Skip to content

ByronWilliamsCPA/.github

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

214 Commits
.claude
.claude
 
 
.github
.github
 
 
.qlty
.qlty
 
 
ISSUE_TEMPLATE
ISSUE_TEMPLATE
 
 
LICENSES
LICENSES
 
 
docs
docs
 
 
examples
examples
 
 
profile
profile
 
 
scripts
scripts
 
 
tests
tests
 
 
workflow-templates
workflow-templates
 
 
.codecov.yml
.codecov.yml
 
 
.cz.toml
.cz.toml
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.markdownlint.yml
.markdownlint.yml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.secrets.baseline
.secrets.baseline
 
 
.shellcheckrc
.shellcheckrc
 
 
.trufflehog-exclude
.trufflehog-exclude
 
 
.yamllint
.yamllint
 
 
.yamllint.yml
.yamllint.yml
 
 
AGENTS.md
AGENTS.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
FUNDING.yml
FUNDING.yml
 
 
GEMINI.md
GEMINI.md
 
 
GOVERNANCE.md
GOVERNANCE.md
 
 
LICENSE
LICENSE
 
 
PYPI_WORKFLOW_ANALYSIS.md
PYPI_WORKFLOW_ANALYSIS.md
 
 
QLTY_INTEGRATION.md
QLTY_INTEGRATION.md
 
 
README.md
README.md
 
 
REUSE.toml
REUSE.toml
 
 
SECURITY.md
SECURITY.md
 
 
SUPPORT.md
SUPPORT.md
 
 
USAGE_EXAMPLES.md
USAGE_EXAMPLES.md
 
 
checksums.txt
checksums.txt
 
 
pull_request_template.md
pull_request_template.md
 
 
renovate.json
renovate.json
 
 
sonar-project.properties
sonar-project.properties
 
 
sync_org_files.sh
sync_org_files.sh
 
 

Repository files navigation

Centralized Community Health Files

CI Status License: MIT Contributor Covenant GitHub last commit

This repository serves two purposes for the ByronWilliamsCPA GitHub organization: it provides shared community-health files that automatically apply to all public repositories, and it hosts centralized reusable GitHub Actions workflows for Python projects. Both live here to keep org-level governance in one place.

Included Files

  • CODE_OF_CONDUCT.md Defines expected contributor behavior and enforcement procedures.

  • SECURITY.md Describes our vulnerability-reporting process, supported versions, and

  • response timelines.

  • CONTRIBUTING.md Guides contributors through issue filing, pull-request workflow, DCO sign-off, and local setup.

  • SUPPORT.md Outlines support channels, prerequisites, SLAs, and community contributions.

  • GOVERNANCE.md Describes project roles, decision-making processes, and how governance can evolve.

  • CODEOWNERS Assigns default and path-specific code owners organization-wide.

  • FUNDING.yml Indicates our solo-practitioner stance and points to non-financial contribution paths.

  • .github/ISSUE_TEMPLATE/bug.yml Structured template for filing bug reports.

  • .github/ISSUE_TEMPLATE/feature.yml Structured template for proposing new features.

  • .github/ISSUE_TEMPLATE/config.yml Configuration for issue template chooser and external links.

  • pull_request_template.md Standard template for pull request descriptions.

  • dependabot.yml Automated dependency update configuration for multiple ecosystems.

  • LICENSE MIT License for organization projects.

Reusable Workflows

The .github/workflows/ directory contains centralized, reusable GitHub Actions workflows that can be called from any Python repository. Most workflows are zero-config or lightly configured via inputs. A few -- SonarCloud, Qlty Coverage, and Fuzzing -- require an account and project setup on the respective platform before use.

Prerequisites

Calling repos must provide:

  • pyproject.toml at the repo root -- used by Ruff, BasedPyright, pytest, and coverage tools to read project configuration
  • A [tool.pytest.ini_options] section (or equivalent pytest.ini) with testpaths configured
  • Any workflow-specific secrets set at the org or repo level:
Workflow Required secret(s)
Python CI CODECOV_TOKEN (optional, for coverage upload)
SonarCloud SONAR_TOKEN + external SonarCloud project setup
OpenSSF Scorecard SCORECARD_TOKEN (for scheduled publish runs)
PyPI Publishing None -- uses OIDC trusted publishing
Qlty Coverage QLTY_COVERAGE_TOKEN + qlty.toml in calling repo

Available Workflows

  • Python CI (python-ci.yml) - Comprehensive CI with testing, linting, type checking across multiple Python versions
  • PyPI Publishing (python-publish-pypi.yml) - OIDC-authenticated publishing (no secrets!)
  • Security Analysis (python-security-analysis.yml) - CodeQL, Bandit, Safety, OSV Scanner
  • Fuzzing (python-fuzzing.yml) - ClusterFuzzLite continuous fuzzing for security vulnerabilities
  • Performance Regression (python-performance-regression.yml) - Automated performance testing with baseline comparison
  • SonarCloud (python-sonarcloud.yml) - Code quality and security analysis with SonarCloud
  • Qlty Coverage (python-qlty-coverage.yml) - Coverage tracking with Qlty Cloud
  • Documentation (python-docs.yml) - MkDocs build and GitHub Pages deployment
  • Releases (python-release.yml) - Signed releases with SLSA provenance and SBOM
  • Codecov Coverage Upload (python-codecov.yml) - Securely uploads coverage reports to Codecov without re-running tests
  • Compatibility Testing (python-compatibility.yml) - Matrix testing across Python versions and operating systems
  • Container Security (python-container-security.yml) - Trivy container image scanning and Hadolint Dockerfile linting
  • Docker Build (python-docker.yml) - Multi-platform Docker image builds with GHCR publishing
  • FIPS Compatibility (python-fips-compatibility.yml) - FIPS 140-2/140-3 compliance checks for code and dependencies
  • Mutation Testing (python-mutation.yml) - Validates test suite effectiveness using mutmut mutation testing
  • REUSE Compliance (python-reuse.yml) - FSFE REUSE 3.0 license and copyright compliance
  • SBOM (python-sbom.yml) - Software Bill of Materials generation and dependency vulnerability scanning
  • OpenSSF Scorecard (python-scorecard.yml) - Repository security health scoring via OpenSSF Scorecard
  • Supplemental Checks (python-supplemental-checks.yml) - Optional PR checks including link validation and changelog enforcement

Key Features

Security Hardened - All actions pinned to commit SHAs ✅ Minimal Permissions - Principle of least privilege ✅ Network Monitoring - harden-runner on all jobs ✅ OIDC Authentication - No stored secrets for PyPI ✅ Customizable - Extensive input parameters ✅ Qlty Integration - Automated code quality checks (see below)

Quick Start

# .github/workflows/ci.yml in your Python repo
name: CI
on: [push, pull_request]

jobs:
  ci:
    uses: ByronWilliamsCPA/.github/.github/workflows/python-ci.yml@v1
    with:
      python-versions: '["3.11", "3.12"]'
    secrets:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

Documentation

Qlty Cloud Integration

Qlty Cloud provides centralized code quality management across all repositories. See QLTY_INTEGRATION.md for setup guide.

How It Works

All of these files live in the .github/ directory at the organization level, so they automatically apply to every public repository (unless overridden by a repo-specific copy).

Getting Started

To use the reusable workflows in your Python project, reference them directly by name -- no fork or clone needed:

uses: ByronWilliamsCPA/.github/.github/workflows/python-ci.yml@v1

See USAGE_EXAMPLES.md for full examples and all available input parameters. See the Prerequisites section above for what your repo must provide.

To override a community health file for a specific repo, copy the relevant file into that repo’s root or .github/ folder. GitHub uses the repo-level copy when one exists.

To improve or extend the workflow templates or community health files, open a pull request against this repository. Merged changes apply org-wide automatically.

Last updated: April 30, 2026

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

21 tags

Packages

 
 
 

Contributors

Languages