felddy · felddy · Nov 25, 2024 · Apr 1, 2022 · Apr 1, 2022 · Apr 1, 2022
@@ -1,10 +1,9 @@
 ---
-# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
-# for a list of the configuration elements that can exist in this
-# file.
+# See https://ansible-lint.readthedocs.io/configuring/ for a list of
+# the configuration elements that can exist in this file.
 enable_list:
   # Useful checks that one must opt-into.  See here for more details:
-  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  # https://ansible-lint.readthedocs.io/rules/
   - fcqn-builtins
   - no-log-password
   - no-same-owner

@@ -3,7 +3,7 @@
 # https://bandit.readthedocs.io/en/latest/config.html
 
 # Tests are first included by `tests`, and then excluded by `skips`.
-# If `tests` is empty, all tests are are considered included.
+# If `tests` is empty, all tests are considered included.
 
 tests:
 # - B101

@@ -1,9 +1,13 @@
 ---
 
-version: 2
+# Any ignore directives should be uncommented in downstream projects to disable
+# Dependabot updates for the given dependency. Downstream projects will get
+# these updates when the pull request(s) in the appropriate skeleton are merged
+# and Lineage processes these changes.
+
 updates:
-  - package-ecosystem: "docker"
-    directory: "/"
+  - directory: /
+    package-ecosystem: docker
     schedule:
       interval: "daily"
     labels:
@@ -30,8 +34,8 @@ updates:
         patterns:
           - "*"
 
-  - package-ecosystem: "pip"
-    directory: "/"
+  - directory: /
+    package-ecosystem: pip
     schedule:
       interval: "daily"
     labels:

@@ -5,7 +5,9 @@ name: Build
 on:
   push:
     branches:
-      - '**'
+      - "**"
+    tags:
+      - "v*.*.*"
   pull_request:
   release:
     types: [edited, published]

@@ -17,7 +17,8 @@ on:
     branches: [develop]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [develop]
+    branches:
+      - develop
   schedule:
     - cron: '31 7 * * 2'
 
@@ -26,8 +27,27 @@ permissions:
   contents: read
 
 jobs:
+  diagnostics:
+    name: Run diagnostics
+    runs-on: ubuntu-latest
+    steps:
+      # Note that a duplicate of this step must be added at the top of
+      # each job.
+      - id: harden-runner
+        name: Harden the runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+      - id: github-status
+        name: Check GitHub status
+        uses: crazy-max/ghaction-github-status@v3
+      - id: dump-context
+        name: Dump context
+        uses: crazy-max/ghaction-dump-context@v2
   analyze:
     name: Analyze
+    needs:
+      - diagnostics
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -58,9 +78,11 @@ jobs:
         with:
           languages: ${{ matrix.language }}
 
+      # Autobuild attempts to build any compiled languages (C/C++, C#, or
       # Autobuild attempts to build any compiled languages (C/C++, C#, or
       # Java). If this step fails, then you should remove it and run the build
       # manually (see below).
+      # manually (see below).
       - name: Autobuild
         uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6  # tag=codeql-bundle-v3.26.5
 
@@ -70,10 +92,14 @@ jobs:
       # ✏️ If the Autobuild fails above, remove it and uncomment the following
       #    three lines and modify them (or add more) to build your code if your
       #    project uses a compiled language
+      #    three lines and modify them (or add more) to build your code if your
+      #    project uses a compiled language
 
       # - run: |
       #     make bootstrap
       #     make release
+      #     make bootstrap
+      #     make release
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6  # tag=codeql-bundle-v3.26.5
@@ -45,11 +45,7 @@ MD035:
   # Enforce dashes for horizontal rules
   style: "---"
 
-# MD041/first-line-heading
-# Allow the first line to be something other than a top-level heading
-MD041: false
-
-# MD046/code-block-style Code block style
+# MD046/code-block-style - Code block style
 MD046:
   # Enforce the fenced style for code blocks
   style: "fenced"