docs: update workflow-docs and README to reference tazama-lf/workflows as canonical source#71
Merged
Sandy-at-Tazama merged 2 commits intodevfrom Apr 5, 2026
Merged
Conversation
…s as canonical source - Rewrite README: position as downstream mirror, document cascade from tazama-lf/workflows -> this repo -> 33 frmscoe rule repos, diff table vs tazama-lf, target repo list, updating instructions, workflow-docs index - Replace 13 existing stub docs with canonical redirect links to tazama-lf/workflows: codacy, codeql, conventional-commits, dco-check (known issue #37), dependency-review, gpg-verify, milestone, njsscan, nodejs (@frmscoe NPM_SCOPE note), release; dockerfile-linter and dockerhub-image-build noted as not present in frmscoe/workflows - Replace sync-workflows.md with full unique doc: push:dev trigger, 33 repos, no segmentation, caller stub stamping, frmscoe vs tazama-lf differences - Add 8 new docs: branch-target-check, release-train, version-check (redirect stubs); sbom (redirect + known issue #39); scorecard (redirect + sync note); package-rule, package-rule-rc, publish (frmscoe-specific full docs covering @frmscoe scope, caller stubs, rule_org)
github-actions
Bot
added
the
documentation
…ws.md Change single-column |----------| to two-column |----------|-------| to match the Property/Value header row (mirrors fix applied to tazama-lf/workflows in PR #41 review)
Sandy-at-Tazama
approved these changes
Apr 5, 2026
Justus-at-Tazama
added a commit
that referenced
this pull request
Apr 8, 2026
Applies all changes from tazama-lf/workflows PR #76 (workflow audit fixes - batch 1) to frmscoe/workflows. Changes are synced verbatim from the canonical source. - fix(njsscan): fix SARIF upload guard, category, upgrade upload-sarif v4 (#68) - fix(gpg-verify): make curl error handler reachable under bash -e (#69) - fix(dco-check, gpg-verify): replace mutable branch refs with immutable SHAs (#70) - fix(package-rule): add ref guard to prevent push from non-canonical branches (#71) - fix(gpg-verify): rename workflow to Signature Verify, update header comment (#72) - fix(package-rule): pass GH_TOKEN to docker build via BuildKit secret (#73) - fix(sbom): pass GH_TOKEN to docker build via BuildKit secret (#74) - fix(dockerfile-linter): skip hadolint and upload when no Dockerfile present (#75) - fix(dockerfile-linter, sbom): address CodeRabbit review findings Signed-off-by: Justus-at-Tazama <jortlepp@contractor.linuxfoundation.org>
Justus-at-Tazama
added a commit
that referenced
this pull request
Apr 8, 2026
Applies all changes from tazama-lf/workflows PR #76 (workflow audit fixes - batch 1) to frmscoe/workflows. Changes are synced verbatim from the canonical source. - fix(njsscan): fix SARIF upload guard, category, upgrade upload-sarif v4 (#68) - fix(gpg-verify): make curl error handler reachable under bash -e (#69) - fix(dco-check, gpg-verify): replace mutable branch refs with immutable SHAs (#70) - fix(package-rule): add ref guard to prevent push from non-canonical branches (#71) - fix(gpg-verify): rename workflow to Signature Verify, update header comment (#72) - fix(package-rule): pass GH_TOKEN to docker build via BuildKit secret (#73) - fix(sbom): pass GH_TOKEN to docker build via BuildKit secret (#74) - fix(dockerfile-linter): skip hadolint and upload when no Dockerfile present (#75) - fix(dockerfile-linter, sbom): address CodeRabbit review findings Signed-off-by: Justus-at-Tazama <jortlepp@contractor.linuxfoundation.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Rewrites all
workflow-docs/entries and theREADME.mdto correctly positionfrmscoe/workflowsas a downstream mirror oftazama-lf/workflows, which is the canonical source.Changes
README.md
tazama-lf/workflows → (manual PR) → frmscoe/workflows → (auto sync on push:dev) → 33 rule repostazama-lf/workflows(scope, trigger, segmentation, missing workflows)workflow-docs/ — 13 existing stubs replaced
codacy.mdcodeql.mdconventional-commits.mddco-check.mddependency-review.mddockerfile-linter.mddockerfile-linter.ymlin frmscoe)dockerhub-image-build.mddockerhub-image-build.ymlin frmscoe)gpg-verify.mdmilestone.mdnjsscan.mdnodejs.mdNPM_SCOPE=@frmscoe, not synced to target reposrelease.mdsync-workflows.mdpush: devtrigger, 33 repos, no segmentation, caller stub stamping, frmscoe vs tazama-lf differencesworkflow-docs/ — 8 new files
branch-target-check.mdrelease-train.mdversion-check.mdsbom.mdscorecard.mdPUBLISH_REPOSexclusion in frmscoe syncpublish.md@frmscoescope, dist-tag logic, secrets, sync distributionpackage-rule.mdfrmscoe/workflows,rule_org: "frmscoe"package-rule-rc.mdpush: dev, caller stub formatTesting
Documentation-only change — no workflow logic modified.