From 44711c1dc0e23e524cf3653ef3b19ce44d5e358f Mon Sep 17 00:00:00 2001 From: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> Date: Wed, 1 Jan 2025 16:55:37 -0500 Subject: [PATCH] [ver](build): version updates (#101) * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [ver](build): version updates Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [setup](build): add base_workflows Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [cleanup](build): .github/workflows/jekyll-gh-pages.yml - use jekyll.yml Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [setup](web): copied/adapted from @RalphHightower/blog Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [info](web): half copied from @RalphHightower/blog Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> * [info](web): delete duplicate show_excerpts Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> --------- Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com> --- .github/workflows/Accounts.yml | 2 +- .github/workflows/Assets.yml | 2 +- .../workflows/BeagleIdentificationPhotos.yml | 2 +- .github/workflows/Beagles.yml | 2 +- .github/workflows/ComputerSettings.yml | 2 +- .github/workflows/EquipmentDistrbution.yml | 2 +- .github/workflows/GitHubActionPermissions.md | 12 ++ .github/workflows/NetworkSettings.yml | 2 +- .github/workflows/NewYearUpdateCopyright.yml | 13 +- .github/workflows/Obituary.yml | 2 +- .github/workflows/SongsForService.yml | 2 +- .github/workflows/ci.yaml | 30 ++++ .github/workflows/codeql.yml | 73 ++++++++++ .github/workflows/dependabot.txt | 46 ++++++ .github/workflows/dependency-review.yml | 22 +++ .github/workflows/jekyll-gh-pages.yml | 50 ------- .github/workflows/jekyll.yml | 66 +++++++++ .github/workflows/permission_advisor.yml | 27 ++++ .github/workflows/readme-checker.yml | 19 +++ .github/workflows/release-please.yml | 30 +++- .github/workflows/release.yml | 33 +++++ .github/workflows/scorecard.yml | 36 +++++ .github/workflows/semantic-release.yml | 124 ++++++++++++++++ .github/workflows/test.yml | 86 +++++++++++ _config.yml | 137 +++++++++++++----- 25 files changed, 718 insertions(+), 104 deletions(-) create mode 100644 .github/workflows/GitHubActionPermissions.md create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependabot.txt create mode 100644 .github/workflows/dependency-review.yml delete mode 100644 .github/workflows/jekyll-gh-pages.yml create mode 100644 .github/workflows/jekyll.yml create mode 100644 .github/workflows/permission_advisor.yml create mode 100644 .github/workflows/readme-checker.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/scorecard.yml create mode 100644 .github/workflows/semantic-release.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/Accounts.yml b/.github/workflows/Accounts.yml index 03de4cb5..1c2f5d28 100644 --- a/.github/workflows/Accounts.yml +++ b/.github/workflows/Accounts.yml @@ -15,7 +15,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/Assets.yml b/.github/workflows/Assets.yml index fed09922..a12a2784 100644 --- a/.github/workflows/Assets.yml +++ b/.github/workflows/Assets.yml @@ -15,7 +15,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/BeagleIdentificationPhotos.yml b/.github/workflows/BeagleIdentificationPhotos.yml index be57652f..f9df9b74 100644 --- a/.github/workflows/BeagleIdentificationPhotos.yml +++ b/.github/workflows/BeagleIdentificationPhotos.yml @@ -14,7 +14,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/Beagles.yml b/.github/workflows/Beagles.yml index 667efd1f..90f98b63 100644 --- a/.github/workflows/Beagles.yml +++ b/.github/workflows/Beagles.yml @@ -14,7 +14,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/ComputerSettings.yml b/.github/workflows/ComputerSettings.yml index 903e705f..cbcf64f5 100644 --- a/.github/workflows/ComputerSettings.yml +++ b/.github/workflows/ComputerSettings.yml @@ -15,7 +15,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/EquipmentDistrbution.yml b/.github/workflows/EquipmentDistrbution.yml index dfd29f4f..b49de52b 100644 --- a/.github/workflows/EquipmentDistrbution.yml +++ b/.github/workflows/EquipmentDistrbution.yml @@ -15,7 +15,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/GitHubActionPermissions.md b/.github/workflows/GitHubActionPermissions.md new file mode 100644 index 00000000..6a495a3c --- /dev/null +++ b/.github/workflows/GitHubActionPermissions.md @@ -0,0 +1,12 @@ +permissions: + actions: read|write|none + checks: read|write|none + contents: read|write|none + deployments: read|write|none + issues: read|write|none + packages: read|write|none + pull-requests: read|write|none + repository-projects: read|write|none + security-events: read|write|none + statuses: read|write|none + \ No newline at end of file diff --git a/.github/workflows/NetworkSettings.yml b/.github/workflows/NetworkSettings.yml index 73b95c87..dc9d3c85 100644 --- a/.github/workflows/NetworkSettings.yml +++ b/.github/workflows/NetworkSettings.yml @@ -19,7 +19,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/NewYearUpdateCopyright.yml b/.github/workflows/NewYearUpdateCopyright.yml index e414230d..8e6358e7 100644 --- a/.github/workflows/NewYearUpdateCopyright.yml +++ b/.github/workflows/NewYearUpdateCopyright.yml @@ -4,7 +4,18 @@ on: schedule: - cron: "0 5 1 1 *" # America/New_York (UTC-5:00) -permissions: none +permissions: + actions: none + checks: none + contents: none + deployments: none + issues: none + packages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none + jobs: create_issue: name: Create issue to update copyright year diff --git a/.github/workflows/Obituary.yml b/.github/workflows/Obituary.yml index 8df42012..726abb00 100644 --- a/.github/workflows/Obituary.yml +++ b/.github/workflows/Obituary.yml @@ -19,7 +19,7 @@ jobs: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} #node-version: 'node16' - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines cellphone: ${{secrets.CELL_PHONE}} diff --git a/.github/workflows/SongsForService.yml b/.github/workflows/SongsForService.yml index b9af4ada..eb785b87 100644 --- a/.github/workflows/SongsForService.yml +++ b/.github/workflows/SongsForService.yml @@ -15,7 +15,7 @@ jobs: with: #node-version: 'node16' ref: ${{ github.event.push.head.ref }} - - uses: docker://pandoc/core:3.5 + - uses: docker://pandoc/core:3.6.1 with: args: >- # allows you to break string into multiple lines --standalone diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 00000000..f238b272 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,30 @@ +name: ci.yml – Continuous Integration +on: + push: + branches: + - main + pull_request: + branches: + - main +permissions: + contents: read + +jobs: + build: + name: "Test with Jekyll ${{ matrix.jekyll }}" + runs-on: "ubuntu-latest" + strategy: + matrix: + jekyll: ["~> 4.3.4"] + env: + JEKYLL_VERSION: ${{ matrix.jekyll }} + steps: + - name: Checkout Repository + uses: actions/checkout@v4.2.2 + - name: Set Up Ruby 3.3.6 + uses: ruby/setup-ruby@v1.206.0 + with: + ruby-version: 3.3.6 + bundler-cache: true + - name: Run tests + run: script/cibuild diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..e7cd3e37 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,73 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: ["main"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["main"] + schedule: + - cron: "0 0 * * 1" + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["ruby"] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4.2.2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/autobuild@v2.19.4 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v3.27.4 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2.19.3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependabot.txt b/.github/workflows/dependabot.txt new file mode 100644 index 00000000..35221670 --- /dev/null +++ b/.github/workflows/dependabot.txt @@ -0,0 +1,46 @@ +# Basic `dependabot.yml` file with +# minimum configuration for two package managers + +version: 2 +updates: + # Enable version updates for npm + - package-ecosystem: "npm" + # Look for `package.json` and `lock` files in the `root` directory + directory: "/" + # Check the npm registry for updates every day (weekdays) + schedule: + interval: "daily" + commit-message: + prefix: "[info](sec) npm: " + + # Enable version updates for Docker + - package-ecosystem: "docker" + # Look for a `Dockerfile` in the `root` directory + directory: "/" + # Check for updates once a week + schedule: + interval: "weekly" + commit-message: + prefix: "[info](sec) docker: " + + # Enable version updates for GitHub Actions + - package-ecosystem: "github-actions" + # Workflow files stored in the default location of `.github/workflows` + # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`. + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "[info](sec) gh-action: " + + # Enable version updates for Ruby + - package-ecosystem: "bundler" + # Look for `Ruby Gems` in the following directories + # directories: + # - "/" + # - "_plugins" + # Check for updates once a week + schedule: + interval: "weekly" + commit-message: + prefix: "[info](sec) bundler: " diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..287f5838 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,22 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, +# PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +name: 'dependency – Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v4.2.2 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4.5.0 diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml deleted file mode 100644 index ce77338f..00000000 --- a/.github/workflows/jekyll-gh-pages.yml +++ /dev/null @@ -1,50 +0,0 @@ -# Sample workflow for building and deploying a Jekyll site to GitHub Pages -name: Deploy Jekyll with GitHub Pages dependencies preinstalled - -on: - # Runs on pushes targeting the default branch - push: - branches: ["main"] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages -permissions: - contents: read - pages: write - id-token: write - -# Allow one concurrent deployment -concurrency: - group: "pages" - cancel-in-progress: true - -jobs: - # Build job - build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Pages - uses: actions/configure-pages@v5.0.0 - - name: Build with Jekyll - uses: actions/jekyll-build-pages@v1.0.13 - with: - source: ./ - destination: ./_site - - name: Upload GitHub Pages artifact - uses: actions/upload-pages-artifact@v3.0.1 - - # Deployment job - deploy: - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest - needs: build - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@v4.0.5 diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml new file mode 100644 index 00000000..adc66b1e --- /dev/null +++ b/.github/workflows/jekyll.yml @@ -0,0 +1,66 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# Sample workflow for building and deploying a Jekyll site to GitHub Pages +name: jekyll.yml – Deploy Jekyll site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: ["main", "_staging", "next"] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4.2.2 + - name: Setup Ruby + uses: ruby/setup-ruby@v1.206.0 + with: + ruby-version: '3.3.6' # Not needed with a .ruby-version file + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + cache-version: 1 # Increment this number if you need to re-download cached gems + - name: Setup Pages + id: pages + uses: actions/configure-pages@v5.0.0 + - name: Build with Jekyll + # Outputs to the './_site' directory by default + run: bundle exec jekyll build --trace --incremental --baseurl "${{ steps.pages.outputs.base_path }}" + env: + JEKYLL_ENV: production + JEKYLL_GITHUB_TOKEN: ${{secrets.JEKYLL_METADATA_TOKEN}} + LOG_LEVEL: debug + - name: Upload artifact + # Automatically uploads an artifact from the './_site' directory by default + uses: actions/upload-pages-artifact@v3.0.1 + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4.0.5 diff --git a/.github/workflows/permission_advisor.yml b/.github/workflows/permission_advisor.yml new file mode 100644 index 00000000..79ee96a2 --- /dev/null +++ b/.github/workflows/permission_advisor.yml @@ -0,0 +1,27 @@ +# Sample workflow to run the action +name: permission_advisor.yml — Permissions Advisor + +permissions: + actions: read + +on: + workflow_dispatch: + inputs: + name: + description: 'The name of the workflow file to analyze' + required: true + type: string + count: + description: 'How many last runs to analyze' + required: false + type: number + default: 10 + +jobs: + advisor: + runs-on: ubuntu-latest + steps: + - uses: GitHubSecurityLab/actions-permissions/advisor@v1.0.2-beta5 + with: + name: ${{ inputs.name }} + count: ${{ inputs.count }} diff --git a/.github/workflows/readme-checker.yml b/.github/workflows/readme-checker.yml new file mode 100644 index 00000000..9f426c8a --- /dev/null +++ b/.github/workflows/readme-checker.yml @@ -0,0 +1,19 @@ +name: readme-checker.yml – Checks for suggested markdown +on: [push, pull_request] + +permissions: + contents: read + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4.2.2 + - name: Checking markdown + uses: DavidAnson/markdownlint-cli2-action@v18.0.0 + with: + globs: | + *.md + **/*.md + !test/*.md diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 540ef116..9dc24b4e 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -1,18 +1,34 @@ +name: release-please.yml – Automate releases with Conventional Commit Messages. on: push: branches: - main + +permissions: + actions: none + checks: none + contents: none + deployments: none + issues: none + packages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none + name: release-please + jobs: release-please: runs-on: ubuntu-latest steps: - - uses: google-github-actions/release-please-action@v4 + - uses: googleapis/release-please-action@4.1.3 with: + contents: write + # this assumes that you have created a personal access token + # (PAT) and configured it as a GitHub action secret named + # `MY_RELEASE_PLEASE_TOKEN` (this secret name is not important). + token: ${{ secrets.GITHUB_TOKEN }} + # this is a built-in strategy in release-please, see "Action Inputs" + # for more options release-type: simple - package-name: release-please-action - #...(same as above) - #steps: - # - uses: google-github-actions/release-please-action@v4 - # with: - # command: manifest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..ffc83673 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,33 @@ +name: release.yml – Release +on: + push: + branches: + - main + - next + - beta + - "*.x" +permissions: + contents: read # for checkout +jobs: + release: + permissions: + contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance + name: release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.2.2 + - uses: actions/setup-node@v4.1.0 + with: + cache: npm + node-version: lts/* + - run: npm clean-install + - run: corepack npm audit signatures + # pinned version updated automatically by Renovate. + # details at https://semantic-release.gitbook.io/semantic-release/usage/installation#global-installation + - run: npx semantic-release@v24.2.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NPM_TOKEN: ${{ secrets.SEMANTIC_RELEASE_BOT_NPM_TOKEN }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..9fb46bd1 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,36 @@ +name: scorecard.yml — OpenSSF Scorecard +"on": + schedule: + - cron: 31 2 * * 1 + push: + branches: + - main +permissions: read-all +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + security-events: write + id-token: write + steps: + - name: Checkout code + uses: actions/checkout@v4.2.2 + with: + persist-credentials: false + - name: Run analysis + uses: ossf/scorecard-action@v2.4.0 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + - name: Upload artifact + uses: actions/upload-artifact@v4.4.3 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + - name: Upload to code-scanning + uses: github/codeql-action/upload-sarif@v2.20.0 + with: + sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml new file mode 100644 index 00000000..bb5c52e2 --- /dev/null +++ b/.github/workflows/semantic-release.yml @@ -0,0 +1,124 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +name: systematic-release.yml – Pull Request + +on: + pull_request: + types: + - opened + - reopened + - edited + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.number }} + cancel-in-progress: true + +permissions: + contents: read + # contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance name: Check pull request title + +jobs: + main: + runs-on: ubuntu-latest + steps: + name: semantic release + uses: amannn/action-semantic-pull-request@v5.5.3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + # Type abbreviation comments: + # feat -> feature + # blog, info (2023-08-07 RalphHightower) + types: | + blog + cleanup + docs + feat + fix + improve + info + refactor + revert + # Scope abbreviation comments: + # biz -> business layer (2023-08-07 RalphHightower) + # cli -> command line interface + # data -> data access layer (2023-08-07 RalphHightower) + # fn -> Pulsar Functions + # grammar -> Language corrections: grammar, spelling (RalphHightower 202308-06) + # io -> Pulsar Connectors + # md -> Markdown (2023-07-30 RalphHightower) + # offload -> tiered storage + # sec -> security + # sql -> Pulsar Trino Plugin + # trans -> transaction (2023-08-07 RalphHightower) + # txn -> transaction + # ws -> websocket + # ml -> managed ledger + # zk -> zookeeper + # bk -> bookkeeper + # ui -> user interface (2023-08-07 RalphHightower) + scopes: | + admin + biz + bk + broker + build + ci + cli + client + config + data + doc + docs + fn + grammar + io + md + meta + misc + ml + monitor + offload + proxy + schema + sec + site + sql + scss + storage + test + trans + txn + ws + ui + yml + zk + pip + # The pull request's title should be fulfilled the following pattern: + # + # [][] + # + # ... where valid types and scopes can be found above; for example: + # + # [fix][test] flaky test V1_ProxyAuthenticationTest.anonymousSocketTest + headerPattern: '^\[(\w*?)\](?:\[(.*?)\])?(?:\s*)(.*)$' + headerPatternCorrespondence: type, scope, subject diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..d1cf2618 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,86 @@ +name: test.yml — Test + +on: + push: + branches: + - main + # renovate/** branches are generated by https://github.com/apps/renovate + - renovate/** + + pull_request: + types: + - opened + - synchronize + +permissions: + contents: read # to fetch code (actions/checkout) + +env: + FORCE_COLOR: 1 + NPM_CONFIG_COLOR: always + +jobs: + # verify against ranges defined as supported in engines.node + test_matrix: + strategy: + matrix: + node-version: + - 20.8.1 + - 20 + - 21 + + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + + - uses: actions/checkout@v4.2.2 + - run: git config --global user.name github-actions + - run: git config --global user.email github-actions@github.com + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v4.1.0 + with: + node-version: ${{ matrix.node-version }} + cache: npm + - run: npm clean-install + - run: corepack npm audit signatures + - run: npm test + + # verify against the node version defined for development in the .nvmrc + test_dev: + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - name: Test + - uses: actions/checkout@v4.2.2 + - run: git config --global user.name github-actions + - run: git config --global user.email github-actions@github.com + - name: Use Node.js from .nvmrc + uses: actions/setup-node@v4.1.0 + with: + node-version-file: .nvmrc + cache: npm + - run: npm clean-install + - run: corepack npm audit signatures + - run: npm test + + # separate job to set as required in branch protection, + # as the build names above change each time Node versions change + test: + runs-on: ubuntu-latest + needs: + - test_dev + - test_matrix + if: ${{ !cancelled() }} + steps: + - name: All matrix versions passed + if: ${{ !(contains(needs.*.result, 'failure')) }} + run: exit 0 + - name: Some matrix version failed + if: ${{ contains(needs.*.result, 'failure') }} + run: exit 1 diff --git a/_config.yml b/_config.yml index b41beab5..7c73aaa2 100644 --- a/_config.yml +++ b/_config.yml @@ -7,53 +7,116 @@ author: state: "South Carolina" zip_code: 29036-9765 country: United States of America - phone: +1 (803) 622-6566 #cellphone: ${{secrets.CELLPHONE}} #birthdate: ${{secrets.BIRTHDATE}} usage: The information in my EOL Instructions is reserved for my wife and attorney. description: > # this means to ignore newlines until "show_excerpts:" - End Of Life Instructions for Paula and executor. Includes Obituary, Songs For Service, what to do with power tools, outdoor power tools, - camera gear, computers. + End Of Life Instructions and Services Planning of Ralph Hightower for Paula and and/or executors, probate. Includes Obituary, Songs For Service. what to do with power tools, outdoor power tools, camera gear. Computers and network configurations. -show_excerpts: false # set to true to show excerpts on the homepage - -# Minima date format -# refer to https://shopify.github.io/liquid/filters/date/ if you want to customize this -minima: - date_format: "%Y-%m-%d %I:%M:%S.%L %p %Z" # "%b %-d, %Y" - - # generate social links in footer - social_links: - - { platform: devto, user_url: "https://dev.to/RalphHightower"} - # - { platform: dribbble, user_url: "https://dribbble.com/RalphHightower" } - # - { platform: facebook, user_url: "https://www.facebook.com/ralph.hightower" } - - { platform: flickr, user_url: "https://www.flickr.com/photos/RalphHightower" } - - { platform: github, user_url: "https://github.com/RalphHightower" } - # - { platform: google_scholar, user_url: "https://scholar.google.com/citations?user=qc6CJjYAAAAJ" } - # - { platform: instagram, user_url: "https://www.instagram.com/RalphHightower" } - # - { platform: keybase, user_url: "https://keybase.io/RalphHightower" } - - { platform: linkedin, user_url: "https://www.linkedin.com/in/RalphHightower" } - # - { platform: microdotblog, user_url: "https://micro.blog/RalphHightower" } - # - { platform: pinterest, user_url: "https://www.pinterest.com/RalphHightower" } - - { platform: stackoverflow, user_url: "https://stackoverflow.com/users/19978043/ralph-hightower" } - # - { platform: telegram, user_url: "https://t.me/RalphHightower" } - # - { platform: twitter, user_url: "https://twitter.com/RalphHightower" } - - { platform: youtube, user_url: "https://www.youtube.com/@RalphHightower" } - - -# If you want to link only specific pages in your header, uncomment -# this and add the path to the pages in order as they should show up -#header_pages: -# - about.md +repository: 'RalphHightower/EOL-RalphHightower' +url: 'https://ralphhightower.github.io' +baseurl: "EOL-RalphHightower/" +timezone: 'America/New_York' # Build settings + +# If you clone the Minima repo and build locally, use this setting. theme: minima +# As of November 2023, GitHub Pages still uses Minima 2.5.1 (https://pages.github.com/versions/). +# If you want to use the latest Minima version on GitHub Pages, use the following setting and +# add a line comment on "theme: minima" above. + plugins: - - jekyll-feed - - jekyll-seo-tag -# + - jekyll-avatar + - jekyll-feed + - jekyll-github-metadata + - jekyll-mentions + - jekyll-optional-front-matter + - jekyll-paginate + - jekyll-readme-index + - jekyll-relative-links + - jekyll-seo-tag + - jekyll-sitemap + # - jekyll-tagging + - jekyll-titles-from-headings + - jekyll_ai_related_posts + +# Theme-specific settings + +# If you want to link only specific pages in your header, use this and add the path to the pages +# in order as they should show up. +# header_pages: +# - about.md + +# Set to `true` to show excerpts on the homepage. +show_excerpts: false + +# Minima specific settings, which are only available from Minima 3.0 onward. +minima: + # Minima skin selection. + # Available skins are: + # classic Default, light color scheme. + # dark Dark variant of the classic skin. + # auto Adaptive skin based on the default classic and dark skins. + # solarized-light Light variant of solarized color scheme. + # solarized-dark Dark variant of solarized color scheme. + # solarized Adaptive skin for solarized color scheme skins. + skin: auto + +# Minima date format. +# The default value is "%b %d, %Y" (e.g. Nov 14, 2023) +# Refer to https://shopify.github.io/liquid/filters/date/ if you want to customize this. + date_format: "%F %r" + +# Generate social links in footer. + social_links: + - { platform: devto, user_url: "https://dev.to/RalphHightower"} + - { platform: facebook, user_url: "https://www.facebook.com/ralph.hightower" } + - { platform: flickr, user_url: "https://www.flickr.com/photos/RalphHightower" } + - { platform: github, user_url: "https://github.com/RalphHightower" } + - { platform: linkedin, user_url: "https://www.linkedin.com/in/RalphHightower" } + - { platform: stackoverflow, user_url: "https://stackoverflow.com/users/19978043/ralph-hightower" } + - { platform: telegram, user_url: "https://t.me/RalphHightower" } + - { platform: youtube, user_url: "https://www.youtube.com/@RalphHightower" } + # - { platform: orchid, user_url: "https://orcid.org/0009-0009-7630-3554" } + # - { platform: dribbble, user_url: "https://dribbble.com/RalphHightower" } + # - { platform: google_scholar, user_url: "https://scholar.google.com/citations?user=qc6CJjYAAAAJ" } + # - { platform: instagram, user_url: "https://www.instagram.com/RalphHightower" } + # - { platform: keybase, user_url: "https://keybase.io/RalphHightower" } + # - { platform: microdotblog, user_url: "https://micro.blog/RalphHightower" } + # - { platform: pinterest, user_url: "https://www.pinterest.com/RalphHightower" } + # - { platform: twitter, user_url: "https://twitter.com/RalphHightower" } + +# pagination +paginate: 10 +paginate_path: "/blog/page:num/" + +ai_related_posts: + openai_api_key: {{ secrets.OPEN_AI_KEY }} + fetch_enabled: prod + +optional_front_matter: + remove_originals: true + enabled: true + +readme_index: + enabled: true + remove_originals: true + with_frontmatter: true + +tag_page_layout: tag_page +tag_page_dir: tag + titles_from_headings: - enabled: true + enabled: false strip_title: true collections: true + +# Optional. The default date format is used if none is specified in the tag. +last-modified-at: + date-format: "%F %r" + +exclude: + - .ai_related_posts_cache.sqlite3 + - .ai_related_posts_cache.sqlite3-journal