Skip to content

ci: add CI, security workflows and VERSION file#1

Merged
nixrajput merged 2 commits into
mainfrom
chore/ci-workflows
Jun 29, 2026
Merged

ci: add CI, security workflows and VERSION file#1
nixrajput merged 2 commits into
mainfrom
chore/ci-workflows

Conversation

@nixrajput

Copy link
Copy Markdown
Owner

Adds standardized GitHub workflows and a root VERSION file.

What's added

  • VERSION — root semver file (1.0.0), matching the latest v1.0.0 tag and src/pg-sync SCRIPT_VERSION. Acts as the manifest-less source of truth.
  • ci.yml — ShellCheck + make check/make test on push/PR to main.
  • version-check.yml — enforces a VERSION bump on every PR (treats a missing base VERSION as 0.0.0).
  • scorecard.yml — OpenSSF Scorecard supply-chain analysis (SARIF to Security tab).
  • stale.yml — auto-marks/closes inactive issues and PRs.
  • labeler.yml + .github/labeler.yml — path-based PR auto-labels.

Release workflow

Kept the existing tag-triggered release.yml (builds artifacts, publishes GitHub releases via softprops/action-gh-release). Did not add versionfile-release.yml to avoid two competing release workflows. Skipped dependency-review (no dependency manifest in a shell repo).

🤖 Generated with Claude Code

Introduce a root VERSION file (1.0.0, matching the latest v1.0.0 tag and
src/pg-sync SCRIPT_VERSION) as the semver source of truth, since this repo
has no package manifest.

Add standardized GitHub workflows:
- ci.yml: ShellCheck + make check/test on push/PR to main
- version-check.yml: enforce VERSION bump on every PR
- scorecard.yml: OpenSSF Scorecard supply-chain analysis
- stale.yml: auto-mark/close inactive issues and PRs
- labeler.yml + .github/labeler.yml: path-based PR auto-labels

Kept the existing tag-triggered release.yml (builds artifacts and
publishes GitHub releases); did not add versionfile-release.yml to avoid
two competing release workflows. Skipped dependency-review (no dep manifest).
The CI ShellCheck step ran at the action's default severity, which
surfaces note-level style suggestions (SC2012, SC2015) and fails the
build. The repo's own `make lint` runs `shellcheck -S warning`, so align
CI with that established convention rather than rewriting the scripts.
At warning level the tree is clean.
@nixrajput nixrajput merged commit d0e262e into main Jun 29, 2026
2 checks passed
@nixrajput nixrajput deleted the chore/ci-workflows branch June 29, 2026 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant