Protect code branches. In GitHub settings “Branch protection rules” select:
| https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging |
| https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging |
GitHub Actions is the preferred CI platform to implement checks. Create a test pipeline, consider required checks for:
| https://github.com/apps/dco |
| Linting GitHub Action workflow .yaml Files: https://github.com/rhysd/actionlint |
| |
| |
| |
| Example - ReadTheDocs webhook: |
| Example - CodeQL: Example - Snyk: https://docs.snyk.io/integrations/git-repository-scm-integrations/github-integration |
| Dependabot: Trivy: https://github.com/aquasecurity/trivy It supports pom.xml files but not build.gradle files. If you have a Gradle project you can use the Maven Publish Gradle plugin to generate an equivalent pom.xml file. |
|
| https://docs.github.com/en/actions/using-workflows/reusing-workflows |
Use GitHub Actions efficiently and reduce unnecessary runner usage:
| https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run |
| Via built-in GitHub YAML syntax: Via third-party GitHub Action: https://github.com/dorny/paths-filter |
| https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet |
| |
| |
| The simplest way to do this is to simply open the pull request for your own fork's main branch the same way as you would open it for the upstream repository's. |
| |
| https://code.visualstudio.com/docs/devcontainers/containers |
|
Where appropriate, implement pre-commit rules (Stephen Curran can you clarify?) - Peter: I've added an item above for what I think this means. (If it's not a match, we can add more/different items of course)
Encourage developers to run tests locally before opening a pull request.
If due to technical constraints it is not possible to run the tests locally at all, the next best thing to encourage contributors is to run the CI on their personal fork (submit a PR against their their personal fork's main branch first while drafting the PR). Once the tests are passing on their fork's CI, they are ready to open the PR for review on the upstream repository.
| |
| |
|