complytime · sonupreetam · Mar 24, 2026 · Mar 17, 2026 · Mar 23, 2026
diff --git a/.github/workflows/ci_checks.yml b/.github/workflows/ci_checks.yml
@@ -0,0 +1,23 @@
+---
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  issues: none
+  pull-requests: none
+
+jobs:
+  call_reusable_ci:
+    name: Standardized CI
+    uses: complytime/org-infra/.github/workflows/reusable_ci.yml@main
+    permissions:
+      contents: read
+      issues: read
diff --git a/.github/workflows/ci_dependencies.yml b/.github/workflows/ci_dependencies.yml
@@ -0,0 +1,87 @@
+---
+name: Dependencies
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  issues: none
+  pull-requests: none
+
+jobs:
+  call_deps_reviewer:
+    name: General
+    uses: complytime/org-infra/.github/workflows/reusable_deps_reviewer.yml@main
+
+  call_dependabot_reviewer:
+    name: Dependabot
+    uses: complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml@main
+
+  comment_on_dependabot_prs:
+    name: Dependabot Comment
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    needs: [call_deps_reviewer, call_dependabot_reviewer]
+    permissions:
+      issues: read
+      pull-requests: write
+    steps:
+      - name: Comment from Dependabot Reviewer
+        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+        env:
+          REVIEW_CONCLUSION: ${{ needs.call_deps_reviewer.outputs.review_conclusion }}
+          RISK_LEVEL: ${{ needs.call_dependabot_reviewer.outputs.risk_level }}
+          UPDATES_COUNT: ${{ needs.call_dependabot_reviewer.outputs.updates_count }}
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          edit-mode: replace
+          body: |
+            🤖 **Standardized Dependabot Review Summary** 🤖
+
+            This PR was processed by the organization's reusable CI pipeline.
+
+            - **Dependencies Review:** **${{ env.REVIEW_CONCLUSION }}**
+              - [View detailed logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
+            - **Calculated Risk:** **${{ env.RISK_LEVEL }}**
+            - **Dependency Usage:** At least **${{ env.UPDATES_COUNT }}** repositories are using this dependency version
+
+            ---
+
+            Maintainer check list:
+            1. Ensure the PR passed all CI tests (required status checks).
+            2. Investigate failures for Major updates or any manual review requirement.
+            3. Don't overlook breaking changes and changelog information.
+            4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
+            5. Be diligent. When in doubt, ask another maintainer for additional review.
+
+  approve_dependabot_prs:
+    name: Dependabot Auto-approve
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    needs: [call_deps_reviewer, call_dependabot_reviewer]
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Auto-approve if Confident
+        if: ${{ env.RISK_LEVEL != 'high' && env.REVIEW_CONCLUSION == 'success' && env.UPDATES_COUNT > 10 }}
+        env:
+          REVIEW_CONCLUSION: ${{ needs.call_deps_reviewer.outputs.review_conclusion }}
+          RISK_LEVEL: ${{ needs.call_dependabot_reviewer.outputs.risk_level }}
+          UPDATES_COUNT: ${{ needs.call_dependabot_reviewer.outputs.updates_count }}
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            github.rest.pulls.createReview({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.issue.number,
+                event: 'APPROVE',
+                body: 'Automatically approved by GitHub Action for Dependabot PRs.'
+            });
+            console.log('Dependabot PR approved successfully.');
diff --git a/.github/workflows/ci_scheduled.yml b/.github/workflows/ci_scheduled.yml
@@ -0,0 +1,22 @@
+---
+name: Scheduled Jobs
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+  actions: none
+  id-token: none
+  security-events: none
+
+jobs:
+  call_reusable_scheduled:
+    name: OSV-Scanner and Scorecards
+    permissions:
+      contents: read
+      actions: read
+      security-events: write
+      id-token: write
+    uses: complytime/org-infra/.github/workflows/reusable_scheduled.yml@main
diff --git a/.github/workflows/ci_security.yml b/.github/workflows/ci_security.yml
@@ -0,0 +1,36 @@
+---
+name: Security Checks
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  actions: none
+  id-token: none
+  security-events: none
+  packages: none
+
+jobs:
+  call_reusable_vuln_scan:
+    name: OSV-Scanner
+    permissions:
+      contents: read
+      actions: read
+      security-events: write
+      id-token: write
+      packages: write
+    uses: complytime/org-infra/.github/workflows/reusable_vuln_scan.yml@main
+
+  call_reusable_security:
+    name: OpenSSF Scorecards
+    permissions:
+      contents: read
+      id-token: write
+      security-events: write
+    uses: complytime/org-infra/.github/workflows/reusable_security.yml@main
diff --git a/.yamllint.yml b/.yamllint.yml
@@ -0,0 +1,12 @@
+---
+extends: default
+
+# https://yamllint.readthedocs.io/en/stable/rules.html
+rules:
+  comments: disable
+  document-start: disable
+  empty-lines:
+    level: warning
+  indentation:
+    spaces: consistent
+  line-length: disable
diff --git a/commitlint.config.js b/commitlint.config.js
@@ -0,0 +1,6 @@
+module.exports = {
+  extends: ['@commitlint/config-conventional'],
+  rules: {
+    'subject-case': [0, 'always', 'lower-case'],
+  }
+};