Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
09a190e
Add multi-agent isolation strategy using git worktrees (#2)
don-petry Mar 28, 2026
9265dfc
feat: add weekly compliance audit workflow (#12)
don-petry Apr 5, 2026
a0dc0ff
chore: run compliance audit every Friday at noon UTC
Apr 5, 2026
7474143
feat: add full CI pipeline for .github repo (#15)
don-petry Apr 5, 2026
27d7253
feat: extend compliance audit with CI/automation health survey (#13)
don-petry Apr 6, 2026
437861b
chore(deps): Bump anthropics/claude-code-action from 1.0.83 to 1.0.89…
dependabot[bot] Apr 6, 2026
c724a0c
feat: split Claude workflow into interactive + issue automation jobs …
don-petry Apr 6, 2026
4974b12
feat: require GitHub Discussions on all repos (#53)
don-petry Apr 6, 2026
ec602d2
fix: grant claude-issue job tools to create PRs and check CI (#55)
don-petry Apr 6, 2026
5302eab
fix: add concurrency guard and comment tools to claude-issue job
Apr 6, 2026
fcc222e
fix: add claude.yml template + checkout audit check (#63)
claude[bot] Apr 6, 2026
1279616
fix: auto-create required labels during compliance audit (#67)
claude[bot] Apr 6, 2026
03fc359
feat: reusable Claude Code workflow with workflows write permission (…
don-petry Apr 6, 2026
06b25d9
Add Feature Ideation workflow as standard for BMAD-enabled repos (#81)
don-petry Apr 7, 2026
9c148a3
feat(workflows): centralize standards via reusable workflows (#87)
don-petry Apr 8, 2026
9476b20
feat(workflows): pin reusable callers to @v1 and document tier model …
don-petry Apr 8, 2026
5434599
feat(security): add codeql.yml for SAST scanning (#100)
don-petry Apr 8, 2026
7980dfa
Replace per-repo CodeQL workflows with GitHub default setup (#103)
don-petry Apr 9, 2026
c098d44
feat(claude): trigger Claude to fix CI failures on PRs (#148)
don-petry Apr 17, 2026
92358a1
feat(feature-ideation): add curated reputable source list for Mary (#…
don-petry Apr 17, 2026
b990a6d
fix: correct reusable workflow path syntax (remove duplicate .github)…
don-petry Apr 21, 2026
e4fa7be
fix(claude-ci-fix): resolve PR via API when check_run payload is empty
don-petry Apr 21, 2026
ec66aa9
docs: document OIDC immutability constraint and exempt claude.yml fro…
don-petry Apr 25, 2026
bcbf626
fix: restore double .github path in agent-shield and claude reusable …
don-petry May 3, 2026
92cb378
feat: trigger Claude on CodeRabbit and Copilot review comments (#198)
don-petry May 6, 2026
42bedb0
chore: deprecate pr-review-agent — remove all traces
don-petry May 11, 2026
dfde3cd
feat: make pr-review-mention an org standard (#237)
don-petry May 11, 2026
f3bdc3b
fix(claude): add copilot-pull-request-reviewer and gemini-code-assist…
don-petry May 11, 2026
aab7977
fix(feature-ideation): address Copilot + CodeRabbit review on PR #85 …
don-petry May 12, 2026
b290076
feat(claude): add claude-fix-review-comments job for bot review respo…
don-petry May 13, 2026
4130a2e
chore(dev-lead): deprecate claude.yml in ci-standards, promote dev-le…
don-petry May 16, 2026
96e1dbf
chore(deps): Bump actions/upload-artifact from 4.6.2 to 7.0.1 (#303)
dependabot[bot] May 17, 2026
0198ba2
feat: implement issue #251 — Compliance: secret_scanning_ai_detection…
don-petry May 20, 2026
6420946
docs: document fine-grained token scopes for ORG_SCORECARD_TOKEN (#248)
don-petry Jun 8, 2026
5e66b87
fix(dependabot-rebase): handle 404 from compare API — skip PR when br…
don-petry Jun 8, 2026
0bb3d4f
fix(ci): downgrade pnpm/action-setup to v5 in dependency-audit reusab…
don-petry Jun 8, 2026
a288f18
feat: add compliance-remediate.sh — close the audit -> auto-fix -> PR…
don-petry Jun 8, 2026
798e393
fix(ci): add gitleaks secret-scan job to satisfy compliance check (#219)
don-petry Jun 11, 2026
9cfb40e
feat: implement issue #375 — Compliance audit — 2026-05-29 (#376)
don-petry Jun 11, 2026
a44ee6a
chore: remove deprecated claude.yml from standards (#379)
don-petry Jun 11, 2026
07dc7fa
fix: enable delete_branch_on_merge on .github repo (#222)
don-petry Jun 11, 2026
aa66446
fix(ci): pin claude-code-reusable.yml ref to @v1 (#218)
don-petry Jun 15, 2026
b63b1ee
fix(ci): remediate compliance findings for .github repo (issue #146)
donpetry-bot Jun 14, 2026
9797f04
fix(reviews): address review comments [skip ci-relay]
donpetry-bot Jun 27, 2026
4ffa47e
fix: resolve linting issues
donpetry-bot Jul 1, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions scripts/compliance-audit.sh
Original file line number Diff line number Diff line change
Expand Up @@ -1752,6 +1752,29 @@ ensure_required_labels() {
done
}

# Create all required labels (idempotent — uses --force to update if present)
ensure_required_labels() {
local repo="$1"
# Format: "name|color|description" (pipe-delimited to avoid colon conflicts)
local label_configs=(
"security|d93f0b|Security-related PRs and issues"
"dependencies|0075ca|Dependency update PRs"
"scorecard|d93f0b|OpenSSF Scorecard findings"
"bug|d73a4a|Bug reports"
"enhancement|a2eeef|Feature requests"
"documentation|0075ca|Documentation changes"
)

for config in "${label_configs[@]}"; do
IFS='|' read -r name color description <<< "$config"
gh label create "$name" \
--repo "$ORG/$repo" \
--description "$description" \
--color "$color" \
--force 2>/dev/null || true
done
}

create_issue_for_finding() {
local repo="$1" category="$2" check="$3" severity="$4" detail="$5" standard_ref="$6"

Expand Down
2 changes: 1 addition & 1 deletion standards/workflows/dependency-audit.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# ─────────────────────────────────────────────────────────────────────────────
# SOURCE OF TRUTH: petry-projects/.github/standards/workflows/dependency-audit.yml
# Standard: petry-projects/.github/standards/ci-standards.md#5-dependency-audit-dependency-auditym
# Standard: petry-projects/.github/standards/ci-standards.md#7-dependency-audit-dependency-audityml
# Reusable: petry-projects/.github/.github/workflows/dependency-audit-reusable.yml
#
# AGENTS — READ BEFORE EDITING:
Expand Down
Loading