Skip to content

Commit d88f3ab

Browse files
authored
CI: add code quality workflows (#30)
2 parents 3d42aeb + 8c5f85d commit d88f3ab

File tree

5 files changed

+154
-0
lines changed

5 files changed

+154
-0
lines changed

.github/dependabot.yml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
# To get started with Dependabot version updates, you'll need to specify which
2+
# package ecosystems to update and where the package manifests are located.
3+
# Please see the documentation for all configuration options:
4+
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
5+
6+
version: 2
7+
updates:
8+
- package-ecosystem: "pip"
9+
directory: "/" # pyproject.toml
10+
schedule:
11+
interval: "daily"
12+
commit-message:
13+
prefix: "chore"
14+
include: "scope"
15+
labels:
16+
- "dependencies"
17+
- package-ecosystem: "github-actions"
18+
# Workflow files stored in the
19+
# default location of `.github/workflows`
20+
directory: "/"
21+
schedule:
22+
interval: "daily"
23+
commit-message:
24+
prefix: "chore"
25+
include: "scope"
26+
labels:
27+
- "dependencies"

.github/workflows/codeql.yml

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
# https://codeql.github.com/
2+
name: CodeQL
3+
4+
on:
5+
push:
6+
paths:
7+
- "**.js"
8+
- "**.py"
9+
pull_request:
10+
branches: [main]
11+
paths:
12+
- "**.js"
13+
- "**.py"
14+
schedule:
15+
- cron: "24 9 * * 6"
16+
17+
jobs:
18+
setup:
19+
name: Set up CodeQL analysis
20+
runs-on: ubuntu-latest
21+
# Required permissions
22+
permissions:
23+
pull-requests: read
24+
outputs:
25+
# changes is a JSON array with names of all filters matching any of the changed files
26+
languages: ${{ steps.filter.outputs.changes }}
27+
steps:
28+
- uses: actions/checkout@v4
29+
- uses: dorny/paths-filter@v3
30+
id: filter
31+
with:
32+
filters: |
33+
javascript: "**.js"
34+
python: "**.py"
35+
36+
codeql:
37+
name: CodeQL Analyze
38+
runs-on: ubuntu-latest
39+
needs: setup
40+
if: ${{ needs.setup.outputs.languages != '[]' }}
41+
permissions:
42+
actions: read
43+
contents: read
44+
security-events: write
45+
46+
strategy:
47+
fail-fast: false
48+
matrix:
49+
# Parse JSON array containing names of all filters matching any of changed files
50+
# e.g. ['javascript', 'python'] if both file types had changes
51+
language: ${{ fromJSON(needs.setup.outputs.languages) }}
52+
53+
steps:
54+
- name: Checkout repository
55+
uses: actions/checkout@v4
56+
57+
- name: Initialize CodeQL
58+
uses: github/codeql-action/init@v3
59+
with:
60+
languages: ${{ matrix.language }}
61+
# https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-configuration-details-using-the-config-input
62+
config: |
63+
paths-ignore:
64+
- tests
65+
66+
- name: Perform CodeQL Analysis
67+
uses: github/codeql-action/analyze@v3
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: "Dependency PR triage"
2+
3+
on:
4+
pull_request:
5+
types: [opened]
6+
7+
jobs:
8+
dependency-triage:
9+
runs-on: ubuntu-latest
10+
# see https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#responding-to-events
11+
if: github.actor == 'dependabot[bot]' || github.actor == 'pre-commit-ci[bot]'
12+
steps:
13+
- uses: actions/add-to-project@main
14+
with:
15+
project-url: https://github.com/orgs/compiler/projects/${{ vars.GH_PROJECT }}
16+
github-token: ${{ secrets.GH_PROJECTS_TOKEN }}
17+
18+
- uses: EndBug/project-fields@v2
19+
with:
20+
operation: set
21+
fields: Effort,Status
22+
values: 1,In review
23+
project_url: https://github.com/orgs/compiler/projects/${{ vars.GH_PROJECT }}
24+
github_token: ${{ secrets.GH_PROJECTS_TOKEN }}

.github/workflows/labeler-actions.yml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
name: Label actions
2+
3+
on:
4+
pull_request:
5+
types: [opened]
6+
paths:
7+
- ".github/dependabot.yml"
8+
- ".github/workflows/**"
9+
10+
jobs:
11+
label-actions:
12+
runs-on: ubuntu-latest
13+
steps:
14+
- name: add-label
15+
uses: andymckay/labeler@master
16+
with:
17+
add-labels: "actions"

.github/workflows/labeler-docs.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: Label docs
2+
3+
on:
4+
pull_request:
5+
branches: [main]
6+
types: [opened]
7+
paths:
8+
- "docs/**"
9+
- "mkdocs.yml"
10+
- ".github/workflows/mkdocs.yml"
11+
12+
jobs:
13+
label-docs:
14+
runs-on: ubuntu-latest
15+
steps:
16+
- name: add-label
17+
uses: andymckay/labeler@master
18+
with:
19+
add-labels: "documentation"

0 commit comments

Comments
 (0)