-
Notifications
You must be signed in to change notification settings - Fork 0
Pipeline Automation
This repository uses several tools to scan code, commits and dependencies. These are primarily driven through the use of PR checks and deployment runs using GitHub actions.
The aim is to use free and open source tools wherever possible to detect bugs, vulnerabilities and codesmells as early as possible before any changes are merged to main. Dependabot is used to automatically manage dependencies via Pull Requests, so version bumps are not necessary unless you have an opinion on the matter of course.
If you wish to contribute, please read the contributing.md file in the repository for details on what tooling you will need to make sure your Pull Request will merge successfully.
Pull Requests are checked automatically when they are raised, the comment action must show 0 vulnerabilities to be acceptable for merge.
Tip
Run the tooling locally on your changes first, for a faster feedback loop than Pull Requests give you.
Caution
A Pull Request with an unfixed vulnerability of medium severity or higher will be blocked from merging, unless fixed or justified to a CODEOWNER.
This is a list of tooling used by this repository:
| Capability | Tools |
|---|---|
| File linting | Super Linter |
| Commit Standardisation | Conventional Commits |
| Code Bugs | CodeQL semgrep |
| Container Vulnerabilities | Grype Scout Trivy |
| Static Asset Deployment | Custom S3/CLI R2 Action |
| Container Deployment | Google Cloud Build |
| Versioning | Semver via Tag action by anothrNick |