-
           always() &&
-          (steps.test.outcome == 'success' || steps.test.outcome == 'failure') &&
+          (
+            steps.pytest.outcome == 'success' ||
+            steps.pytest.outcome == 'failure' ||
+            steps.jest.outcome == 'success' ||
+            steps.jest.outcome == 'failure'
+          ) &&
           startsWith(github.repository, 'LizardByte/')
         uses: codecov/test-results-action@v1
         with:
           fail_ci_if_error: true
-          files: junit.xml
+          files: ./junit-python.xml,./junit.xml
           flags: ${{ runner.os }}
           token: ${{ secrets.CODECOV_TOKEN }}
           verbose: true
 
-      - name: Upload coverage
+      - name: Upload coverage to Codecov
         # any except canceled or skipped
         if: >-
           always() &&
-          (steps.test.outcome == 'success' || steps.test.outcome == 'failure') &&
+          (
+            steps.pytest.outcome == 'success' ||
+            steps.pytest.outcome == 'failure' ||
+            steps.jest.outcome == 'success' ||
+            steps.jest.outcome == 'failure'
+          ) &&
           startsWith(github.repository, 'LizardByte/')
         uses: codecov/codecov-action@v5
         with:
           fail_ci_if_error: true
+          files: ./coverage/python-coverage.xml,./coverage/coverage-final.json
           flags: ${{ runner.os }}
           token: ${{ secrets.CODECOV_TOKEN }}
           verbose: true
@@ -150,3 +150,14 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
+
+# Node.js
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+package-lock.json
+
+# Jest
+coverage/
+junit.xml
@@ -9,6 +9,7 @@ This is a monorepo containing a collection of GitHub Actions maintained by Lizar
 
 | Action                                                | Description                                  | Type      | Language         |
 |-------------------------------------------------------|----------------------------------------------|-----------|------------------|
+| [audit_repos](actions/audit_repos#readme)             | Audit repositories in an organization        | composite | javascript       |
 | [facebook_post](actions/facebook_post#readme)         | Post to Facebook page/group using Graph API  | docker    | python           |
 | [monitor_space](actions/monitor_space#readme)         | Monitor and track minimum free disk space    | composite | bash             |
 | [more_space](actions/more_space#readme)               | Free up disk space in GitHub Actions runners | composite | bash             |
 
@@ -0,0 +1,230 @@
+# audit_repos
+
+A reusable action to audit repositories in an organization or user account.
+
+This action fetches repositories from an organization or user and runs various validation checks on them, including:
+- Repository descriptions (existence, format, length)
+- Repository settings (issues enabled, etc.)
+- Merge types (merge commits, squash, rebase)
+- Discussions configuration (org-wide vs. repo-specific)
+- Community health files (README, LICENSE, CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, sponsors)
+
+## Token Requirements
+
+This action works with the default `GITHUB_TOKEN` **only for public repositories in the current organization**.
+For full functionality, especially when auditing:
+- Private repositories
+- Repositories in a different organization
+- Community health files and detailed settings
+
+You will need a **Personal Access Token (PAT)** with the following scopes:
+- `repo` (for private repositories)
+- `read:org` (for organization repositories)
+
+## Basic Usage
+
+See [action.yml](action.yml)
+
+```yaml
+steps:
+  - name: Audit Repositories
+    uses: LizardByte/actions/actions/audit_repos@master
+    with:
+      token: ${{ secrets.GH_TOKEN }}
+```
+
+## Inputs
+
+| Name                  | Description                                                                     | Default    | Required |
+|-----------------------|---------------------------------------------------------------------------------|------------|----------|
+| token                 | GitHub Token with permissions to read organization repositories.                |            | `true`   |
+| githubOrg             | GitHub organization or user to audit. Defaults to current repo owner.           | `""`       | `false`  |
+| includeArchived       | Include archived repositories in the audit.                                     | `false`    | `false`  |
+| includeForked         | Include forked repositories in the audit.                                       | `true`     | `false`  |
+| excludedRepos         | Comma-separated list of repository names to exclude from the audit.             | `""`       | `false`  |
+| checkDescription      | Run the repository description validation check.                                | `true`     | `false`  |
+| allowEmptyDescription | Allow repositories to have empty descriptions when checkDescription is enabled. | `false`    | `false`  |
+| checkSettings         | Run the repository settings validation check.                                   | `true`     | `false`  |
+| checkMergeTypes       | Run the merge types validation check.                                           | `true`     | `false`  |
+| allowMergeCommit      | Allow merge commits. Options: `disabled`, `enabled`, `any`.                     | `disabled` | `false`  |
+| allowSquashMerge      | Allow squash merge. Options: `disabled`, `enabled`, `any`.                      | `enabled`  | `false`  |
+| allowRebaseMerge      | Allow rebase merge. Options: `disabled`, `enabled`, `any`.                      | `any`      | `false`  |
+| checkDiscussions      | Run discussions validation. Options: `disabled`, `org`, `repo`.                 | `disabled` | `false`  |
+| orgDiscussionsRepo    | Repository name allowed to have discussions when using org-wide discussions.    | `.github`  | `false`  |
+| checkCommunityFiles   | Run the community health files validation check.                                | `true`     | `false`  |
+| checkReadme           | Check if README exists.                                                         | `true`     | `false`  |
+| checkLicense          | Check if LICENSE exists.                                                        | `true`     | `false`  |
+| checkCodeOfConduct    | Check if CODE_OF_CONDUCT exists.                                                | `true`     | `false`  |
+| checkContributing     | Check if CONTRIBUTING exists.                                                   | `true`     | `false`  |
+| checkSecurity         | Check if SECURITY policy exists.                                                | `true`     | `false`  |
+| checkSponsors         | Check if sponsors are activated (FUNDING.yml exists).                           | `true`     | `false`  |
+
+## Outputs
+
+This action does not produce outputs. It will fail the workflow if any audits fail,
+with detailed logs showing which repositories and checks failed.
+
+## Audit Checks
+
+### Repository Descriptions
+When `checkDescription` is enabled, the following validations are performed:
+- Checks if description exists (unless `allowEmptyDescription` is set to `true`)
+- Ensures description does not have leading or trailing whitespace
+- Ensures description ends with a period
+- Ensures description is at least 10 characters long
+
+Set `allowEmptyDescription: true` to skip the missing description check while still validating format rules for repositories that do have descriptions.
+
+### Repository Settings
+- Ensures issues are enabled
+
+### Merge Types
+Validates merge type settings according to your preferences:
+- **disabled**: The merge type should be disabled
+- **enabled**: The merge type should be enabled
+- **any**: No validation (allows any setting)
+
+Default configuration:
+- Merge commits: `disabled`
+- Squash merge: `enabled`
+- Rebase merge: `any`
+
+### Discussions
+Validates discussions configuration:
+- **disabled**: Skip discussions check
+- **org**: Ensures repo discussions are disabled (assuming org-wide discussions)
+- **repo**: Ensures every repo has discussions enabled
+
+> Note**: When using org-wide discussions, the repository specified in `orgDiscussionsRepo` will be allowed to have discussions even if org-wide discussions are enforced.
+
+### Community Health Files
+Checks for the presence of community health files:
+- README file
+- LICENSE file
+- CODE_OF_CONDUCT file
+- CONTRIBUTING guidelines
+- SECURITY policy
+- Sponsors activation (FUNDING.yml in `.github/` or root)
+
+Each file check can be individually enabled/disabled.
+
+> **Note**: Community health metrics are not available for forked repositories via the GitHub API, so forks will skip these checks and default to passing.
+
+> **Note**: FUNDING.yml is checked at both the repository level and organization level. If your organization has a `.github` repository with `FUNDING.yml`, all repositories will inherit this and pass the sponsors check unless explicitly overridden at the repository level.
+
+## Example Workflows
+
+### Basic - Audit Current Organization
+
+```yaml
+name: Audit Repos
+permissions: {}
+
+on:
+  schedule:
+    - cron: '00 00 * * *'
+  workflow_dispatch:
+
+jobs:
+  audit:
+    name: Audit Repos
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run repository audits
+        uses: LizardByte/actions/actions/audit_repos@master
+        with:
+          token: ${{ secrets.GH_TOKEN }}
+```
+
+### Advanced - Custom Organization with Filters
+
+```yaml
+steps:
+  - name: Audit Repositories
+    uses: LizardByte/actions/actions/audit_repos@master
+    with:
+      token: ${{ secrets.GH_TOKEN }}
+      githubOrg: 'MyOrgName'
+      includeArchived: false
+      includeForked: false
+      excludedRepos: 'test-repo,legacy-repo,archive-me'
+```
+
+### Custom Merge Type Configuration
+
+```yaml
+steps:
+  - name: Audit Merge Settings
+    uses: LizardByte/actions/actions/audit_repos@master
+    with:
+      token: ${{ secrets.GH_TOKEN }}
+      checkMergeTypes: true
+      allowMergeCommit: disabled
+      allowSquashMerge: enabled
+      allowRebaseMerge: disabled
+```
+
+### Organization-Wide Discussions
+
+```yaml
+steps:
+  - name: Audit Discussions
+    uses: LizardByte/actions/actions/audit_repos@master
+    with:
+      token: ${{ secrets.GH_TOKEN }}
+      checkDiscussions: org  # Ensures repo discussions are disabled
+```
+
+### Selective Community Files Checks
+
+```yaml
+steps:
+  - name: Audit Essential Files Only
+    uses: LizardByte/actions/actions/audit_repos@master
+    with:
+      token: ${{ secrets.GH_TOKEN }}
+      checkCommunityFiles: true
+      checkReadme: true
+      checkLicense: true
+      checkCodeOfConduct: false
+      checkContributing: false
+      checkSecurity: true
+      checkSponsors: false
+```
+
+### Selective Checks Only
+
+```yaml
+steps:
+  - name: Check Descriptions and Community Files Only
+    uses: LizardByte/actions/actions/audit_repos@master
+    with:
+      token: ${{ secrets.GH_TOKEN }}
+      checkDescription: true
+      checkSettings: false
+      checkMergeTypes: false
+      checkDiscussions: disabled
+      checkCommunityFiles: true
+```
+
+### Allow Empty Descriptions
+
+```yaml
+steps:
+  - name: Audit with Optional Descriptions
+    uses: LizardByte/actions/actions/audit_repos@master
+    with:
+      token: ${{ secrets.GH_TOKEN }}
+      checkDescription: true
+      allowEmptyDescription: true  # Allows repos without descriptions, but validates format if present
+```
+
+## Notes
+
+- **Token**: Use a PAT with appropriate permissions for full functionality. `GITHUB_TOKEN` has limited access.
+- **Filters**: By default, archived repositories are excluded, but forked repositories are included
+- **Continuity**: The action will continue running all enabled audits even if some fail, providing a complete report
+- **Empty Results**: If no repositories match the filters, the action will exit successfully with a warning
+- **Compatibility**: The action works with both GitHub organizations and user accounts
+- **Rate Limiting**: The action fetches detailed information for each repository,
+  which may be rate-limited for large organizations