Skip to content

Commit 9af626b

Browse files
EldergenixEldergenix
authored andcommitted
Initial Eldergenix public release
0 parents  commit 9af626b

140 files changed

Lines changed: 14675 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.editorconfig

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
root = true
2+
3+
[*]
4+
charset = utf-8
5+
end_of_line = lf
6+
insert_final_newline = true
7+
indent_style = space
8+
indent_size = 4
9+
trim_trailing_whitespace = true
10+
11+
[*.md]
12+
trim_trailing_whitespace = false
13+
14+
[*.{yml,yaml,json,toml}]
15+
indent_size = 2

.env.example

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
RUNBOOK_GUARD_ENV=development
2+
RUNBOOK_GUARD_HOST=0.0.0.0
3+
RUNBOOK_GUARD_PORT=8080
4+
RUNBOOK_GUARD_LOG_LEVEL=INFO
5+
RUNBOOK_GUARD_DEFAULT_DRY_RUN=true
6+
RUNBOOK_GUARD_AUDIT_DIR=artifacts/audits
7+
RUNBOOK_GUARD_POLICY_FILE=configs/policies/policy.example.toml
8+
RUNBOOK_GUARD_CAPABILITY_BUDGETS_FILE=configs/policies/capability-budgets.example.toml
9+
RUNBOOK_GUARD_APPROVALS_FILE=configs/policies/approvals.example.toml
10+
RUNBOOK_GUARD_ENABLE_OTEL=false

.gitattributes

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
* text=auto eol=lf
2+
*.sh text eol=lf
3+
*.ps1 text eol=crlf
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
name: Bug report
2+
description: Report a defect in runbook-guard
3+
title: "[bug] "
4+
labels: ["bug"]
5+
body:
6+
- type: textarea
7+
id: summary
8+
attributes:
9+
label: Summary
10+
validations:
11+
required: true
12+
- type: textarea
13+
id: steps
14+
attributes:
15+
label: Steps to reproduce
16+
validations:
17+
required: true
18+
- type: textarea
19+
id: expected
20+
attributes:
21+
label: Expected behavior
22+
validations:
23+
required: true
24+
- type: textarea
25+
id: actual
26+
attributes:
27+
label: Actual behavior
28+
validations:
29+
required: true
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
name: Feature request
2+
description: Request a feature for runbook-guard
3+
title: "[feature] "
4+
labels: ["enhancement"]
5+
body:
6+
- type: textarea
7+
id: problem
8+
attributes:
9+
label: Problem
10+
validations:
11+
required: true
12+
- type: textarea
13+
id: proposal
14+
attributes:
15+
label: Proposed solution
16+
validations:
17+
required: true
18+
- type: textarea
19+
id: acceptance
20+
attributes:
21+
label: Acceptance criteria
22+
validations:
23+
required: true

.github/dependabot.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "pip"
4+
directory: "/"
5+
schedule:
6+
interval: "weekly"
7+
open-pull-requests-limit: 10
8+
- package-ecosystem: "github-actions"
9+
directory: "/"
10+
schedule:
11+
interval: "weekly"
12+
open-pull-requests-limit: 10

.github/workflows/cd.yml

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
name: Release
2+
3+
on:
4+
push:
5+
tags:
6+
- "v*"
7+
8+
jobs:
9+
build:
10+
name: Build distribution
11+
runs-on: ubuntu-latest
12+
permissions:
13+
contents: read
14+
15+
steps:
16+
- name: Checkout
17+
uses: actions/checkout@v4
18+
19+
- name: Setup Python
20+
uses: actions/setup-python@v5
21+
with:
22+
python-version: "3.12"
23+
24+
- name: Setup uv
25+
uses: astral-sh/setup-uv@v7
26+
27+
- name: Install dependencies
28+
run: uv sync --extra dev
29+
30+
- name: Run governance checks
31+
run: |
32+
uv run python tools/quality/check_required_meta.py
33+
uv run python tools/quality/check_loc_limits.py
34+
35+
- name: Test
36+
run: uv run pytest -q
37+
38+
- name: Build package
39+
run: uv run python -m build
40+
41+
- name: Upload dist artifacts
42+
uses: actions/upload-artifact@v4
43+
with:
44+
name: python-dist
45+
path: dist/*
46+
if-no-files-found: error
47+
48+
publish-pypi:
49+
name: Publish to PyPI
50+
needs: build
51+
runs-on: ubuntu-latest
52+
environment: pypi-release
53+
permissions:
54+
id-token: write
55+
56+
steps:
57+
- name: Download artifacts
58+
uses: actions/download-artifact@v4
59+
with:
60+
name: python-dist
61+
path: dist
62+
63+
- name: Publish to PyPI
64+
uses: pypa/gh-action-pypi-publish@release/v1
65+
66+
docker:
67+
name: Build and push Docker image
68+
needs: build
69+
runs-on: ubuntu-latest
70+
permissions:
71+
contents: read
72+
packages: write
73+
74+
steps:
75+
- name: Checkout
76+
uses: actions/checkout@v4
77+
78+
- name: Log in to Docker Hub
79+
uses: docker/login-action@v3
80+
with:
81+
username: ${{ secrets.DOCKERHUB_USERNAME }}
82+
password: ${{ secrets.DOCKERHUB_TOKEN }}
83+
84+
- name: Extract version tag
85+
id: meta
86+
run: |
87+
VERSION="${GITHUB_REF_NAME}"
88+
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
89+
echo "tags=your-org/runbook-guard:${VERSION},your-org/runbook-guard:latest" >> "$GITHUB_OUTPUT"
90+
91+
- name: Build and push image
92+
uses: docker/build-push-action@v6
93+
with:
94+
context: .
95+
file: infra/docker/Dockerfile
96+
push: true
97+
tags: ${{ steps.meta.outputs.tags }}

.github/workflows/ci.yml

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
name: CI
2+
3+
on:
4+
push:
5+
branches: ["main"]
6+
pull_request:
7+
8+
jobs:
9+
test:
10+
name: test (Python ${{ matrix.python-version }})
11+
runs-on: ubuntu-latest
12+
13+
strategy:
14+
fail-fast: false
15+
matrix:
16+
python-version: ["3.12", "3.13"]
17+
18+
steps:
19+
- name: Checkout
20+
uses: actions/checkout@v4
21+
22+
- name: Setup Python ${{ matrix.python-version }}
23+
uses: actions/setup-python@v5
24+
with:
25+
python-version: ${{ matrix.python-version }}
26+
27+
- name: Setup uv
28+
uses: astral-sh/setup-uv@v7
29+
30+
- name: Install dependencies
31+
run: uv sync --extra dev
32+
33+
- name: Repository governance
34+
run: uv run python tools/quality/check_required_meta.py
35+
36+
- name: LOC limits
37+
run: uv run python tools/quality/check_loc_limits.py
38+
39+
- name: Ruff lint
40+
run: uv run ruff check .
41+
42+
- name: Ruff format check
43+
run: uv run ruff format --check .
44+
45+
- name: Type check
46+
run: uv run mypy src tests
47+
48+
- name: Test
49+
run: uv run pytest -q

.github/workflows/codeql.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
name: CodeQL
2+
3+
on:
4+
push:
5+
branches: ["main"]
6+
pull_request:
7+
schedule:
8+
- cron: "0 4 * * 1"
9+
10+
jobs:
11+
analyze:
12+
runs-on: ubuntu-latest
13+
permissions:
14+
actions: read
15+
contents: read
16+
security-events: write
17+
18+
strategy:
19+
fail-fast: false
20+
matrix:
21+
language: ["python"]
22+
23+
steps:
24+
- name: Checkout
25+
uses: actions/checkout@v4
26+
27+
- name: Initialize CodeQL
28+
uses: github/codeql-action/init@v3
29+
with:
30+
languages: ${{ matrix.language }}
31+
32+
- name: Autobuild
33+
uses: github/codeql-action/autobuild@v3
34+
35+
- name: Perform CodeQL analysis
36+
uses: github/codeql-action/analyze@v3

.github/workflows/security.yml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
name: Security
2+
3+
on:
4+
push:
5+
branches: ["main"]
6+
pull_request:
7+
schedule:
8+
- cron: "0 6 * * 1"
9+
10+
jobs:
11+
security:
12+
runs-on: ubuntu-latest
13+
steps:
14+
- name: Checkout
15+
uses: actions/checkout@v4
16+
17+
- name: Setup Python
18+
uses: actions/setup-python@v5
19+
with:
20+
python-version: "3.12"
21+
22+
- name: Setup uv
23+
uses: astral-sh/setup-uv@v7
24+
25+
- name: Install dependencies
26+
run: uv sync --extra dev
27+
28+
- name: Secret scan
29+
run: uv run python tools/security/scan_secrets.py
30+
31+
- name: Bandit
32+
run: uv run bandit -q -r src tools
33+
34+
- name: pip-audit
35+
run: uv run pip-audit

0 commit comments

Comments
 (0)