diff --git a/.github/workflows/ci.yml b/.github/workflows/ci_local.yml similarity index 76% rename from .github/workflows/ci.yml rename to .github/workflows/ci_local.yml index d115c98b..1aae13b5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci_local.yml @@ -1,5 +1,5 @@ --- -name: CI +name: Repository Specific Checks on: push: @@ -14,22 +14,6 @@ concurrency: cancel-in-progress: true jobs: - megalinter: - name: Run linters - runs-on: ubuntu-latest - permissions: - issues: write - steps: - - name: Checkout Code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: MegaLinter - id: ml - uses: oxsecurity/megalinter@62c799d895af9bcbca5eacfebca29d527f125a57 # v9.1.0 - env: - VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - project_checks: name: Run project checks runs-on: ubuntu-latest diff --git a/.github/workflows/conventional-title.yml b/.github/workflows/conventional-title.yml deleted file mode 100644 index e986c583..00000000 --- a/.github/workflows/conventional-title.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Lint PR title - -on: - pull_request: - types: - - opened - - edited - - synchronize - branches: - - 'main' - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Install dependencies - run: npm install @commitlint/cli @commitlint/config-conventional - - - name: Validate PR title - env: - PR_TITLE: ${{ github.event.pull_request.title }} - run: echo "$PR_TITLE" | npx commitlint --config commitlint.config.js \ No newline at end of file diff --git a/.github/workflows/review_dependencies.yml b/.github/workflows/review_dependencies.yml deleted file mode 100644 index e21fada7..00000000 --- a/.github/workflows/review_dependencies.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: Dependencies - -on: - push: - branches: - - main - pull_request: - branches: - - main - -permissions: - contents: read - issues: none - pull-requests: none - -jobs: - call_deps_reviewer: - name: General - uses: complytime/org-infra/.github/workflows/reusable_deps_reviewer.yml@main - - call_dependabot_reviewer: - name: Dependabot - uses: complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml@main - - comment_on_dependabot_prs: - name: Comment on PR - if: github.actor == 'dependabot[bot]' - runs-on: ubuntu-latest - needs: [call_deps_reviewer, call_dependabot_reviewer] - permissions: - issues: read - pull-requests: write # Necessary to write a comment - steps: - - name: Comment from Dependabot Reviewer - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 - env: - REVIEW_CONCLUSION: ${{ needs.call_deps_reviewer.outputs.review_conclusion }} - RISK_LEVEL: ${{ needs.call_dependabot_reviewer.outputs.risk_level }} - UPDATES_COUNT: ${{ needs.call_dependabot_reviewer.outputs.updates_count }} - with: - issue-number: ${{ github.event.pull_request.number }} - edit-mode: replace - body: | - 🤖 **Standardized Dependabot Review Summary** 🤖 - - This PR was processed by the organization's reusable CI pipeline. - - - **Dependencies Review:** **${{ env.REVIEW_CONCLUSION }}** - - [View detailed logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) - - **Calculated Risk:** **${{ env.RISK_LEVEL }}** - - **Dependency Usage:** **${{ env.UPDATES_COUNT }}** repositories are using this dependency version - - --- - - Maintainer check list: - 1. Ensure the PR passed all CI tests (required status checks). - 2. Investigate failures for Major updates or any manual review requirement. - 3. Don't overlook breaking changes and changelog information. - 4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins! - 5. Be diligent. When in doubt, ask another maintainer for additional review. - - approve_dependabot_prs: - name: Auto-approve Dependabot PR - if: github.actor == 'dependabot[bot]' - runs-on: ubuntu-latest - needs: [call_deps_reviewer, call_dependabot_reviewer] - permissions: - issues: read - pull-requests: write # Necessary to approve a PR - steps: - - name: Auto-approve if Confident - if: ${{ env.RISK_LEVEL != 'high' && env.REVIEW_CONCLUSION == 'success' && env.UPDATES_COUNT > 10 }} - env: - REVIEW_CONCLUSION: ${{ needs.call_deps_reviewer.outputs.review_conclusion }} - RISK_LEVEL: ${{ needs.call_dependabot_reviewer.outputs.risk_level }} - UPDATES_COUNT: ${{ needs.call_dependabot_reviewer.outputs.updates_count }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - with: - script: | - github.rest.pulls.createReview({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number, - event: 'APPROVE', - body: 'Automatically approved by GitHub Action for Dependabot PRs.' - }); - console.log('Dependabot PR approved successfully.'); diff --git a/.github/workflows/vuln_check.yml b/.github/workflows/vuln_check.yml deleted file mode 100644 index a8e2e2f5..00000000 --- a/.github/workflows/vuln_check.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: OSV-Scan - -on: - schedule: - - cron: "0 0 * * *" - push: - branches: [main] - workflow_dispatch: - -permissions: - actions: read - security-events: write - contents: read - -jobs: - run-osv-scanner: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730" # v2.2.3