From dffbd938e2e14a47439930013e25a424b34d662c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 3 Apr 2026 13:58:21 +0000 Subject: [PATCH] [github-graph]: Synced files from `git-config`. --- .editorconfig | 15 ++++++ .github/rulesets/build-integrity.json | 51 ++++++++++++++++++++ .github/workflows/claude-code-review.yml | 44 +++++++++++++++++ .github/workflows/claude.yml | 49 +++++++++++++++++++ .github/workflows/export-rulesets.yml | 61 ++---------------------- .github/workflows/import-rulesets.yml | 58 ++-------------------- 6 files changed, 165 insertions(+), 113 deletions(-) create mode 100644 .editorconfig create mode 100644 .github/rulesets/build-integrity.json create mode 100644 .github/workflows/claude-code-review.yml create mode 100644 .github/workflows/claude.yml diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ec42ad0 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +# IDE configuration for consistent code formatting across different editors. + +root = true + +# Set default charset, line endings, and whitespace handling for all files. +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +# Always use an indentation of 2 spaces. +[*.{scala,java,kt,sbt,conf,json,md,yml,yaml,htm,html,xml,js,ts,py}] +indent_style = space +indent_size = 2 diff --git a/.github/rulesets/build-integrity.json b/.github/rulesets/build-integrity.json new file mode 100644 index 0000000..f12064b --- /dev/null +++ b/.github/rulesets/build-integrity.json @@ -0,0 +1,51 @@ +{ + "name": "build-integrity", + "target": "branch", + "enforcement": "active", + "conditions": { + "ref_name": { + "exclude": [], + "include": [ + "~DEFAULT_BRANCH" + ] + } + }, + "rules": [ + { + "type": "deletion" + }, + { + "type": "required_status_checks", + "parameters": { + "strict_required_status_checks_policy": true, + "do_not_enforce_on_create": false, + "required_status_checks": [ + { + "context": "Build Integrity" + } + ] + } + }, + { + "type": "pull_request", + "parameters": { + "required_approving_review_count": 0, + "dismiss_stale_reviews_on_push": false, + "required_reviewers": [], + "require_code_owner_review": true, + "require_last_push_approval": false, + "required_review_thread_resolution": false, + "allowed_merge_methods": [ + "squash" + ] + } + } + ], + "bypass_actors": [ + { + "actor_id": 5, + "actor_type": "RepositoryRole", + "bypass_mode": "always" + } + ] +} diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml new file mode 100644 index 0000000..7648a3a --- /dev/null +++ b/.github/workflows/claude-code-review.yml @@ -0,0 +1,44 @@ +name: Claude Code Review + +on: + pull_request: + types: [opened, synchronize, ready_for_review, reopened] + # Optional: Only run on specific file changes + # paths: + # - "src/**/*.ts" + # - "src/**/*.tsx" + # - "src/**/*.js" + # - "src/**/*.jsx" + +jobs: + claude-review: + # Optional: Filter by PR author + # if: | + # github.event.pull_request.user.login == 'external-contributor' || + # github.event.pull_request.user.login == 'new-developer' || + # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' + + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: read + issues: read + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Run Claude Code Review + id: claude-review + uses: anthropics/claude-code-action@v1 + with: + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' + plugins: 'code-review@claude-code-plugins' + prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' + # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md + # or https://code.claude.com/docs/en/cli-reference for available options + diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml new file mode 100644 index 0000000..9471a05 --- /dev/null +++ b/.github/workflows/claude.yml @@ -0,0 +1,49 @@ +name: Claude Code + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + issues: + types: [opened, assigned] + pull_request_review: + types: [submitted] + +jobs: + claude: + if: | + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || + (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: read + issues: read + id-token: write + actions: read # Required for Claude to read CI results on PRs + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Run Claude Code + id: claude + uses: anthropics/claude-code-action@v1 + with: + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + + # This is an optional setting that allows Claude to read CI results on PRs + additional_permissions: | + actions: read + + # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. + # prompt: 'Update the pull request description to include a summary of changes.' + + # Optional: Add claude_args to customize behavior and configuration + # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md + # or https://code.claude.com/docs/en/cli-reference for available options + # claude_args: '--allowed-tools Bash(gh pr:*)' diff --git a/.github/workflows/export-rulesets.yml b/.github/workflows/export-rulesets.yml index fb8faf0..da0b945 100644 --- a/.github/workflows/export-rulesets.yml +++ b/.github/workflows/export-rulesets.yml @@ -1,63 +1,8 @@ -# ================================================================================================= -# Exports rules from GitHub's internal configuration into '.github/rulesets'. -# Only triggered manually, which should be done following every manual configuration change. -# ================================================================================================= - name: Export Rulesets - on: workflow_dispatch: - workflow_call: - -# Cancel in-progress runs when starting a new one. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true jobs: - run: - runs-on: ubuntu-latest - env: - REPO_DIR: repo - RULESETS_DIR: repo/.github/rulesets - - permissions: - contents: write - pull-requests: write - - steps: - - name: Check requirements - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: | - if [ -z "$GH_TOKEN" ]; then - echo "::error::GH_TOKEN secret is not set." \ - "Create a GitHub Personal Access Token with sufficient access" \ - "and add it as a repository secret named GH_TOKEN." - exit 1 - fi - - - name: Checkout - uses: actions/checkout@v4 - with: - path: repo - - - name: Checkout github-rules - uses: actions/checkout@v4 - with: - repository: SgtSwagrid/github-rules - path: github-rules - - - name: Sync - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: bash github-rules/scripts/export-rulesets.sh - - - name: Publish - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - BASE_BRANCH: ${{ github.ref_name }} - UPDATE_BRANCH: ci/export-rulesets - PR_TITLE: "[ci] Exported GitHub rulesets to source." - PR_BODY_FILE: github-rules/templates/pull-request-body.md - run: bash github-rules/scripts/publish.sh + export: + uses: SgtSwagrid/github-rules/.github/workflows/export-rulesets.yml@main + secrets: inherit diff --git a/.github/workflows/import-rulesets.yml b/.github/workflows/import-rulesets.yml index fe33684..ff025ce 100644 --- a/.github/workflows/import-rulesets.yml +++ b/.github/workflows/import-rulesets.yml @@ -1,63 +1,11 @@ -# ================================================================================================= -# Imports rules from '.github/rulesets' into GitHub's internal configuration. -# Triggered by modifications to this directory on the default branch, or manually. -# ================================================================================================= - name: Import Rulesets - on: push: paths: - .github/rulesets/** workflow_dispatch: - workflow_call: - -# Cancel in-progress runs when starting a new one. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true jobs: - run: - runs-on: ubuntu-latest - # Only respond to changes on the default branch. - if: > - github.event_name == 'workflow_dispatch' || - github.event_name == 'workflow_call' || - github.ref_name == github.event.repository.default_branch - env: - REPO_DIR: repo - RULESETS_DIR: repo/.github/rulesets - - steps: - - name: Check requirements - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: | - if [ -z "$GH_TOKEN" ]; then - echo "::error::GH_TOKEN secret is not set." \ - "Create a GitHub Personal Access Token with sufficient access" \ - "and add it as a repository secret named GH_TOKEN." - exit 1 - fi - - - name: Checkout - uses: actions/checkout@v4 - with: - path: repo - - - name: Checkout github-rules - uses: actions/checkout@v4 - with: - repository: SgtSwagrid/github-rules - path: github-rules - - - name: Clear - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: bash github-rules/scripts/clear-rulesets.sh - - - name: Sync - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: bash github-rules/scripts/import-rulesets.sh + import: + uses: SgtSwagrid/github-rules/.github/workflows/import-rulesets.yml@main + secrets: inherit