Add dependency release and compliance automations
This commit is contained in:
MrSphay
43
README.md
43
README.md
@@ -37,7 +37,12 @@ Give every repository the same predictable anchor points:
|
||||
| `-- project.md
|
||||
|-- .gitea/
|
||||
| `-- workflows/
|
||||
| `-- build.yml
|
||||
| |-- security-scan.yml
|
||||
| |-- repo-cleanup.yml
|
||||
| |-- dependency-check.yml
|
||||
| |-- release-dry-run.yml
|
||||
| |-- build.yml
|
||||
| `-- template-compliance.yml
|
||||
|-- docs/
|
||||
| |-- release-checklist.md
|
||||
| `-- security-review.md
|
||||
@@ -49,7 +54,7 @@ Give every repository the same predictable anchor points:
|
||||
`-- .gitignore
|
||||
```
|
||||
|
||||
Use only the files that fit the project. For a tiny script repo, `AGENTS.md`, `README.md`, `SECURITY.md`, and `CHANGELOG.md` may be enough. For an app or releasable tool, add the runner, release checklist, and README blueprint workflow.
|
||||
Use only the files that fit the project. For a tiny script repo, `AGENTS.md`, `README.md`, `SECURITY.md`, and `CHANGELOG.md` may be enough. For an app or releasable tool, add the runner, release checklist, useful scheduled checks, and README blueprint workflow.
|
||||
|
||||
<p align="center"><img src="https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/rainbow.png" alt="-----------------------------------------------------" width="100%"></p>
|
||||
|
||||
@@ -62,6 +67,9 @@ Use only the files that fit the project. For a tiny script repo, `AGENTS.md`, `R
|
||||
| `files/build-gitea.yml` | `.gitea/workflows/build.yml` |
|
||||
| `files/security-scan-gitea.yml` | `.gitea/workflows/security-scan.yml` |
|
||||
| `files/repo-cleanup-gitea.yml` | `.gitea/workflows/repo-cleanup.yml` |
|
||||
| `files/dependency-check-gitea.yml` | `.gitea/workflows/dependency-check.yml` |
|
||||
| `files/release-dry-run-gitea.yml` | `.gitea/workflows/release-dry-run.yml` |
|
||||
| `files/template-compliance-gitea.yml` | `.gitea/workflows/template-compliance.yml` |
|
||||
| `files/release-checklist.md` | `docs/release-checklist.md` |
|
||||
| `files/security-review.md` | `docs/security-review.md` |
|
||||
| `files/blueprint.md` | `blueprint.md` |
|
||||
@@ -127,6 +135,7 @@ When applying this kit, an agent should:
|
||||
- update security and release docs when release behavior changes,
|
||||
- add or preserve scheduled security automation for releasable projects,
|
||||
- add or preserve scheduled repository cleanup checks for active projects,
|
||||
- add dependency, release dry-run, and template compliance checks when they fit the project,
|
||||
- update `docs/agent-handoff.md` when work is interrupted, risky, or multi-session,
|
||||
- run `git diff --check` before finishing,
|
||||
- run the cheapest reliable verification command,
|
||||
@@ -164,6 +173,36 @@ The workflow is intentionally non-destructive. It must not delete files, branche
|
||||
|
||||
<p align="center"><img src="https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/rainbow.png" alt="-----------------------------------------------------" width="100%"></p>
|
||||
|
||||
## Dependency Automation
|
||||
|
||||
`files/dependency-check-gitea.yml` provides a weekly dependency health report.
|
||||
|
||||
It detects common stacks and reports:
|
||||
|
||||
- security audit results,
|
||||
- outdated Node, Python, Rust, and Go dependencies,
|
||||
- Docker base image references that should be reviewed manually.
|
||||
|
||||
The workflow does not update lockfiles, create pull requests, or publish packages. Agents should use the report as a starting point for focused dependency update branches.
|
||||
|
||||
<p align="center"><img src="https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/rainbow.png" alt="-----------------------------------------------------" width="100%"></p>
|
||||
|
||||
## Release Dry Run
|
||||
|
||||
`files/release-dry-run-gitea.yml` checks whether a project looks ready to release without creating a release.
|
||||
|
||||
It checks release documents, unresolved placeholders, stack-specific build/test commands where they can be detected, and likely artifact directories. It must not create tags, releases, packages, or uploaded artifacts.
|
||||
|
||||
<p align="center"><img src="https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/rainbow.png" alt="-----------------------------------------------------" width="100%"></p>
|
||||
|
||||
## Template Compliance
|
||||
|
||||
`files/template-compliance-gitea.yml` checks whether a repository still follows the Codex kit baseline.
|
||||
|
||||
It verifies required agent context files, unresolved placeholders, README divider usage for generated READMEs, and recommended workflow presence. Treat failures as maintenance guidance, not as a reason to overwrite project-specific documentation blindly.
|
||||
|
||||
<p align="center"><img src="https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/rainbow.png" alt="-----------------------------------------------------" width="100%"></p>
|
||||
|
||||
## Gitea API Token
|
||||
|
||||
When working with private repositories on `git.wilkensxl.de`, Codex agents may find a local `GITEA_TOKEN` environment variable on the machine.
|
||||
|
||||
Reference in New Issue
Block a user