You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Certain artifacts such as SECURITY.md, CODE_OF_CONDUCT.md, and certain GitHub Actions Workflow files need to be consistent across our GitHub Repositories. To achieve this, we can utilise TODO Group's repolinter, which provides an epressive, declarative JSON- and YAML-based format for validating the existence of files and directories and validating file hashes, just to name a few. Notably, repolinter supports remote URLs for its configuration file, which we can exploit to ensure a consistent configuration that's hosted in this Git Repository.
In addition repolinter can be used to either scan the current or remote Git Repositories, which allows us to perform "meta validation" whereby we host a GitHub Action Workflow in this Git Repository to periodically scan all of our Git Repositories for a standardised GitHub Action Workflow which triggers the repolinter scans for that Git Repository.
TODO Group is under the Linux Foundation, and repolinter can be considered a mature project.
Philips Labs' Continuous Compliance Action is a fork of repolinter with some additional features which attempt to complete the compliance reporting lifecycle. From its README:
We started working on a fork of Repolinter, one that introduced the ability create different GitHub issues per rule that was broken.
Currently it's considered a work-in-progress, and could be considered as an alternative to repolinter.
For certain artifacts such as SECURITY.md and CODE_OF_CONDUCT.md, GitHub can provide links to a centralised copy hosted in the .github Git Repository for those that don't already have their own. This is what the Node.js GitHub Organisation is doing: nodejs/admin#644. However, the tradeoffs are:
Only limited artifacts are replicated
GitHub Action Workflows cannot be replicated
These artifacts are not visible when performing a git pull to a local machine
The text was updated successfully, but these errors were encountered:
Certain artifacts such as
SECURITY.md,CODE_OF_CONDUCT.md, and certain GitHub Actions Workflow files need to be consistent across our GitHub Repositories. To achieve this, we can utilise TODO Group'srepolinter, which provides an epressive, declarative JSON- and YAML-based format for validating the existence of files and directories and validating file hashes, just to name a few. Notably,repolintersupports remote URLs for its configuration file, which we can exploit to ensure a consistent configuration that's hosted in this Git Repository.In addition
repolintercan be used to either scan the current or remote Git Repositories, which allows us to perform "meta validation" whereby we host a GitHub Action Workflow in this Git Repository to periodically scan all of our Git Repositories for a standardised GitHub Action Workflow which triggers therepolinterscans for that Git Repository.TODO Group is under the Linux Foundation, and
repolintercan be considered a mature project.Philips Labs' Continuous Compliance Action is a fork of
repolinterwith some additional features which attempt to complete the compliance reporting lifecycle. From itsREADME:Currently it's considered a work-in-progress, and could be considered as an alternative to
repolinter.For certain artifacts such as
SECURITY.mdandCODE_OF_CONDUCT.md, GitHub can provide links to a centralised copy hosted in the.githubGit Repository for those that don't already have their own. This is what the Node.js GitHub Organisation is doing: nodejs/admin#644. However, the tradeoffs are:git pullto a local machineThe text was updated successfully, but these errors were encountered: