diff --git a/.github/workflows/auto-assign-badge.yml b/.github/workflows/auto-assign-badge.yml new file mode 100644 index 0000000..ed60b67 --- /dev/null +++ b/.github/workflows/auto-assign-badge.yml @@ -0,0 +1,8 @@ +name: auto-assign (badge) +on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] } +permissions: { contents: read } +jobs: + badge: + runs-on: ubuntu-latest + steps: + - run: echo "auto-assign badge ✅" diff --git a/.github/workflows/dependabot-automerge-badge.yml b/.github/workflows/dependabot-automerge-badge.yml new file mode 100644 index 0000000..c143523 --- /dev/null +++ b/.github/workflows/dependabot-automerge-badge.yml @@ -0,0 +1,8 @@ +name: Dependabot auto-merge (badge) +on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] } +permissions: { contents: read } +jobs: + badge: + runs-on: ubuntu-latest + steps: + - run: echo "dependabot auto-merge badge ✅" diff --git a/.github/workflows/ghcr-publish-badge.yml b/.github/workflows/ghcr-publish-badge.yml new file mode 100644 index 0000000..33739e9 --- /dev/null +++ b/.github/workflows/ghcr-publish-badge.yml @@ -0,0 +1,8 @@ +name: Publish container to GHCR (badge) +on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] } +permissions: { contents: read } +jobs: + badge: + runs-on: ubuntu-latest + steps: + - run: echo "ghcr publish badge ✅" diff --git a/.github/workflows/pr-labeler-badge.yml b/.github/workflows/pr-labeler-badge.yml new file mode 100644 index 0000000..250b61d --- /dev/null +++ b/.github/workflows/pr-labeler-badge.yml @@ -0,0 +1,8 @@ +name: pr-labeler (badge) +on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] } +permissions: { contents: read } +jobs: + badge: + runs-on: ubuntu-latest + steps: + - run: echo "pr-labeler badge ✅" diff --git a/.github/workflows/release-sbom-badge.yml b/.github/workflows/release-sbom-badge.yml new file mode 100644 index 0000000..8d48aa8 --- /dev/null +++ b/.github/workflows/release-sbom-badge.yml @@ -0,0 +1,8 @@ +name: release-sbom (badge) +on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] } +permissions: { contents: read } +jobs: + badge: + runs-on: ubuntu-latest + steps: + - run: echo "release sbom badge ✅" diff --git a/.github/workflows/ts-ci-badge.yml b/.github/workflows/ts-ci-badge.yml new file mode 100644 index 0000000..8993373 --- /dev/null +++ b/.github/workflows/ts-ci-badge.yml @@ -0,0 +1,10 @@ +name: TS CI (badge) +on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] } +permissions: { contents: read } +jobs: + badge: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-node@v4 + with: { node-version: "20" } + - run: node -v && npm -v diff --git a/README.md b/README.md index a3689c9..43fde7a 100644 --- a/README.md +++ b/README.md @@ -4,70 +4,62 @@ A lean, production-ready **GitHub Actions starter** that ships **reusable CI wor Designed for **always-green CI** with strict local gates mirroring CI, **CodeQL** out of the box, optional **SBOM** generation, and guard-rails for safe merges. -
- -
**Core status**
-

- - CI - - - CodeQL Analyze - - - release - - Python 3.11 | 3.12 - - License MIT - -

- -
**CI & automation**
-

- - Python CI (reusable) - - - TS CI (reusable) - - - auto-assign - - - pr-labeler - -

- -
**Security & supply-chain**
-

- - OpenSSF Scorecard - - - Supply chain - - - Dependabot auto-merge - - - Publish container to GHCR - -

- -
**Releases & packaging**
-

- - PyPI - - - release-sbom - - PyPI pyversions - Wheel -

- -
+

Core status
+ + CI + + + CodeQL Analyze + + + release + + Python 3.11 | 3.12 + + License MIT + +

+ +

CI & automation
+ + Python CI (reusable) + + + TS CI (reusable) + + + auto-assign + + + pr-labeler + +

+ +

Security & supply-chain
+ + OpenSSF Scorecard + + + supply-chain + + + Dependabot auto-merge + + + Publish container to GHCR + +

+ +

Releases & packaging
+ + PyPI + + + release-sbom + + PyPI pyversions + Wheel +

---