chore: import upstream snapshot with attribution
Code Quality / Python Lint & Format (push) Has been cancelled
Code Quality / Python Tests (push) Has been cancelled
Code Quality / JavaScript/TypeScript Lint (advisory) (push) Has been cancelled
Security Scan / CodeQL Analysis (python) (push) Has been cancelled
Security Scan / Dependency Review (push) Has been cancelled
Security Scan / CodeQL Analysis (javascript-typescript) (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:43:57 +08:00
commit 3fbbd7970c
12165 changed files with 1331979 additions and 0 deletions
+94
View File
@@ -0,0 +1,94 @@
name: Code Quality
on:
push:
branches:
- main
paths:
- '**.py'
- '**.ts'
- '**.js'
- 'pyproject.toml'
- '.eslintrc.json'
- '.github/workflows/code-quality.yml'
pull_request:
branches:
- main
paths:
- '**.py'
- '**.ts'
- '**.js'
- 'pyproject.toml'
- '.eslintrc.json'
- '.github/workflows/code-quality.yml'
permissions:
contents: read
jobs:
python-quality:
name: Python Lint & Format
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install linters
run: python -m pip install --upgrade ruff black
# Enforced: the maintained shared utilities module must stay clean.
- name: Ruff lint (shared utilities)
run: ruff check shared/
- name: Black format check (shared utilities)
run: black --check shared/
# Advisory: surface issues across the rest of the curriculum without
# failing the build (lesson samples are intentionally kept simple).
- name: Ruff lint (full repository, advisory)
continue-on-error: true
run: ruff check .
python-tests:
name: Python Tests
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install test dependencies
run: python -m pip install pytest openai requests python-dotenv
- name: Run pytest (shared utilities)
run: pytest tests/
js-quality:
name: JavaScript/TypeScript Lint (advisory)
runs-on: ubuntu-latest
# Advisory only: educational samples are not held to strict lint rules.
continue-on-error: true
steps:
- name: Checkout repository
uses: actions/checkout@v7
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install ESLint
run: npm install --no-save eslint@8 @typescript-eslint/parser @typescript-eslint/eslint-plugin
- name: Run ESLint
run: npx eslint . --ext .js,.ts
+17
View File
@@ -0,0 +1,17 @@
name: Lock closed issue
on:
issues:
types: [closed]
permissions:
contents: read
issues: write
jobs:
lock:
runs-on: ubuntu-latest
steps:
- uses: OSDKDev/lock-issues@v1.2
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
+60
View File
@@ -0,0 +1,60 @@
name: Security Scan
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
# Weekly scan every Monday at 06:00 UTC
- cron: '0 6 * * 1'
permissions:
contents: read
jobs:
codeql:
name: CodeQL Analysis
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: false
matrix:
language:
- javascript-typescript
- python
steps:
- name: Checkout repository
uses: actions/checkout@v7
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
# Dependency review only runs on pull requests.
if: github.event_name == 'pull_request'
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v7
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
comment-summary-in-pr: on-failure
+30
View File
@@ -0,0 +1,30 @@
# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
#
# You can adjust the behavior by modifying this file.
# For more information, see:
# https://github.com/actions/stale
name: Mark stale issues and pull requests
on:
schedule:
- cron: '35 8 * * *'
permissions:
issues: write
pull-requests: write
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v10
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue has not seen any action for a while! Closing for now, but it can be reopened at a later date.'
stale-pr-message: 'This PR has not seen any action for a while! Closing for now, but it can be reopened at a later date.'
stale-issue-label: 'no-issue-activity'
stale-pr-label: 'no-pr-activity'
days-before-stale: 30 # Added parameter to control inactivity period
days-before-close: 7 # Optional: Time after marking stale before closing
+106
View File
@@ -0,0 +1,106 @@
name: Validate Markdown
on:
# Trigger the workflow on pull request
pull_request:
branches:
- main
paths:
- '**.md'
- '**.ipynb'
- '!translations/**'
- '!translated_images/**'
permissions:
contents: read
pull-requests: write
jobs:
check-broken-paths:
name: Check Broken Relative Paths
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v7
- name: Check broken Paths
id: check-broken-paths
uses: john0isaac/action-check-markdown@v1.3.1
with:
command: check_broken_paths
directory: ./
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
github-token: ${{ secrets.GITHUB_TOKEN }}
check-paths-tracking:
if: ${{ always() }}
needs: check-broken-paths
name: Check Paths Have Tracking
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v7
- name: Run Check paths tracking
id: check-paths-tracking
uses: john0isaac/action-check-markdown@v1.3.1
with:
command: check_paths_tracking
directory: ./
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
github-token: ${{ secrets.GITHUB_TOKEN }}
check-urls-tracking:
if: ${{ always() }}
needs: check-paths-tracking
name: Check URLs Have Tracking
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v7
with:
fetch-depth: 0
- name: Collect changed markdown files
id: changed-markdown-files
run: |
mapfile -d '' -t files < <(git diff --name-only -z --diff-filter=ACMR "${{ github.event.pull_request.base.sha }}"..."${{ github.event.pull_request.head.sha }}" -- '**.md' '**.ipynb' ':(exclude)translations/**' ':(exclude)translated_images/**')
if [ ${#files[@]} -eq 0 ]; then
echo "has_files=false" >> "$GITHUB_OUTPUT"
exit 0
fi
printf '%s\0' "${files[@]}" > changed_markdown_files.txt
echo "has_files=true" >> "$GITHUB_OUTPUT"
- name: Run Check URLs tracking
if: steps.changed-markdown-files.outputs.has_files == 'true'
run: |
python -m pip install --upgrade pip
python -m pip install markdown-checker
mapfile -d '' -t files < changed_markdown_files.txt
markdown-checker -f check_urls_tracking --guide-url 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md' "${files[@]}"
check-urls-locale:
if: ${{ always() }}
needs: check-urls-tracking
name: Check URLs Don't Have Locale
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v7
- name: Run Check URLs Country Locale
id: check-urls-locale
uses: john0isaac/action-check-markdown@v1.3.1
with:
command: check_urls_locale
directory: ./
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
github-token: ${{ secrets.GITHUB_TOKEN }}
check-broken-urls:
if: ${{ always() }}
name: Check Broken URLs
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v7
- name: Run Check Broken URLs
id: check-broken-urls
uses: john0isaac/action-check-markdown@v1.3.1
with:
command: check_broken_urls
directory: ./
guide-url: 'https://github.com/microsoft/generative-ai-for-beginners/blob/main/CONTRIBUTING.md'
github-token: ${{ secrets.GITHUB_TOKEN }}
+34
View File
@@ -0,0 +1,34 @@
name: Welcome to the Microsoft Generative AI
on:
# Trigger the workflow on new issue
issues:
types: [opened]
permissions:
contents: read
issues: write
jobs:
assess-issue:
runs-on: ubuntu-latest
steps:
- name: Add Label and thanks comment to Issue
uses: actions/github-script@v9
with:
script: |
const issueAuthor = context.payload.sender.login
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['needs-review']
})
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `👋 Thanks for contributing @${ issueAuthor }! We will review the issue and get back to you soon.`
})
- name: Auto-assign issue
uses: pozil/auto-assign-issue@v4
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
assignees: koreyspace
+34
View File
@@ -0,0 +1,34 @@
name: Welcome to the Microsoft Generative AI
on:
# Trigger the workflow on pull request
pull_request_target:
types: [opened]
permissions:
contents: read
pull-requests: write
jobs:
assess-pull-request:
runs-on: ubuntu-latest
steps:
- name: Add Label and thanks comment to Pull request
uses: actions/github-script@v9
with:
script: |
const issueAuthor = context.payload.sender.login
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['needs-review']
})
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `👋 Thanks for contributing @${ issueAuthor }! We will review the pull request and get back to you soon.`
})
- name: Auto-assign pull request
uses: pozil/auto-assign-issue@v4
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
assignees: koreyspace