actions/reusable-workflows
3
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Prepare the repo to become public (#2)

Browse Source 
* Add files to make repository public

* Redecorate README.md

* Redecorate README.md

* Redecorate README.md

* Redecorate README.md

* Fix review points on the README.md

Co-authored-by: Marko Zivic <100996310+marko-zivic-93@users.noreply.github.com>

* Add SUPPORT.md, fix review points

* Update README.md and SECURITY.md

* Make small fixes in SECURITY.md

Co-authored-by: Marko Zivic <100996310+marko-zivic-93@users.noreply.github.com>
This commit is contained in:
Ivan 2022-12-12 23:38:19 +02:00 committed by GitHub
parent d3b71412b9
commit e01737f3a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 135 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CODEOWNERS Normal file
View File

@ -0,0 +1 @@
* @actions/runner-images-team

22
CONTRIBUTING.md
View File

@ -0,0 +1,22 @@
# Contributing
## Submitting a pull request
1. Fork and clone the repository
2. Create a new branch: `git checkout -b my-branch-name`
3. Make your changes
4. Push to your fork
5. Test changes thoroughly, make sure that there are no regressions ✔️
6. Submit a pull request
7. Pat yourself on the back and wait for your pull request to be reviewed and merged
## Resources
- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
- [GitHub Help](https://help.github.com)
- [Writing good commit messages](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
Thanks! :heart: :heart: :heart:
GitHub Actions Team :octocat:

71
README.md
View File

@ -1,3 +1,72 @@
# Reusable Workflows for Developing Actions
This repository contains [reusable workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows) that are useful for developing actions.
This repository contains [reusable workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows) that are useful for developing actions.
## Available workflows
- [`basic-validation.yml`](./.github/workflows/basic-validation.yml)
This workflow helps ensure that the code of the action you are going to deploy:
1. Is well-formated
2. Is linted
3. Successfully builds
4. Passes unit-tests
Additionally node packages used by the action can be audited.
**Default use pattern:**
```yaml
basic-validation-call:
uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main
```
- [`check-dist.yml`](./.github/workflows/check-dist.yml)
This workflow helps ensure that the generated innards of the `dist` directory match what they are expected to be.
The `dist` is a particular directory in Actions that contains distributable JS files.
In Actions, the `dist` is generated through a build process from other source files.
**Default use pattern:**
```yaml
check-dist-call:
uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
```
- [`codeql-analysis.yml`](./.github/workflows/codeql-analysis.yml)
This workflow uses [GitHub's code scanning feature](https://docs.github.com/en/code-security/code-scanning) to analyze a repository for vulnerabilities, bugs, and other errors.
This workflow uses [github/codeql-action](https://github.com/github/codeql-action) to run code scanning.
**Default use pattern:**
```yaml
codeql-analysis-call:
uses: actions/reusable-workflows/.github/workflows/codeql-analysis.yml@main
```
- [`licensed.yml`](./.github/workflows/licensed.yml)
This workflow helps to check the statuses of cached dependencies used in action with the help of the Licensed tool.
**Default use pattern:**
```yaml
licensed-call:
uses: actions/reusable-workflows/.github/workflows/licensed.yml@main
```
## Adjusting reusable workflows
If the default behaviour of a reusable workflow isn't what you need, you can adjust it using the workflow's inputs.
Check the available inputs of reusable workflows in the corresponding YAML file in `.github/workflows/<reusable-workflow-name>.yml`.
Example of disabling audit of npm packages in the `basic-validation` workflow:
```yaml
basic-validation-call:
uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main
with:
enable-audit: false
```
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE.txt)
## Contributions
Contributions are welcome! See [Contributor's Guide](CONTRIBUTING.md)

29
SECURITY.md Normal file
View File

@ -0,0 +1,29 @@
## Security
GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
## Reporting Security Issues
If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
Instead, please send an email to opensource-security@github.com.
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
## Policy
See [GitHub's Safe Harbor Policy](https://docs.github.com/en/github/site-policy/github-bug-bounty-program-legal-safe-harbor#1-safe-harbor-terms)

13
SUPPORT.md Normal file
View File

@ -0,0 +1,13 @@
# Support
## How to file issues and get help
This project uses GitHub issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new issue.
For help or questions about using this project, feel free to file a new issue. Don't forget to mark it with the `help wanted` or `question` label.
The `reusable-workflows` is under active development and maintained by GitHub staff. We will do our best to respond to support, feature requests, and community questions in a timely manner.
## GitHub Support Policy
Support for this project is limited to the resources listed above.