Add CI policy, strengthen hash-pinning rule, add Gitea Actions workflow
All checks were successful
check / check (push) Successful in 16s
All checks were successful
check / check (push) Successful in 16s
- All Dockerfiles must run make check as a build step - Every repo needs a Gitea Actions workflow running docker build on push - Greatly strengthen the hash-pinning rule: explicitly list all reference types, ban curl|bash installs, mark as most important rule in document - Add model .gitea/workflows/check.yml pinned by commit hash
This commit is contained in:
@@ -43,9 +43,12 @@ Template files can be fetched from:
|
||||
- [ ] `REPO_POLICIES.md` — fetch from `prompts/REPO_POLICIES.md` in the prompts
|
||||
repo
|
||||
- [ ] `Dockerfile` and `.dockerignore`
|
||||
- Server: runs the application
|
||||
- All Dockerfiles must run `make check` as a build step
|
||||
- Server: also builds and runs the application
|
||||
- Non-server: brings up dev environment and runs `make check`
|
||||
- Image pinned by sha256 hash with version/date comment
|
||||
- [ ] Gitea Actions workflow at `.gitea/workflows/check.yml` that runs
|
||||
`docker build .` on push
|
||||
- [ ] Language-specific:
|
||||
- [ ] Go: `go mod init sneak.berlin/go/<name>`, `.golangci.yml` (copy from
|
||||
`~/dev/upaas/.golangci.yml`)
|
||||
|
||||
Reference in New Issue
Block a user