Skip to content
This repository was archived by the owner on May 7, 2026. It is now read-only.

Add GitHub-related configuration#3

Open
mcdonnnj wants to merge 5 commits into
developfrom
add_codeql_and_codeowners
Open

Add GitHub-related configuration#3
mcdonnnj wants to merge 5 commits into
developfrom
add_codeql_and_codeowners

Conversation

@mcdonnnj

@mcdonnnj mcdonnnj commented Sep 29, 2022

Copy link
Copy Markdown
Member

🗣 Description

This pull request adds some core GitHub configuration files from cisagov/skeleton-docker. This includes:

  • dependabot configuration file
  • CodeQL workflow
  • CODEOWNERS file

💭 Motivation and context

This sets up some bare bones security maintenance and will alert our team if anyone were to create a pull request in this repository.

🧪 Testing

We don't need no testin'.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • These code changes follow cisagov code standards.

@mcdonnnj
Add some core GitHub maintenance files to this repository
a207c9f 
This includes a CODEOWNERS file, dependabot configuration, and CodeQL
workflow.
@mcdonnnj mcdonnnj added improvement This issue or pull request will add new or improve existing functionality dependencies Pull requests that update a dependency file labels Sep 29, 2022
@mcdonnnj mcdonnnj requested review from dav3r, felddy and jsf9k September 29, 2022 19:55
@mcdonnnj mcdonnnj self-assigned this Sep 29, 2022
jsf9k
jsf9k approved these changes Sep 29, 2022
View reviewed changes

@jsf9k jsf9k left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ad astra!

dav3r
dav3r suggested changes Sep 29, 2022
View reviewed changes

@dav3r dav3r left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my small, but important note.

Comment thread .github/CODEOWNERS Outdated
mcdonnnj and others added 2 commits September 29, 2022 16:03
@mcdonnnj @dav3r
Refine CODEOWNERS configuration
a023bb6 
The only thing we're willing to own is the `.github/` directory.

Co-authored-by: dav3r <daver@geekpad.com>
@mcdonnnj
Use updated CodeQL workflow
ef56f68 
This pulls in an updated CodeQL workflow from
cisagov/skeleton-python-library.
dav3r
dav3r approved these changes Sep 29, 2022
View reviewed changes

@dav3r dav3r left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍 🚀

@mcdonnnj
Add javascript as a language checked by CodeQL
5022477 
There is some JavaScript in this repository so it should be checked.
@mcdonnnj
Update dependabot configuration
64967ef 
This modifies the docker and pip configuration to reflect the
organization of this repository. It also adds checking for npm since
this project contains a package.json file.
@mcdonnnj mcdonnnj requested review from dav3r, felddy and jsf9k September 29, 2022 20:30
jsf9k
jsf9k approved these changes Sep 29, 2022
View reviewed changes

@jsf9k jsf9k left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@felddy felddy Awaiting requested review from felddy

@dav3r dav3r Awaiting requested review from dav3r

1 more reviewer

@jsf9k jsf9k jsf9k approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mcdonnnj mcdonnnj

Labels

dependencies Pull requests that update a dependency file improvement This issue or pull request will add new or improve existing functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mcdonnnj @felddy @jsf9k @dav3r