Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GitHub-related configuration #3

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Add GitHub-related configuration #3

wants to merge 5 commits into from

Conversation

mcdonnnj
Copy link
Member

🗣 Description

This pull request adds some core GitHub configuration files from cisagov/skeleton-docker. This includes:

  • dependabot configuration file
  • CodeQL workflow
  • CODEOWNERS file

💭 Motivation and context

This sets up some bare bones security maintenance and will alert our team if anyone were to create a pull request in this repository.

🧪 Testing

We don't need no testin'.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • These code changes follow cisagov code standards.

@mcdonnnj
Add some core GitHub maintenance files to this repository
a207c9f 
This includes a CODEOWNERS file, dependabot configuration, and CodeQL
workflow.
@mcdonnnj mcdonnnj added improvement This issue or pull request will add new or improve existing functionality dependencies Pull requests that update a dependency file labels Sep 29, 2022
@mcdonnnj mcdonnnj requested review from felddy, jsf9k and dav3r September 29, 2022 19:55
@mcdonnnj mcdonnnj self-assigned this Sep 29, 2022
jsf9k
jsf9k approved these changes Sep 29, 2022
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ad astra!

dav3r
dav3r requested changes Sep 29, 2022
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my small, but important note.

.github/CODEOWNERS Outdated Show resolved Hide resolved
mcdonnnj and others added 2 commits September 29, 2022 16:03
@mcdonnnj @dav3r
Refine CODEOWNERS configuration
a023bb6 
The only thing we're willing to own is the `.github/` directory.

Co-authored-by: dav3r <[email protected]>
@mcdonnnj
Use updated CodeQL workflow
ef56f68 
This pulls in an updated CodeQL workflow from
cisagov/skeleton-python-library.
dav3r
dav3r approved these changes Sep 29, 2022
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍 🚀

@mcdonnnj
Add javascript as a language checked by CodeQL
5022477 
There is some JavaScript in this repository so it should be checked.
@mcdonnnj
Update dependabot configuration
64967ef 
This modifies the docker and pip configuration to reflect the
organization of this repository. It also adds checking for npm since
this project contains a package.json file.
@mcdonnnj mcdonnnj requested review from felddy, dav3r and jsf9k September 29, 2022 20:30
jsf9k
jsf9k approved these changes Sep 29, 2022
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy

@dav3r dav3r Awaiting requested review from dav3r

Assignees

@mcdonnnj mcdonnnj

Labels
dependencies Pull requests that update a dependency file improvement This issue or pull request will add new or improve existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mcdonnnj @felddy @jsf9k @dav3r