🏗️ jm-github-standards

    │    

    │    

 

---

This repository is the Central Governance & CI/CD Engine for my GitHub ecosystem. It provides reusable workflows and serves as the authoritative blueprint for language-specific projects (Python, Rust, C++, etc.).

🚀 Centralized Shared Workflows

These workflows are designed to be called from downstream repositories to ensure a consistent high-standard quality gate:

• shared-megalinter: The primary linting engine (supporting 70+ linters).
• shared-governance: Enforces PR standards, commit linting, and project integrity.
• shared-codeql-analysis: Centralized security scanning.
• shared-scorecard: Evaluates OSSF security best practices.
• shared-reuse: Validates license compliance.
• shared-maintenance: Automates stale issue handling and repo hygiene.
• shared-dependabot-merge: Orchestrates secure dependency updates.
• sync-labels: A specialized workflow to keep labels consistent across all repositories.
• shared-docs-validation: Validates documentation consistency and quality.

🚀 Key Features & Workflow Bundles

• 🚀 Pipeline: Automated CI with MegaLinter, REUSE compliance, CodeQL, and Docs-validation.
• ⚖️ Governance: PR Analysis (Commitlint), Dependency Review, and automated Issue processing.
• 🧼 Maintenance: Stale-issue handling and Repo-Linting for consistent project structures.
• 🤖 Automation: Automated docs-deployment via MkDocs and Dependabot orchestration.

📋 The Blueprint Concept

Beyond shared actions, this repository provides standardized configurations to be mirrored in new projects:

• Tooling: Modern stacks using uv (Python), pnpm (Node), and go-task.
• Documentation: A high-end MkDocs setup with multi-language support and strict link validation.
• Community: Best-practice templates for Issues, Discussions, and Contributing guidelines.

Prerequisites

Ensure you have the following installed:

• uv (Python management)
• pnpm (Node management)
• go-task (Task runner)

🛠️ Local Development & Quick Start

To contribute or test these standards locally, we use Taskfile to automate the environment.

  git clone https://github.com/jmuelbert/jm-github-standards.git
  cd jm-github-standards
  task setup       # Install all local dev dependencies
  task lint        # Run all local linters and quality checks
  task docs:serve  # Preview documentation at localhost:8090

🔗 Integration Example

To inherit these standards in a downstream project, use the following pattern in .github/workflows/standards.yml:.

jobs:
  quality:
    uses: jmuelbert/jm-github-standards/.github/workflows/shared-megalinter.yml@main
  security:
    uses: jmuelbert/jm-github-standards/.github/workflows/shared-codeql-analysis.yml@main

---

🔐 Security & Permissions

All shared workflows use Step-Security Harden Runner to monitor network egress.

Important

Some automation tasks (like syncing labels across repositories) require a Fine-grained Personal Access Token (PAT) named SYSTEM_LABEL_SYNC_ACTION with Issues: Read/Write permissions.

---

📚 Documentation & Support

• Discussions: Have a question or an idea? Join our Discussions for community discussions and support.

• Contributing: Check out our Contributing Guidelines and Code of Conduct.

• Security: Report vulnerabilities via our Security Policy.

---

⚖️ License

This project follows a dual-licensing strategy:

• Code & Workflows: Licensed under the European Public License 1.2.
• Documentation: Licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
• Compliance: REUSE compliant