Skip to content

chore: sync repository standards#824

Merged
marcusburghardt merged 4 commits intomainfrom
sync-repo-standards-20260417114025
Apr 20, 2026
Merged

chore: sync repository standards#824
marcusburghardt merged 4 commits intomainfrom
sync-repo-standards-20260417114025

Conversation

@marcusburghardt
Copy link
Copy Markdown
Contributor

@marcusburghardt marcusburghardt commented Apr 17, 2026

This PR synchronizes repository standards from org-infra.

Files Updated

  • .github/workflows/ci_dependencies.yml
  • .github/workflows/ci_security.yml
  • .mega-linter.yml
  • .yamllint.yml
  • .github/dependabot.yml

Description

This is an automated PR to ensure repository settings are consistent across the organization.

This PR was automatically generated by the sync_org_repositories workflow.

@marcusburghardt
chore: sync repository standards
4ced2ce 
Updated files:
- .github/workflows/ci_dependencies.yml
- .github/workflows/ci_security.yml
- .mega-linter.yml
- .yamllint.yml
- .github/dependabot.yml
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 17, 2026
View reviewed changes
Comment thread .github/workflows/ci_security.yml Dismissed
Comment thread .github/workflows/ci_security.yml Dismissed
Comment thread .github/workflows/ci_security.yml Dismissed
@marcusburghardt
chore: sync repository standards
d8e2070 
Updated files:
- .github/dependabot.yml
@marcusburghardt marcusburghardt mentioned this pull request Apr 17, 2026
Merged
hbraswelrh
hbraswelrh reviewed Apr 17, 2026
View reviewed changes
Comment thread .github/workflows/ci_security.yml Outdated
marcusburghardt added a commit to marcusburghardt/org-infra that referenced this pull request Apr 17, 2026
@marcusburghardt
fix: enable Trivy source scanning by removing stale TODO
14b398f 
The reusable_vuln_scan.yml workflow has been on main since it was
merged, making the TODO condition satisfied. Uncomment the with
block to enable Trivy source scanning (secrets + misconfig) for
all repos that consume ci_security.yml.

Reported-by: @hbraswelrh (complytime/complyscribe#824)
Assisted-by: OpenCode (claude-opus-4-6)
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt marcusburghardt mentioned this pull request Apr 17, 2026
Merged
sonupreetam
sonupreetam reviewed Apr 20, 2026
View reviewed changes
Comment thread .yamllint.yml
# Jinja-templated YAML files are not valid YAML
- tests/data/content_dir/linux_os/

# https://yamllint.readthedocs.io/en/stable/rules.html
Copy link
Copy Markdown
Contributor

@sonupreetam sonupreetam Apr 20, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marcusburghardt .yamllint.yml removes the ignore for tests/data/content_dir/linux_os/; those files are not valid YAML (Jinja). YAML_YAMLLINT / yamllint will fail (e.g. syntax error on {{% in file_groupownership_sshd_private_key/rule.yml) which is in the tests/data linux os guide folder.

Copy link
Copy Markdown
Contributor Author

@marcusburghardt marcusburghardt Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. Let me exclude this file for now in complyscribe. Thanks

sonupreetam
sonupreetam reviewed Apr 20, 2026
View reviewed changes
Comment thread .github/workflows/ci_security.yml Outdated
marcusburghardt added a commit to complytime/org-infra that referenced this pull request Apr 20, 2026
@marcusburghardt
fix: enable Trivy source scanning by removing stale TODO
ea33a34 
The reusable_vuln_scan.yml workflow has been on main since it was
merged, making the TODO condition satisfied. Uncomment the with
block to enable Trivy source scanning (secrets + misconfig) for
all repos that consume ci_security.yml.

Reported-by: @hbraswelrh (complytime/complyscribe#824)
Assisted-by: OpenCode (claude-opus-4-6)
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
chore: sync repository standards
a54b5fd 
Updated files:
- .github/workflows/ci_dependencies.yml
- .github/workflows/ci_security.yml
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Apr 20, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@marcusburghardt
Copy link
Copy Markdown
Contributor Author

marcusburghardt commented Apr 20, 2026

This is actually to help with the dependencies management, which is related to the trivy scan in CI.

@hbraswelrh
Copy link
Copy Markdown
Member

hbraswelrh commented Apr 20, 2026

.yamllint.yml — Removing ignore for Jinja-templated YAML files

The ignore block for tests/data/content_dir/linux_os/ was removed in this PR, but that directory still contains Jinja2-templated YAML files (e.g., {{% set ... %}}, {{{ ... }}}) which are not valid YAML and will fail yamllint parsing.

This ignore was added intentionally (commit 7da8ca1) with a comment explaining why. Removing it will cause yamllint failures when:

  • A developer runs yamllint . locally
  • Mega-linter performs a full-repo scan (e.g., on push to main)

Suggestion: Restore the ignore block, or add tests/data/content_dir/linux_os/ to mega-linter's ADDITIONAL_EXCLUDED_DIRECTORIES in .mega-linter.yml.

@marcusburghardt
fix: restore yamllint ignore for Jinja-templated YAML files
1c1601d 
The ignore block for tests/data/content_dir/linux_os/ was incorrectly
removed during the repository standards sync. These Jinja-templated
YAML files are not valid YAML and must remain excluded from linting.

Assisted-by: OpenCode (claude-opus-4-6)
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
hbraswelrh
hbraswelrh approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@hbraswelrh hbraswelrh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks @marcusburghardt for the fixes.

@marcusburghardt marcusburghardt dismissed sonupreetam’s stale review April 20, 2026 15:59

Requested changes were already addressed.

@marcusburghardt marcusburghardt merged commit 9510c85 into main Apr 20, 2026
20 of 21 checks passed
@marcusburghardt marcusburghardt deleted the sync-repo-standards-20260417114025 branch April 20, 2026 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hbraswelrh hbraswelrh hbraswelrh approved these changes

@sonupreetam sonupreetam sonupreetam left review comments

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marcusburghardt @github-advanced-security @hbraswelrh @sonupreetam