Skip to content

feat (ci): CPLYTM-1362 adopt workflows from org-infra#3

Merged
sonupreetam merged 2 commits intocomplytime:mainfrom
sonupreetam:add-org-infra-workflows
Mar 24, 2026
Merged

feat (ci): CPLYTM-1362 adopt workflows from org-infra#3
sonupreetam merged 2 commits intocomplytime:mainfrom
sonupreetam:add-org-infra-workflows

Conversation

@sonupreetam
Copy link
Contributor

@sonupreetam sonupreetam commented Mar 17, 2026
edited
Loading

Summary

Test plan

  • Verify ci_checks workflow triggers on PR and runs MegaLinter
  • Verify ci_dependencies workflow triggers on PR
  • Verify ci_security workflow triggers on PR (OSV-Scanner + Scorecards)
  • Verify ci_scheduled workflow appears in Actions tab with daily cron

@sonupreetam
feat(ci): adopt org-wide standardized workflows from org-infra
8d835f3 
Add the four reusable workflow callers that every other repo in the
complytime org already uses. These run alongside the existing
website-specific workflows without overlap.

- ci_checks.yml: MegaLinter + PR title validation
- ci_dependencies.yml: dependency review + Dependabot auto-approve
- ci_security.yml: OSV-Scanner + OpenSSF Scorecards
- ci_scheduled.yml: daily scheduled security scans

Signed-off-by: Sonu Preetam <spreetam@redhat.com>
@github-advanced-security
Copy link

github-advanced-security bot commented Mar 17, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 17, 2026
View reviewed changes
.github/workflows/ci_checks.yml
jobs:
call_reusable_ci:
name: Standardized CI
uses: complytime/org-infra/.github/workflows/reusable_ci.yml@main

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Remediation tip: update your workflow using https://app.stepsecurity.io
Click Remediation section below for further remediation help
.github/workflows/ci_dependencies.yml
jobs:
call_deps_reviewer:
name: General
uses: complytime/org-infra/.github/workflows/reusable_deps_reviewer.yml@main

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Remediation tip: update your workflow using https://app.stepsecurity.io
Click Remediation section below for further remediation help
.github/workflows/ci_dependencies.yml

call_dependabot_reviewer:
name: Dependabot
uses: complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml@main

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Remediation tip: update your workflow using https://app.stepsecurity.io
Click Remediation section below for further remediation help
.github/workflows/ci_scheduled.yml
actions: read
security-events: write
id-token: write
uses: complytime/org-infra/.github/workflows/reusable_scheduled.yml@main

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Remediation tip: update your workflow using https://app.stepsecurity.io
Click Remediation section below for further remediation help
.github/workflows/ci_security.yml
security-events: write
id-token: write
packages: write
uses: complytime/org-infra/.github/workflows/reusable_vuln_scan.yml@main

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Remediation tip: update your workflow using https://app.stepsecurity.io
Click Remediation section below for further remediation help
.github/workflows/ci_security.yml
contents: read
id-token: write
security-events: write
uses: complytime/org-infra/.github/workflows/reusable_security.yml@main

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Remediation tip: update your workflow using https://app.stepsecurity.io
Click Remediation section below for further remediation help
@sonupreetam sonupreetam changed the title ci: adopt org-wide standardized workflows from org-infra feat (ci): adopt workflows from org-infra Mar 17, 2026
marcusburghardt
marcusburghardt reviewed Mar 18, 2026
View reviewed changes
Copy link

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So far good Sonu. We only need to include some configuration files for the repository. e.g: https://github.com/complytime/website/actions/runs/23196304874/job/67405567945?pr=3

huiwangredhat
huiwangredhat reviewed Mar 23, 2026
View reviewed changes
Copy link
Member

@huiwangredhat huiwangredhat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Generally, LGTM after adding the file commitlint.config.js.

@sonupreetam
feat(sync): feedback - add config files
e5e815f 
Signed-off-by: Sonu Preetam <spreetam@redhat.com>
@sonupreetam sonupreetam changed the title feat (ci): adopt workflows from org-infra feat (ci): CPLYTM-1362 adopt workflows from org-infra Mar 23, 2026
marcusburghardt
marcusburghardt approved these changes Mar 24, 2026
View reviewed changes
Copy link

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marcusburghardt
Copy link

marcusburghardt commented Mar 24, 2026

The failure with "PR Title" seems to be already addressed but for any reason is still failing. Maybe a corner case when the title is changed later. In any case, this should not block this particular PR.

huiwangredhat
huiwangredhat approved these changes Mar 24, 2026
View reviewed changes
Copy link
Member

@huiwangredhat huiwangredhat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks @sonupreetam

@sonupreetam sonupreetam merged commit 8e47e27 into complytime:main Mar 24, 2026
10 of 12 checks passed
@sonupreetam sonupreetam deleted the add-org-infra-workflows branch March 24, 2026 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

@huiwangredhat huiwangredhat huiwangredhat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sonupreetam @marcusburghardt @huiwangredhat