From d1a99acc321a68faeccedce2c8cc2a0025d5fea0 Mon Sep 17 00:00:00 2001
From: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Date: Wed, 20 Aug 2025 18:49:29 +0200
Subject: [PATCH] simplify repo base generation

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
---
 modules/go/01_mod.mk                          | 24 +++++++------------
 .../base/.github/workflows/govulncheck.yaml   |  2 +-
 modules/helm/helm.mk                          |  4 ----
 modules/repository-base/01_mod.mk             | 12 ++++++++++
 .../.github/workflows/make-self-upgrade.yaml  |  2 +-
 5 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/modules/go/01_mod.mk b/modules/go/01_mod.mk
index 84c21628..5ea7bbb5 100644
--- a/modules/go/01_mod.mk
+++ b/modules/go/01_mod.mk
@@ -61,27 +61,24 @@ generate-go-mod-tidy: | $(NEEDS_GO)
 
 shared_generate_targets += generate-go-mod-tidy
 
-ifndef govulncheck_skip
+base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/
 
-default_govulncheck_generate_base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/
-# The base directory used to copy the govulncheck GH action from. This can be
-# overwritten with an action with extra authentication or with a totally different
-# pipeline (eg. a GitLab pipeline).
-govulncheck_generate_base_dir ?= $(default_govulncheck_generate_base_dir)
-
-# The org name used in the govulncheck GH action. This is used to prevent the govulncheck job
-# being run on every fork of the repo.
-govulncheck_generate_org ?= cert-manager
+ifndef dont_generate_govulncheck
 
 .PHONY: generate-govulncheck
 ## Generate base files in the repository
 ## @category [shared] Generate/ Verify
 generate-govulncheck:
-	@mkdir -p ./.github/workflows
-	sed 's/ORGNAMEHERE/$(govulncheck_generate_org)/g' $(govulncheck_generate_base_dir)/.github/workflows/govulncheck.yaml > .github/workflows/govulncheck.yaml
+	cp -r $(base_dir)/. ./
+	cd $(base_dir) && \
+		find . -type f | while read file; do \
+			sed "s|{{REPLACE:GH-REPOSITORY}}|$(repo_name:github.com/%=%)|g" "$$file" > "$(CURDIR)/$$file"; \
+		done
 
 shared_generate_targets += generate-govulncheck
 
+endif # dont_generate_govulncheck
+
 .PHONY: verify-govulncheck
 ## Verify all Go modules for vulnerabilities using govulncheck
 ## @category [shared] Generate/ Verify
@@ -107,9 +104,6 @@ verify-govulncheck: | $(NEEDS_GOVULNCHECK)
 				echo ""; \
 			done
 
-endif # govulncheck_skip
-
-
 .PHONY: generate-golangci-lint-config
 ## Generate a golangci-lint configuration file
 ## @category [shared] Generate/ Verify
diff --git a/modules/go/base/.github/workflows/govulncheck.yaml b/modules/go/base/.github/workflows/govulncheck.yaml
index ec67dc8b..a97d6433 100644
--- a/modules/go/base/.github/workflows/govulncheck.yaml
+++ b/modules/go/base/.github/workflows/govulncheck.yaml
@@ -17,7 +17,7 @@ jobs:
   govulncheck:
     runs-on: ubuntu-latest
 
-    if: github.repository_owner == 'ORGNAMEHERE'
+    if: github.repository == '{{REPLACE:GH-REPOSITORY}}'
 
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
diff --git a/modules/helm/helm.mk b/modules/helm/helm.mk
index c406455d..6c84d1f7 100644
--- a/modules/helm/helm.mk
+++ b/modules/helm/helm.mk
@@ -16,10 +16,6 @@ ifndef bin_dir
 $(error bin_dir is not set)
 endif
 
-ifndef repo_name
-$(error repo_name is not set)
-endif
-
 ifndef helm_chart_source_dir
 $(error helm_chart_source_dir is not set)
 endif
diff --git a/modules/repository-base/01_mod.mk b/modules/repository-base/01_mod.mk
index aa6b7ee2..44babc2d 100644
--- a/modules/repository-base/01_mod.mk
+++ b/modules/repository-base/01_mod.mk
@@ -12,6 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+ifndef repo_name
+$(error repo_name is not set)
+endif
+
 base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/
 base_dependabot_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base-dependabot/
 
@@ -21,12 +25,20 @@ ifdef repository_base_no_dependabot
 ## @category [shared] Generate/ Verify
 generate-base:
 	cp -r $(base_dir)/. ./
+	cd $(base_dir) && \
+		find . -type f | while read file; do \
+			sed "s|{{REPLACE:GH-REPOSITORY}}|$(repo_name:github.com/%=%)|g" "$$file" > "$(CURDIR)/$$file"; \
+		done
 else
 .PHONY: generate-base
 ## Generate base files in the repository
 ## @category [shared] Generate/ Verify
 generate-base:
 	cp -r $(base_dir)/. ./
+	cd $(base_dir) && \
+		find . -type f | while read file; do \
+			sed "s|{{REPLACE:GH-REPOSITORY}}|$(repo_name:github.com/%=%)|g" "$$file" > "$(CURDIR)/$$file"; \
+		done
 	cp -r $(base_dependabot_dir)/. ./
 endif
 
diff --git a/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml b/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml
index 3aae6b2e..af80a67c 100644
--- a/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml
+++ b/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml
@@ -15,7 +15,7 @@ jobs:
   self_upgrade:
     runs-on: ubuntu-latest
 
-    if: github.repository_owner == 'cert-manager'
+    if: github.repository == '{{REPLACE:GH-REPOSITORY}}'
 
     permissions:
       contents: write