11# About This Repo
22
33This document outlines the configuration of this repo as well as the basic
4- process we use to manage the project. As Github has matured as a platform
4+ process we use to manage the project. As GitHub has matured as a platform
55and HTML5 Boilerplate has matured as a project there are a lot of lessons
66to be learned from the way we run the show here.
77
@@ -68,9 +68,7 @@ Our branch protection rules are as follows:
6868- We run a _ dependency review_ scan to see if any newly added dependencies add
6969 known security flaws. This is important for even us, but for a project that
7070 uses a larger number of third party dependencies, this sort of check is vital.
71- - Since we're fan of the "belt and suspenders" approach to security, we also
72- run a _ LGTM.com_ scan as well as the CodeQL scans. This tool, built on top of
73- CodeQl can shake out different issues so it's nice to have the pair.
71+ - We also run a CodeQL scans to check for security issues and problems.
7472- We push any changes to ` main ` to our [ HTML5\- Boilerplate Template Repo] ( https://github.com/h5bp/html5-boilerplate-template )
7573
7674Since we've talked about some of our Actions, let's look at the full configuration
@@ -79,25 +77,25 @@ of our `.github` folder.
7977### .github Folder
8078
8179- workflows
82- - ` build-dist.yaml ` is currently broken. We can't push to ` main ` without a
80+ - ` build-dist.yml ` is currently broken. We can't push to ` main ` without a
8381 code review, so this task is blocked. What I would like, (are you there,
8482 GitHub, it's me, Rob) is to allow Actions to bypass branch protection
8583 rules. I think we'll have to basically write a mini-bot that opens a PR
8684 whenever there are changes to ` main ` and then pushes to the same branch
8785 until the PR is closed. In some ways that will be better as it will be less
8886 noisy in terms of bot pushes to main.
8987 - ` codeql-analysis.yml ` controls our CodeQL action. We use the defaults. If
90- you're building something with more JAvaScript footprint, you can tweak
88+ you're building something with more JavaScript footprint, you can tweak
9189 the settings for this job.
9290 - ` dependency-review.yml ` does what it says on the tin- it tests newly
9391 introduced dependencies for vulnerabilities.
94- - ` publish.yaml ` is the action that publishes all the various versions of
92+ - ` publish.yml ` is the action that publishes all the various versions of
9593 the project. When we create a new tag and push it to GitHub, this script
9694 publishes our npm package and creates a GitHub release and attaches a zip
9795 file of our ` dist ` folder.
98- - ` push-to-template.yaml ` pushes the ` HEAD ` of ` main ` to our template repo
96+ - ` push-to-template.yml ` pushes the ` HEAD ` of ` main ` to our template repo
9997 - ` spellcheck.yml ` automatically checks markdown files for typos with cSpell.
100- - ` test.yaml ` runs our test suite.
98+ - ` test.yml ` runs our test suite.
10199- ` CODE_OF_CONDUCT.md ` is our Code of Conduct, based on
102100 [ Contributor Covenant.] ( https://www.contributor-covenant.org/ )
103101- ` CONTRIBUTING.md ` contains our contribution guidelines.
0 commit comments