{"id":31240325,"url":"https://github.com/coderdeltalan/ci-matrix-starter","last_synced_at":"2025-10-04T17:11:38.418Z","repository":{"id":314804583,"uuid":"1056803430","full_name":"CoderDeltaLAN/ci-matrix-starter","owner":"CoderDeltaLAN","description":"Reusable GitHub Actions CI for Python/TypeScript with SBOM, CodeQL, Dependabot auto-merge, and PyPI publishing (OIDC Trusted Publisher). Always-green CI ready for DevSecOps.","archived":false,"fork":false,"pushed_at":"2025-09-22T03:02:10.000Z","size":13860,"stargazers_count":1,"open_issues_count":11,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-22T04:24:47.159Z","etag":null,"topics":["always-green","automation","ci","codeql","cosign","dependabot","devsecops","github-actions","matrix","node","pnpm","pre-commit","pypi","python","reusable-workflows","sbom","security","sigstore","supply-chain","typescript"],"latest_commit_sha":null,"homepage":"https://github.com/CoderDeltaLAN/ci-matrix-starter","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CoderDeltaLAN.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["CoderDeltaLAN"],"custom":["https://www.paypal.com/donate/?hosted_button_id=YVENCBNCZWVPW"]}},"created_at":"2025-09-14T20:43:38.000Z","updated_at":"2025-09-22T03:02:14.000Z","dependencies_parsed_at":"2025-09-14T23:32:22.275Z","dependency_job_id":null,"html_url":"https://github.com/CoderDeltaLAN/ci-matrix-starter","commit_stats":null,"previous_names":["coderdeltalan/ci-matrix-starter"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/CoderDeltaLAN/ci-matrix-starter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoderDeltaLAN%2Fci-matrix-starter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoderDeltaLAN%2Fci-matrix-starter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoderDeltaLAN%2Fci-matrix-starter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoderDeltaLAN%2Fci-matrix-starter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CoderDeltaLAN","download_url":"https://codeload.github.com/CoderDeltaLAN/ci-matrix-starter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoderDeltaLAN%2Fci-matrix-starter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276486926,"owners_count":25651130,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-22T02:00:08.972Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["always-green","automation","ci","codeql","cosign","dependabot","devsecops","github-actions","matrix","node","pnpm","pre-commit","pypi","python","reusable-workflows","sbom","security","sigstore","supply-chain","typescript"],"created_at":"2025-09-22T22:30:01.249Z","updated_at":"2025-10-04T17:11:38.393Z","avatar_url":"https://github.com/CoderDeltaLAN.png","language":"Shell","funding_links":["https://github.com/sponsors/CoderDeltaLAN","https://www.paypal.com/donate/?hosted_button_id=YVENCBNCZWVPW"],"categories":[],"sub_categories":[],"readme":"# ⭐ **ci-matrix-starter — Reusable CI Workflows (Python \u0026 TypeScript)**\n\nA lean, production-ready **GitHub Actions starter** that ships **reusable CI workflows** for **Python (3.11/3.12)** and **TypeScript/Node 20**.\nDesigned for **always-green CI** with strict local gates mirroring CI, **CodeQL** out of the box, optional **SBOM** generation, and guard-rails for safe merges.\n\n\u003c!-- BADGES:FOOT:BEGIN --\u003e\n\u003cp align=\"center\"\u003e\u003csub\u003e\u003cb\u003eCore status\u003c/b\u003e\u003c/sub\u003e\u003cbr/\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml\"\u003e\n    \u003cimg alt=\"CI\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml/badge.svg?branch=main\u0026label=CI\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml\"\u003e\n    \u003cimg alt=\"CodeQL\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml/badge.svg?branch=main\u0026label=CodeQL\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/releases\"\u003e\n    \u003cimg alt=\"release\" src=\"https://img.shields.io/github/v/release/CoderDeltaLAN/ci-matrix-starter?display_name=tag\u0026label=release\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/blob/main/pyproject.toml\"\u003e\n    \u003cimg alt=\"Python 3.11 | 3.12\" src=\"https://img.shields.io/badge/Python-3.11%20%7C%203.12-3776AB?logo=python\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\n    \u003cimg alt=\"License MIT\" src=\"https://img.shields.io/badge/License-MIT-blue.svg\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003csub\u003e\u003cb\u003eCI \u0026amp; automation\u003c/b\u003e\u003c/sub\u003e\u003cbr/\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml\"\u003e\n    \u003cimg alt=\"Python CI (badge)\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml/badge.svg?branch=main\u0026label=Python%20CI%20(badge)\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci-badge.yml\"\u003e\n    \u003cimg alt=\"TS CI (badge)\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci-badge.yml/badge.svg?branch=main\u0026label=TS%20CI%20(badge)\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign-badge.yml\"\u003e\n    \u003cimg alt=\"auto-assign (badge)\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign-badge.yml/badge.svg?branch=main\u0026label=auto-assign%20(badge)\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/pr-labeler-badge.yml\"\u003e\n    \u003cimg alt=\"pr-labeler (badge)\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/pr-labeler-badge.yml/badge.svg?branch=main\u0026label=pr-labeler%20(badge)\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003csub\u003e\u003cb\u003eSecurity \u0026amp; supply-chain\u003c/b\u003e\u003c/sub\u003e\u003cbr/\u003e\n  \u003ca href=\"https://securityscorecards.dev/viewer/?uri=github.com/CoderDeltaLAN/ci-matrix-starter\"\u003e\n    \u003cimg alt=\"OpenSSF Scorecard\" src=\"https://api.securityscorecards.dev/projects/github.com/CoderDeltaLAN/ci-matrix-starter/badge\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml\"\u003e\n    \u003cimg alt=\"supply-chain\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml/badge.svg?branch=main\u0026label=supply-chain\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge-badge.yml\"\u003e\n    \u003cimg alt=\"Dependabot auto-merge (badge)\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge-badge.yml/badge.svg?branch=main\u0026label=Dependabot%20auto-merge%20(badge)\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish-badge.yml\"\u003e\n    \u003cimg alt=\"Publish container to GHCR (badge)\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish-badge.yml/badge.svg?branch=main\u0026label=GHCR%20publish%20(badge)\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003csub\u003e\u003cb\u003eReleases \u0026amp; packaging\u003c/b\u003e\u003c/sub\u003e\u003cbr/\u003e\n  \u003ca href=\"https://pypi.org/project/ci-matrix-starter/\"\u003e\n    \u003cimg alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/ci-matrix-starter?logo=pypi\u0026label=PyPI\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom-badge.yml\"\u003e\n    \u003cimg alt=\"release-sbom (badge)\" src=\"https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom-badge.yml/badge.svg?branch=main\u0026label=release-sbom%20(badge)\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://pypi.org/project/ci-matrix-starter/\"\u003e\n    \u003cimg alt=\"PyPI pyversions\" src=\"https://img.shields.io/pypi/pyversions/ci-matrix-starter?logo=python\u0026label=pyversions\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://pypi.org/project/ci-matrix-starter/#files\"\u003e\n    \u003cimg alt=\"Wheel\" src=\"https://img.shields.io/pypi/wheel/ci-matrix-starter?label=Wheel\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003c!-- BADGES:FOOT:END --\u003e\n\n---\n\n## **Repo layout**\n\n```text\n.\n├── .github/workflows/\n│   ├── build.yml                     # aggregator (example)\n│   ├── codeql.yml                    # CodeQL analysis\n│   ├── supply-chain.yml              # SBOM + weekly gates\n│   ├── release-sbom.yml              # release SBOM publish\n│   ├── ghcr-publish.yml              # container to GHCR (example)\n│   ├── release-drafter.yml           # release notes draft\n│   ├── auto-assign.yml               # auto-assign reviewers\n│   ├── labeler.yml                   # PR labeler\n│   ├── dependabot-automerge.yml      # auto-merge Dependabot\n│   ├── ts-ci.yml                     # reusable TypeScript/Node CI\n│   ├── py-ci.yml                     # reusable Python CI\n│   └── py-ci-badge.yml               # wrapper for README badge\n├── docs/\n│   └── screens/\n│       └── local-sanity.png          # terminal screenshot (example)\n├── src/\n│   ├── index.ts                      # minimal TS example\n│   └── ci_matrix_starter/            # minimal Py package\n├── tests/                            # Python tests (example)\n├── package.json                      # Node scripts\n├── pyproject.toml                    # Python tooling\n└── README.md\n```\n\n---\n\n## 🖥️ **Operating System Compatibility** ✅\n\n```text\n| OS               | Status |\n|------------------|:------:|\n| Linux            |   ✅   |\n| macOS            |   ✅   |\n| Windows (WSL2)   |   ✅   |\n| FreeBSD          |   ✅   |\n| Android (Termux) |   ✅   |\n| Containers (CI)  |   ✅   |\n```\n\n---\n\n## 🚀 **Quick Start (consumers)**\n\n### **Use the reusable workflows in _your_ repo**\n\nCreate `.github/workflows/ci.yml`:\n\n```yaml\nname: CI\non:\n  pull_request:\n  push:\n    branches: [main]\n\njobs:\n  # Python matrix (3.11/3.12) with strict gates\n  py:\n    uses: CoderDeltaLAN/ci-matrix-starter/.github/workflows/py-ci.yml@v0.1.7\n    with:\n      python_versions: '[\"3.11\",\"3.12\"]'\n      run_tests: true\n\n  # TypeScript / Node 20\n  ts:\n    uses: CoderDeltaLAN/ci-matrix-starter/.github/workflows/ts-ci.yml@v0.1.7\n```\n\n\u003e The **aggregator** in this repo (`build.yml`) shows how to orchestrate multiple reusable jobs.\n\n### **Local mirror (same gates as CI)**\n\n**Node / TS**\n\n```bash\nnpx prettier --check .\nnpx eslint . --max-warnings=0\nnpx tsc --noEmit\nnpm test --silent\n```\n\n**Python**\n\n```bash\npython -m pip install --upgrade pip\npip install poetry\npoetry install --no-interaction\npoetry run ruff check .\npoetry run black --check .\nPYTHONPATH=src poetry run pytest -q --cov=src --cov-fail-under=100\npoetry run mypy src\n```\n\n---\n\n## 📦 **What the workflows expect**\n\n**TypeScript**\n\n- `package.json` with `test` script.\n- `tsconfig.json` (scope sources, e.g., `src/**/*.ts`).\n- `eslint.config.mjs` (flat) and **Prettier 3**.\n- Node **20.x**.\n\n**Python**\n\n- `pyproject.toml` with dev tools (**ruff**, **black**, **pytest**, **mypy**, **poetry**).\n- Tests under `tests/`; coverage threshold via `cov-min`.\n  Matrix **3.11/3.12** (customizable with `python_versions`).\n\n**Optional SBOM \u0026 signing**\n\n- SBOMs (CycloneDX) available. If `COSIGN_KEY` \u0026 `COSIGN_PASSWORD` are present, images/artifacts can be signed (safe-by-default: skipped when absent).\n\n---\n\n## ⛳ **Required checks (CI gating)**\n\n**Suggested branch-protection contexts:**\n\n- `CI / build` (aggregator success)\n- `CodeQL Analyze / codeql`\n\n**Enable linear history, dismiss stale reviews on new pushes, and auto-merge when green.**\n\n---\n\n## 🧪 **Local Developer Workflow (mirrors CI)**\n\n```bash\n# Node\nnpx prettier --check . \u0026\u0026 npx eslint . --max-warnings=0 \u0026\u0026 npx tsc --noEmit \u0026\u0026 npm test --silent\n\n# Python\npython -m pip install --upgrade pip \u0026\u0026 pip install poetry\npoetry install --no-interaction\npoetry run ruff check . \u0026\u0026 poetry run black --check .\nPYTHONPATH=src poetry run pytest -q --cov=src --cov-fail-under=100\npoetry run mypy src\n```\n\n---\n\n\u003c!-- SCREENSHOT:BEGIN --\u003e\n\n### 👨‍💻 **Local sanity (screenshot)**\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/screens/local-sanity.png\"\n       alt=\"Local sanity (pre-commit, linters and smoke tests passing)\"\n       width=\"100%\" /\u003e\n\u003c/p\u003e\n\u003c!-- SCREENSHOT:END --\u003e\n\n---\n\n## 🔧 **CI (GitHub Actions)**\n\n- Reusable jobs for **Python** and **TypeScript**; call them via `uses:` with a tag (e.g., `@v0.1.7`).\n- Built-in **CodeQL** example.\n- Strict, fast feedback suitable for PR auto-merge when green.\n\n**Python snippet**\n\n```yaml\n- run: python -m pip install --upgrade pip\n- run: pip install poetry\n- run: poetry install --no-interaction\n- run: poetry run ruff check .\n- run: poetry run black --check .\n- env:\n    PYTHONPATH: src\n  run: poetry run pytest -q\n- run: poetry run mypy src\n```\n\n**TypeScript snippet**\n\n```yaml\n- run: npx prettier --check .\n- run: npx eslint . --max-warnings=0\n- run: npx tsc --noEmit\n- run: npm test --silent || echo \"no tests\"\n```\n\n---\n\n## 🗺 **When to Use This Project**\n\n- You need **ready-to-use CI** for **Python + TypeScript** with clean defaults.\n- You want **reusable workflows** referenced by tag.\n- You value **security** (CodeQL), **SBOMs**, and **strict gates** to keep `main` always green.\n\n---\n\n## 🧩 **Customization**\n\n- Pin a release tag, e.g., `@v0.1.7`.\n- Adjust Python matrix: `with.python_versions`.\n- Toggle tests in the wrapper: `with.run_tests` (true/false).\n- Provide secrets to enable optional **cosign** signing.\n- Extend jobs by adding steps after `uses:`.\n\n---\n\n## 🔒 **Security**\n\n- Code scanning via **CodeQL**.\n- Recommend enabling: **required conversations resolved**, **dismiss stale reviews**, **signed commits**, and **squash merges**.\n- Avoid uploading sensitive artifacts to public PRs.\n\n---\n\n## 🙌 **Contributing**\n\n- Small, atomic PRs using **Conventional Commits**.\n- Keep local \u0026 CI gates green before review.\n- Use auto-merge once checks pass.\n\n---\n\n## 💚 **Donations \u0026 Sponsorship**\n\n**Support open-source: your donations keep projects clean, secure, and evolving for the global community.**\n\n\u003cp align=\"left\"\u003e\n  \u003ca href=\"https://www.paypal.com/donate/?hosted_button_id=YVENCBNCZWVPW\"\u003e\n    \u003cimg alt=\"Donate with PayPal\" src=\"https://img.shields.io/badge/Donate-PayPal-0070ba?logo=paypal\u0026logoColor=white\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## 🔎 **SEO Keywords**\n\nreusable github actions workflows, python typescript ci starter, node 20 eslint 9 prettier 3, ruff black mypy pytest, cyclonedx sbom cosign signing, codeql security analysis, branch protection auto merge, always green ci, monorepo friendly ci, strict local gates mirror\n\n---\n\n## 👤 **Author**\n\n**CoderDeltaLAN (Yosvel)**\nGitHub: https://github.com/CoderDeltaLAN\n\n---\n\n## 📄 **License**\n\nReleased under the **MIT License**. See [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoderdeltalan%2Fci-matrix-starter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoderdeltalan%2Fci-matrix-starter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoderdeltalan%2Fci-matrix-starter/lists"}