Skip to content

Commit 35eac25

Browse files
committed
ci: add quality + release workflows, pre-commit, docs
1 parent d0b975f commit 35eac25

15 files changed

Lines changed: 110 additions & 32 deletions

File tree

.github/ISSUE_TEMPLATE/bug.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
name: Bug
2+
body:
3+
- type: textarea
4+
attributes: {label: Steps to reproduce}
5+
- type: input
6+
attributes: {label: SHA/Tag}

.github/PULL_REQUEST_TEMPLATE.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
## Objective
2+
## Test plan
3+
## Checklist
4+
- [ ] Lint/Type checks pass
5+
- [ ] CI green

.github/workflows/ci.yml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
name: ci
2+
on:
3+
push:
4+
branches: [main]
5+
pull_request:
6+
jobs:
7+
qa:
8+
runs-on: ubuntu-latest
9+
steps:
10+
- uses: actions/checkout@v4
11+
- uses: actions/setup-python@v5
12+
with: {python-version: '3.11'}
13+
- run: python -m pip install -U pip && pip install ruff black mypy pandas openpyxl
14+
- run: ruff check .
15+
- run: black --check .
16+
- run: mypy src
17+
build-artifacts:
18+
needs: qa
19+
runs-on: ubuntu-latest
20+
steps:
21+
- uses: actions/checkout@v4
22+
- uses: actions/setup-python@v5
23+
with: {python-version: '3.11'}
24+
- run: pip install pandas openpyxl
25+
- run: python tools/csv2xlsx.py
26+
- uses: actions/upload-artifact@v4
27+
with:
28+
name: risk-matrix-xlsx
29+
path: docs/reports/risk_matrix.xlsx
30+
security:
31+
runs-on: ubuntu-latest
32+
steps:
33+
- uses: actions/checkout@v4
34+
- run: bash tools/sec_checks.sh

.github/workflows/release.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: release
2+
on:
3+
workflow_dispatch:
4+
inputs:
5+
tag: {description: 'vX.Y.Z', required: true}
6+
jobs:
7+
cut:
8+
runs-on: ubuntu-latest
9+
steps:
10+
- uses: actions/checkout@v4
11+
- uses: actions/download-artifact@v4
12+
with: {name: risk-matrix-xlsx, path: dist/}
13+
- name: Create release
14+
uses: softprops/action-gh-release@v2
15+
with:
16+
tag_name: ${{ github.event.inputs.tag }}
17+
files: dist/risk_matrix.xlsx
18+
generate_release_notes: true
19+
env: { GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} }

.pre-commit-config.yaml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
repos:
2+
- repo: https://github.com/psf/black
3+
rev: 24.8.0
4+
hooks: [{id: black}]
5+
- repo: https://github.com/astral-sh/ruff-pre-commit
6+
rev: v0.6.0
7+
hooks: [{id: ruff}]
8+
- repo: https://github.com/pre-commit/mirrors-mypy
9+
rev: v1.11.2
10+
hooks: [{id: mypy}]
11+
- repo: https://github.com/pypa/pip-audit
12+
rev: v2.7.3
13+
hooks: [{id: pip-audit}]

CODEOWNERS

Whitespace-only changes.

CONTRIBUTING.md

Lines changed: 1 addition & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1 @@
1-
# Contributing
2-
3-
Scope: educational, synthetic data only. One PR = one change.
4-
5-
## Workflow
6-
- Fork then create a feature branch
7-
- Keep changes small and auditable
8-
- Update docs/tests when relevant
9-
10-
## Coding & content
11-
- English only
12-
- No patient data
13-
- CSV is the source of truth for the risk matrix
14-
15-
## Commit messages
16-
Conventional commits (feat|fix|docs|refactor|test|ci|chore): short, imperative.
17-
18-
## Governance
19-
Maintainers: kamilia meliani / lazreg meliani.
1+
Dev quickstart, pre-commit, CI rules, commit style: Conventional Commits.

SECURITY.md

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1 @@
1-
# Security Policy
2-
3-
## Supported
4-
This repository is educational. No production systems.
5-
6-
## Reporting a vulnerability
7-
Please open a private disclosure via GitHub Security Advisories
8-
or contact the maintainers on LinkedIn. Do not post PII, PHI, or patient data.
9-
10-
## Scope
11-
Only issues in this repo. No device or vendor bug-bounty here.
1+
Report security issues via GitHub Security tab. No exploits in issues.
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# ADR-0001 Scope
2+
Decision: risk matrix generation + CI artifacts to support GRC/detection/pentest-light demo.

docs/compliance/mapping.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
| Exigence | Preuve repo |
2+
|----------|-------------|
3+
| Gestion risques | risk_matrix.xlsx en release + CI |
4+
| Sécurité dev | CI qualité + protection branche |
5+
| Gestion vulnérabilités | SBOM + Trivy dans CI |
6+
| Traçabilité | Releases taguées + artifacts |

0 commit comments

Comments
 (0)