ext-github-ci v0.1.0
template
capsule://quake0day/[email protected]
Defines standard GitHub Actions workflows for automating continuous integration, dependency updates, code quality analysis (CodeQL), and supply-chain security scanning (Scorecard) for a Node.js project. This capsule provides a template for setting up a robust CI/CD pipeline.
Owns
- GitHub Actions workflow definitions for CI, CodeQL, Scorecard.
- Dependabot configuration for automated dependency updates.
Does not own
- Application source code.
- Local development tools or configurations.
AI orientation
This capsule manages the GitHub Actions workflows for CI, CodeQL, Scorecard, and Dependabot. An AI agent working on this should focus on updating action versions, optimizing workflow performance, adding new CI checks, or ensuring security best practices are followed in the pipeline. Pay close attention to the Node.js version matrix and npm commands in `ci.yml`.
Avoid
- Modifying application logic within these workflow files.
- Introducing non-CI/CD related configurations.
Invariants (must always hold)
- All CI workflows must pass on successful builds.
- CodeQL and Scorecard scans must run regularly and report findings.
- Dependabot must be configured to keep dependencies up-to-date.
Source files (4)
Click any file to view its content; the path on the right shows where the file lands when this capsule is installed.
src/.github/dependabot.yml→ci/.github/dependabot.ymlsrc/.github/workflows/ci.yml→ci/.github/workflows/ci.ymlsrc/.github/workflows/codeql.yml→ci/.github/workflows/codeql.ymlsrc/.github/workflows/scorecard.yml→ci/.github/workflows/scorecard.yml
Plus capsule.yaml and
install.json.