chore: import upstream snapshot with attribution
Code Quality / Python Lint & Format (push) Has been cancelled
Code Quality / Python Tests (push) Has been cancelled
Code Quality / JavaScript/TypeScript Lint (advisory) (push) Has been cancelled
Security Scan / CodeQL Analysis (python) (push) Has been cancelled
Security Scan / Dependency Review (push) Has been cancelled
Security Scan / CodeQL Analysis (javascript-typescript) (push) Has been cancelled
Code Quality / Python Lint & Format (push) Has been cancelled
Code Quality / Python Tests (push) Has been cancelled
Code Quality / JavaScript/TypeScript Lint (advisory) (push) Has been cancelled
Security Scan / CodeQL Analysis (python) (push) Has been cancelled
Security Scan / Dependency Review (push) Has been cancelled
Security Scan / CodeQL Analysis (javascript-typescript) (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,94 @@
|
||||
name: Code Quality
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.py'
|
||||
- '**.ts'
|
||||
- '**.js'
|
||||
- 'pyproject.toml'
|
||||
- '.eslintrc.json'
|
||||
- '.github/workflows/code-quality.yml'
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.py'
|
||||
- '**.ts'
|
||||
- '**.js'
|
||||
- 'pyproject.toml'
|
||||
- '.eslintrc.json'
|
||||
- '.github/workflows/code-quality.yml'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
python-quality:
|
||||
name: Python Lint & Format
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v7
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Install linters
|
||||
run: python -m pip install --upgrade ruff black
|
||||
|
||||
# Enforced: the maintained shared utilities module must stay clean.
|
||||
- name: Ruff lint (shared utilities)
|
||||
run: ruff check shared/
|
||||
|
||||
- name: Black format check (shared utilities)
|
||||
run: black --check shared/
|
||||
|
||||
# Advisory: surface issues across the rest of the curriculum without
|
||||
# failing the build (lesson samples are intentionally kept simple).
|
||||
- name: Ruff lint (full repository, advisory)
|
||||
continue-on-error: true
|
||||
run: ruff check .
|
||||
|
||||
python-tests:
|
||||
name: Python Tests
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v7
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Install test dependencies
|
||||
run: python -m pip install pytest openai requests python-dotenv
|
||||
|
||||
- name: Run pytest (shared utilities)
|
||||
run: pytest tests/
|
||||
|
||||
|
||||
js-quality:
|
||||
name: JavaScript/TypeScript Lint (advisory)
|
||||
runs-on: ubuntu-latest
|
||||
# Advisory only: educational samples are not held to strict lint rules.
|
||||
continue-on-error: true
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v7
|
||||
|
||||
- name: Set up Node.js
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '20'
|
||||
|
||||
- name: Install ESLint
|
||||
run: npm install --no-save eslint@8 @typescript-eslint/parser @typescript-eslint/eslint-plugin
|
||||
|
||||
- name: Run ESLint
|
||||
run: npx eslint . --ext .js,.ts
|
||||
@@ -0,0 +1,17 @@
|
||||
name: Lock closed issue
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [closed]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
issues: write
|
||||
|
||||
jobs:
|
||||
lock:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: OSDKDev/lock-issues@v1.2
|
||||
with:
|
||||
repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
||||
@@ -0,0 +1,60 @@
|
||||
name: Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
schedule:
|
||||
# Weekly scan every Monday at 06:00 UTC
|
||||
- cron: '0 6 * * 1'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
codeql:
|
||||
name: CodeQL Analysis
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
security-events: write
|
||||
actions: read
|
||||
contents: read
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language:
|
||||
- javascript-typescript
|
||||
- python
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v7
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v3
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v3
|
||||
with:
|
||||
category: "/language:${{ matrix.language }}"
|
||||
|
||||
dependency-review:
|
||||
name: Dependency Review
|
||||
runs-on: ubuntu-latest
|
||||
# Dependency review only runs on pull requests.
|
||||
if: github.event_name == 'pull_request'
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v7
|
||||
|
||||
- name: Dependency Review
|
||||
uses: actions/dependency-review-action@v4
|
||||
with:
|
||||
comment-summary-in-pr: on-failure
|
||||
@@ -0,0 +1,30 @@
|
||||
# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
|
||||
#
|
||||
# You can adjust the behavior by modifying this file.
|
||||
# For more information, see:
|
||||
# https://github.com/actions/stale
|
||||
name: Mark stale issues and pull requests
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '35 8 * * *'
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
stale:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/stale@v10
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
stale-issue-message: 'This issue has not seen any action for a while! Closing for now, but it can be reopened at a later date.'
|
||||
stale-pr-message: 'This PR has not seen any action for a while! Closing for now, but it can be reopened at a later date.'
|
||||
stale-issue-label: 'no-issue-activity'
|
||||
stale-pr-label: 'no-pr-activity'
|
||||
days-before-stale: 30 # Added parameter to control inactivity period
|
||||
days-before-close: 7 # Optional: Time after marking stale before closing
|
||||
@@ -0,0 +1,106 @@
|
||||
name: Validate Markdown
|
||||
|
||||
on:
|
||||
# Trigger the workflow on pull request
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- '**.md'
|
||||
- '**.ipynb'
|
||||
- '!translations/**'
|
||||
- '!translated_images/**'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
check-broken-paths:
|
||||
name: Check Broken Relative Paths
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@v7
|
||||
- name: Check broken Paths
|
||||
id: check-broken-paths
|
||||
uses: john0isaac/action-check-markdown@v1.3.1
|
||||
with:
|
||||
command: check_broken_paths
|
||||
directory: ./
|
||||
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
check-paths-tracking:
|
||||
if: ${{ always() }}
|
||||
needs: check-broken-paths
|
||||
name: Check Paths Have Tracking
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@v7
|
||||
- name: Run Check paths tracking
|
||||
id: check-paths-tracking
|
||||
uses: john0isaac/action-check-markdown@v1.3.1
|
||||
with:
|
||||
command: check_paths_tracking
|
||||
directory: ./
|
||||
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
check-urls-tracking:
|
||||
if: ${{ always() }}
|
||||
needs: check-paths-tracking
|
||||
name: Check URLs Have Tracking
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@v7
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Collect changed markdown files
|
||||
id: changed-markdown-files
|
||||
run: |
|
||||
mapfile -d '' -t files < <(git diff --name-only -z --diff-filter=ACMR "${{ github.event.pull_request.base.sha }}"..."${{ github.event.pull_request.head.sha }}" -- '**.md' '**.ipynb' ':(exclude)translations/**' ':(exclude)translated_images/**')
|
||||
if [ ${#files[@]} -eq 0 ]; then
|
||||
echo "has_files=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
printf '%s\0' "${files[@]}" > changed_markdown_files.txt
|
||||
echo "has_files=true" >> "$GITHUB_OUTPUT"
|
||||
- name: Run Check URLs tracking
|
||||
if: steps.changed-markdown-files.outputs.has_files == 'true'
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install markdown-checker
|
||||
mapfile -d '' -t files < changed_markdown_files.txt
|
||||
markdown-checker -f check_urls_tracking --guide-url 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md' "${files[@]}"
|
||||
check-urls-locale:
|
||||
if: ${{ always() }}
|
||||
needs: check-urls-tracking
|
||||
name: Check URLs Don't Have Locale
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@v7
|
||||
- name: Run Check URLs Country Locale
|
||||
id: check-urls-locale
|
||||
uses: john0isaac/action-check-markdown@v1.3.1
|
||||
with:
|
||||
command: check_urls_locale
|
||||
directory: ./
|
||||
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
check-broken-urls:
|
||||
if: ${{ always() }}
|
||||
name: Check Broken URLs
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@v7
|
||||
- name: Run Check Broken URLs
|
||||
id: check-broken-urls
|
||||
uses: john0isaac/action-check-markdown@v1.3.1
|
||||
with:
|
||||
command: check_broken_urls
|
||||
directory: ./
|
||||
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -0,0 +1,34 @@
|
||||
name: Welcome to the Microsoft Generative AI
|
||||
on:
|
||||
# Trigger the workflow on new issue
|
||||
issues:
|
||||
types: [opened]
|
||||
permissions:
|
||||
contents: read
|
||||
issues: write
|
||||
jobs:
|
||||
assess-issue:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Add Label and thanks comment to Issue
|
||||
uses: actions/github-script@v9
|
||||
with:
|
||||
script: |
|
||||
const issueAuthor = context.payload.sender.login
|
||||
github.rest.issues.addLabels({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
labels: ['needs-review']
|
||||
})
|
||||
github.rest.issues.createComment({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
body: `👋 Thanks for contributing @${ issueAuthor }! We will review the issue and get back to you soon.`
|
||||
})
|
||||
- name: Auto-assign issue
|
||||
uses: pozil/auto-assign-issue@v4
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
assignees: koreyspace
|
||||
@@ -0,0 +1,34 @@
|
||||
name: Welcome to the Microsoft Generative AI
|
||||
on:
|
||||
# Trigger the workflow on pull request
|
||||
pull_request_target:
|
||||
types: [opened]
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
jobs:
|
||||
assess-pull-request:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Add Label and thanks comment to Pull request
|
||||
uses: actions/github-script@v9
|
||||
with:
|
||||
script: |
|
||||
const issueAuthor = context.payload.sender.login
|
||||
github.rest.issues.addLabels({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
labels: ['needs-review']
|
||||
})
|
||||
github.rest.issues.createComment({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
body: `👋 Thanks for contributing @${ issueAuthor }! We will review the pull request and get back to you soon.`
|
||||
})
|
||||
- name: Auto-assign pull request
|
||||
uses: pozil/auto-assign-issue@v4
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
assignees: koreyspace
|
||||
Reference in New Issue
Block a user