Skip to content

Commit d6a6553

Browse files
challgrenclaude
andcommitted
Enhance GitHub Actions workflows and Dependabot configuration
- Pin ShellCheck action to v2.0.0 instead of using @master - Update Dependabot config with comprehensive settings: - Add labels, commit message prefixes, and PR limits - Configure versioning strategy and branch naming - Add scheduling for weekly updates on Mondays - Add new Python linting workflow with multiple linters: - Black, isort, Flake8, Pylint, and MyPy - Test against Python 3.9-3.12 - Add Docker Compose validation workflow - Validate syntax and check for potential secrets 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
1 parent b1ba664 commit d6a6553

4 files changed

Lines changed: 156 additions & 29 deletions

File tree

.github/dependabot.yml

Lines changed: 45 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,58 +1,75 @@
1-
# To get started with Dependabot version updates, you'll need to specify which
2-
# package ecosystems to update and where the package manifests are located.
3-
# Please see the documentation for all configuration options:
4-
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
1+
# Dependabot configuration for automatic dependency updates
2+
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
53

64
version: 2
7-
85
updates:
9-
# Maintain dependencies for GitHub Actions
10-
- package-ecosystem: "github-actions"
6+
# Python dependencies
7+
- package-ecosystem: "pip"
118
directory: "/"
129
schedule:
1310
interval: "weekly"
14-
assignees:
15-
- "challgren"
11+
day: "monday"
12+
time: "04:00"
13+
open-pull-requests-limit: 5
1614
reviewers:
1715
- "challgren"
16+
labels:
17+
- "dependencies"
18+
- "python"
19+
commit-message:
20+
prefix: "chore"
21+
prefix-development: "chore"
22+
include: "scope"
23+
pull-request-branch-name:
24+
separator: "/"
25+
versioning-strategy: "increase"
1826
groups:
19-
github-actions:
27+
python-dependencies:
2028
patterns:
2129
- "*"
22-
update-types:
23-
- "minor"
24-
- "patch"
30+
# To ignore specific dependencies, uncomment and add them here:
31+
# ignore:
32+
# - dependency-name: "package-name"
33+
# versions: ["x.x.x"]
2534

26-
# Maintain dependencies for Docker
35+
# Docker dependencies
2736
- package-ecosystem: "docker"
2837
directory: "/"
2938
schedule:
3039
interval: "weekly"
31-
assignees:
32-
- "challgren"
40+
day: "monday"
41+
time: "04:00"
42+
open-pull-requests-limit: 5
3343
reviewers:
3444
- "challgren"
45+
labels:
46+
- "dependencies"
47+
- "docker"
48+
commit-message:
49+
prefix: "chore"
50+
include: "scope"
3551
groups:
3652
docker-dependencies:
3753
patterns:
3854
- "*"
39-
update-types:
40-
- "minor"
41-
- "patch"
4255

43-
# Maintain dependencies for pip
44-
- package-ecosystem: "pip"
56+
# GitHub Actions
57+
- package-ecosystem: "github-actions"
4558
directory: "/"
4659
schedule:
4760
interval: "weekly"
48-
assignees:
49-
- "challgren"
61+
day: "monday"
62+
time: "04:00"
63+
open-pull-requests-limit: 5
5064
reviewers:
5165
- "challgren"
66+
labels:
67+
- "dependencies"
68+
- "github-actions"
69+
commit-message:
70+
prefix: "chore"
71+
include: "scope"
5272
groups:
53-
python-dependencies:
73+
github-actions:
5474
patterns:
55-
- "*"
56-
update-types:
57-
- "minor"
58-
- "patch"
75+
- "*"
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
name: Docker Compose Lint
2+
3+
permissions:
4+
contents: read
5+
6+
on:
7+
pull_request:
8+
paths:
9+
- "docker-compose*.yml"
10+
- ".github/workflows/docker-compose-lint.yml"
11+
push:
12+
branches:
13+
- main
14+
- master
15+
paths:
16+
- "docker-compose*.yml"
17+
- ".github/workflows/docker-compose-lint.yml"
18+
19+
jobs:
20+
validate:
21+
name: Validate Docker Compose files
22+
runs-on: ubuntu-latest
23+
steps:
24+
- name: Checkout
25+
uses: actions/checkout@v4
26+
27+
- name: Validate docker-compose.yml
28+
run: docker compose -f docker-compose.yml config --quiet
29+
30+
- name: Validate docker-compose.proxy-test.yml
31+
run: docker compose -f docker-compose.proxy-test.yml config --quiet
32+
if: hashFiles('docker-compose.proxy-test.yml') != ''
33+
34+
- name: Check for secrets in compose files
35+
run: |
36+
# Check for potential secrets or sensitive data
37+
for file in docker-compose*.yml; do
38+
if [ -f "$file" ]; then
39+
echo "Checking $file for potential secrets..."
40+
if grep -iE "(password|secret|token|key|api).*[:=].*['\"]" "$file"; then
41+
echo "Warning: Potential secrets found in $file"
42+
fi
43+
fi
44+
done

.github/workflows/python-lint.yml

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
name: Python Lint
2+
3+
permissions:
4+
contents: read
5+
6+
on:
7+
pull_request:
8+
paths:
9+
- "**.py"
10+
- "requirements.txt"
11+
- ".github/workflows/python-lint.yml"
12+
push:
13+
branches:
14+
- main
15+
- master
16+
paths:
17+
- "**.py"
18+
- "requirements.txt"
19+
- ".github/workflows/python-lint.yml"
20+
21+
jobs:
22+
lint:
23+
name: Python Linting
24+
runs-on: ubuntu-latest
25+
strategy:
26+
matrix:
27+
python-version: ["3.9", "3.10", "3.11", "3.12"]
28+
29+
steps:
30+
- name: Checkout code
31+
uses: actions/checkout@v4
32+
33+
- name: Set up Python ${{ matrix.python-version }}
34+
uses: actions/setup-python@v5
35+
with:
36+
python-version: ${{ matrix.python-version }}
37+
cache: 'pip'
38+
39+
- name: Install dependencies
40+
run: |
41+
python -m pip install --upgrade pip
42+
pip install -r requirements.txt
43+
pip install flake8 black isort mypy pylint
44+
45+
- name: Run Black (format check)
46+
run: black --check --diff app.py
47+
continue-on-error: true
48+
49+
- name: Run isort (import sorting)
50+
run: isort --check-only --diff app.py
51+
continue-on-error: true
52+
53+
- name: Run Flake8 (style guide)
54+
run: |
55+
# Stop the build if there are Python syntax errors or undefined names
56+
flake8 app.py --count --select=E9,F63,F7,F82 --show-source --statistics
57+
# Exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
58+
flake8 app.py --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
59+
60+
- name: Run Pylint
61+
run: pylint app.py --exit-zero --max-line-length=127
62+
continue-on-error: true
63+
64+
- name: Run MyPy (type checking)
65+
run: mypy app.py --ignore-missing-imports
66+
continue-on-error: true

.github/workflows/shellcheck.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
uses: actions/checkout@v4
2828

2929
- name: Run ShellCheck
30-
uses: ludeeus/action-shellcheck@master
30+
uses: ludeeus/action-shellcheck@2.0.0
3131
with:
3232
scandir: "./rootfs"
3333
severity: warning

0 commit comments

Comments
 (0)