billy sync upstream

.editorconfig

@@ -0,0 +1,18 @@
+# top-level editorconfig file 
+# should be the same file as the one for solution in roles directory
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+
+[*.cs]
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = false
+
+[*.razor]
+indent_style = space
+indent_size = 4

.gitattributes

@@ -23,3 +23,7 @@ roles/sample-data-connect-sting/** -linguist-detectable
 roles/sample-data/** -linguist-detectable
 roles/test/** -linguist-detectable
 #############################################################
+
+# Git canonical EOL policy
+* text=auto eol=lf
+

.githooks/post-checkout

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$(dirname "$0")/submodule-sync"

.githooks/post-merge

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$(dirname "$0")/submodule-sync"

.githooks/post-rewrite

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$(dirname "$0")/submodule-sync"

.githooks/pre-commit

@@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VENV_BIN=""
+
+# Load config file
+CONFIG_FILE=".githooks/tooling.env"
+set -a
+source "$CONFIG_FILE"
+set +a
+
+if [ -d ".venv/Scripts" ]; then
+    # Using virtual environment from .venv (Windows)
+    VENV_BIN=".venv/Scripts/"
+    source ".venv/Scripts/activate"
+elif [ -d ".venv/bin" ]; then
+    # Using virtual environment from .venv (Unix)
+    VENV_BIN=".venv/bin/"
+    source ".venv/bin/activate"
+elif command -v conda >/dev/null 2>&1; then
+    # Using conda
+    CONDA_BASE="$(conda info --base)"
+    source "$CONDA_BASE/etc/profile.d/conda.sh"
+    conda activate "$CONDA_ENV"
+    if [ -d "$CONDA_PREFIX/Scripts" ]; then
+        # Conda Windows
+        VENV_BIN="$CONDA_PREFIX/Scripts/"
+    else
+        # Conda Unix
+        VENV_BIN="$CONDA_PREFIX/bin/"
+    fi
+fi
+
+if [ -z "$VENV_BIN" ]; then
+    echo "Warning: No virtual environment found. Assuming python (with ruff and pyright) is available in base environment."
+fi
+
+# Assure dotnet and python are available
+UNAVAILABLE_DEPENDENCIES=false
+for cmd in "dotnet" "python"; do
+    command -v "$cmd" >/dev/null 2>&1 || {
+        echo "Error: '$cmd' not found. Please install it or activate your environment."
+        UNAVAILABLE_DEPENDENCIES=true
+    }
+done
+if $UNAVAILABLE_DEPENDENCIES; then
+    exit 1;
+fi
+
+PYTHON_PATH="$(command -v python)"
+
+# Assure ruff and pyright are available
+for python_tool in ruff pyright; do
+    if ! "$PYTHON_PATH" -m "$python_tool" --version >/dev/null 2>&1; then
+        echo "Error: 'python -m $python_tool' is not available. Please install $python_tool in the active environment."
+        exit 1
+    fi
+done
+
+# Python Checks
+"$PYTHON_PATH" -m ruff check --fix
+"$PYTHON_PATH" -m ruff format
+"$PYTHON_PATH" -m pyright
+
+# Determine changed Dotnet files
+STAGED_ROLES_DOTNET_FORMAT_FILES=()
+while IFS= read -r -d '' staged_file; do
+    case "$staged_file" in
+        roles/*.cs|roles/*.razor|roles/*.cshtml)
+            STAGED_ROLES_DOTNET_FORMAT_FILES+=("${staged_file#roles/}")
+            ;;
+    esac
+done < <(git diff --cached --name-only -z --diff-filter=ACMR -- '*.cs' '*.razor' '*.cshtml')
+
+# If any Dontet files have been changed run
+# Dotnet checks
+if [ "${#STAGED_ROLES_DOTNET_FORMAT_FILES[@]}" -gt 0 ]; then
+    dotnet format roles --no-restore --include "${STAGED_ROLES_DOTNET_FORMAT_FILES[@]}"
+fi
+
+# Prevent committing submodule pointer updates (auto-unstage)
+for submodule in $CHECK_SUBMODULE_POINTERS; do
+    if ! git diff --cached --quiet --ignore-submodules=none -- "$submodule"; then
+        echo "Info: Unstaging '$submodule' submodule pointer change (not allowed in commits)."
+        git restore --staged -- "$submodule" >/dev/null 2>&1
+    fi
+done

.githooks/submodule-sync

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Sync submodules quietly after common Git operations.
+
+# Resolve repository root; bail out if not inside a Git repo.
+repo_root="$(git rev-parse --show-toplevel 2>/dev/null || true)"
+if [[ -z "${repo_root}" ]]; then
+  exit 0
+fi
+
+cd "${repo_root}"
+
+# No submodules configured.
+if [[ ! -f .gitmodules ]]; then
+  exit 0
+fi
+
+# No submodule paths registered in .gitmodules.
+if ! git config --file .gitmodules --get-regexp '^submodule\..*\.path$' >/dev/null 2>&1; then
+  exit 0
+fi
+
+# Disable prompts and keep this hook silent for users without repo access.
+export GIT_TERMINAL_PROMPT=0
+export GIT_ASKPASS=/bin/true
+export GIT_SSH_COMMAND="ssh -o BatchMode=yes"
+
+run_quiet() {
+  # Ignore failures to avoid blocking normal Git operations.
+  "$@" >/dev/null 2>&1 || true
+}
+
+# Initialize submodules first so each path exists.
+run_quiet git submodule update --init --recursive
+
+# Iterate configured submodules to ensure we are on a branch (not detached).
+while read -r key path; do
+  # Convert `submodule.<name>.path` -> `<name>`.
+  name="${key#submodule.}"
+  name="${name%.path}"
+
+  # Skip if the submodule path is missing or not initialized.
+  if [[ ! -d "${path}" ]]; then
+    continue
+  fi
+
+  # Skip if the path is not a Git repo.
+  if ! git -C "${path}" rev-parse --git-dir >/dev/null 2>&1; then
+    continue
+  fi
+
+  # Prefer repo-local submodule.<name>.branch, fallback to .gitmodules.
+  branch="$(git config --get "submodule.${name}.branch" || true)"
+  if [[ -z "${branch}" ]]; then
+    branch="$(git config --file .gitmodules --get "submodule.${name}.branch" || true)"
+  fi
+
+  if [[ -n "${branch}" ]]; then
+    # Try to checkout the branch if it already exists locally.
+    run_quiet git -C "${path}" checkout -q "${branch}"
+
+    # If still detached, create/reset the branch from origin.
+    if ! git -C "${path}" symbolic-ref -q HEAD >/dev/null 2>&1; then
+      run_quiet git -C "${path}" checkout -q -B "${branch}" "origin/${branch}"
+    fi
+  fi
+done < <(git config --file .gitmodules --get-regexp '^submodule\..*\.path$')
+
+# Move submodules to the newest commit on their tracking branch, merging instead of detaching.
+run_quiet git submodule update --remote --merge --recursive

.githooks/tooling.env

@@ -0,0 +1,2 @@
+CONDA_ENV=fwo
+CHECK_SUBMODULE_POINTERS=".agents"

.github/dependabot.yml

@@ -1,8 +1,17 @@
 version: 2
 
+registries:
+  private-github:
+    type: git
+    url: https://github.com
+    username: x-access-token
+    password: ${{ secrets.PRIVATE_SUBMODULE_TOKEN }}
+
 updates:
   - package-ecosystem: "nuget"
     directory: "/roles/"
     target-branch: "develop"
     schedule:
       interval: "daily"
+    registries:
+      - private-github

.github/workflows/auto-sync-develop-to-importer-rework.yml.disabled

@@ -0,0 +1,82 @@
+name: Sync develop to importer-rework
+
+on:
+  push:
+    branches: [develop]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  sync-branches:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Ensure "automation" label exists
+        run: |
+          gh label create automation \
+            --color "0e8a16" \
+            --description "Automatically created for syncing branches" \
+            --force
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Compute ahead/behind
+        id: ab
+        run: |
+          git fetch origin develop importer-rework
+          read behind ahead < <(git rev-list --left-right --count origin/importer-rework...origin/develop)
+          echo "ahead=$ahead"  >> $GITHUB_OUTPUT
+          echo "behind=$behind" >> $GITHUB_OUTPUT
+        # rev-list separates counts with a TAB. :contentReference[oaicite:2]{index=2}
+
+      - name: Push sync branch (mirror develop)
+        if: steps.ab.outputs.ahead != '0'
+        run: |
+          BR=bot/sync-develop-into-importer-rework
+          git checkout -B "$BR" origin/develop
+          git push -f origin "HEAD:$BR"
+
+      - name: Check for existing PR (sync branch → importer-rework)
+        id: pr_check
+        if: steps.ab.outputs.ahead != '0'
+        run: |
+          existing_pr=$(gh pr list \
+            --base importer-rework \
+            --head bot/sync-develop-into-importer-rework \
+            --state open \
+            --json number \
+            --jq '.[0].number // empty')
+          echo "existing_pr=$existing_pr" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create PR from sync branch to importer-rework
+        if: steps.ab.outputs.ahead != '0' && steps.pr_check.outputs.existing_pr == ''
+        run: |
+          gh pr create \
+            --base importer-rework \
+            --head bot/sync-develop-into-importer-rework \
+            --title "Sync develop → importer-rework" \
+            --body "Auto-sync from \`develop\` via sync branch." \
+            --label automation
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # OPTIONAL: Automatically merge the PR if all checks pass
+      # - name: Auto-merge PR
+      #   if: steps.pr_check.outputs.existing_pr != ''
+      #   run: |
+      #     gh pr merge "${{ steps.pr_check.outputs.existing_pr }}" --merge --admin
+      #   env:
+      #     GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/full-test-install.yml

@@ -0,0 +1,48 @@
+name: Full Test Install
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  test-install:
+    name: Test install on ${{ matrix.os }} with Python ${{ matrix.python-version }}
+    runs-on: ${{ matrix.os }}
+    env:
+      RUNNING_ON_GITHUB_ACTIONS: true
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-24.04, ubuntu-22.04]
+        python-version: ['3.10', '3.11', '3.12', '3.13', '3.14']
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: '8.0.x'
+
+      - uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          sudo apt update
+          sudo DEBIAN_FRONTEND=noninteractive apt install build-essential ldap-utils libldap2-dev libsasl2-dev -y
+          python -m pip install ansible psycopg2-binary python-ldap requests
+
+      - name: Run Ansible test install
+        run: |
+          cd ${{ github.workspace }}
+          ansible-playbook -e force_install=true -e "ansible_python_interpreter=$(which python)" site.yml -K
+
+      - name: Running in GitHub actions requires testing puppeteer pdf creation separately
+        if: ${{ env.RUNNING_ON_GITHUB_ACTIONS == 'true' }}
+        run: |
+          cd ${{ github.workspace }}/roles/tests-unit/files/FWO.Test
+          dotnet restore
+          dotnet build
+          dotnet test --filter "Name=HtmlToPdfTest"
+