Skip to content

Pipeline Automation

Jack Edwards edited this page Apr 12, 2026 · 8 revisions

Repository CI/CD Introduction

This repository uses several tools to scan code, commits and dependencies. These are primarily driven through the use of PR checks and deployment runs using GitHub actions.

The aim is to use free and open source tools wherever possible to detect bugs, vulnerabilities and codesmells as early as possible before any changes are merged to main. Renovate and Dependabot are both in use to automatically bump dependencies via PRs, so version bumps are not necessary unless you have an opinion on the matter of course.

If you wish to contribute, please read the contributing.md file in the repository for details on what tooling you will need to make sure your PRs will merge successfully.

Checking PRs

The security checks and summary action that provide results are triggered by you setting your PR to Ready for Review.

Note

This can be reversed and triggered again if you commit changes ahead of your PRs latest action run.

Tip

Run the tooling locally on your changes first, for a faster feedback loop than PRs give you.

Caution

A PR with an unfixed vulnerability of medium severity or higher will be blocked from merging, unless fixed or justified to a CODEOWNER.

Tooling

This is a list of tooling used by this repository:

Capability Tools
File linting Super Linter
Commit Standardisation Conventional Commits
Code Bugs CodeQL semgrep
Container Vulnerabiltiies Grype Scout Trivy
Static Asset Deployment Custom S3/CLI R2 Action
Container Deployment Google Cloud Build
Versioning Semver via Tag action by anothrNick

Clone this wiki locally