Added dependabot, cla bot, codescan, repo lint, badge

Author: RChloe

.github/dependabot.yml

@@ -0,0 +1,37 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    labels:
+      - "gh-actions"
+      - "dependencies"
+    commit-message:
+      prefix: "gh-actions"
+      include: "scope"
+
+  # Only for repos with a package.json
+  # - package-ecosystem: npm
+  #   directory: /
+  #   schedule:
+  #     interval: weekly
+  #   labels:
+  #     - "npm"
+  #     - "dependencies"
+  #   commit-message:
+  #     prefix: "npm"
+  #     include: "scope"
+
+  # - package-ecosystem: npm
+  #   directory: /lambda
+  #   schedule:
+  #     interval: weekly
+  #   labels:
+  #     - "npm"
+  #     - "dependencies"
+  #   commit-message:
+  #     prefix: "npm"
+  #     include: "scope"
+  
+  # other supported packages can be found here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem

.github/workflows/cla.yml

@@ -0,0 +1,59 @@
+name: "CLA Assistant"
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened,closed,synchronize]
+
+# select correct state for repository
+env:
+  # state: private
+  state: public
+
+jobs:
+  public-or-private-repo:
+    runs-on: ubuntu-latest
+    outputs:
+      repostate: ${{ steps.repo-state.outputs.repostate }}
+    steps:
+
+      - name: Repo state
+        id: repo-state
+        run: echo "repostate=${{env.state}}" >> $GITHUB_OUTPUT
+      - name: Repo public?
+        if: "${{ env.state == 'public' }}"
+        run: echo "Workflow has repo set as public. If this is incorrect, uncomment line 10."
+      - name: Repo private?
+        if: "${{ env.state == 'private' }}"
+        run: echo "Workflow has repo set as private. If this is incorrect, uncomment line 11."
+
+  CLAssistant:
+    needs: public-or-private-repo
+    if: needs.public-or-private-repo.outputs.repostate == 'public'
+    runs-on: ubuntu-latest
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        # Beta Release
+        uses: contributor-assistant/github-action@v2.2.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # the below token should have repo scope and must be manually added by you in the repository's secret
+          PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+        with:
+          path-to-signatures: 'signatures/version1/cla.json'
+          path-to-document: 'https://github.com/cla-assistant/github-action/blob/master/SAPCLA.md' # e.g. a CLA or a DCO document
+          # branch should not be protected
+          branch: 'master'
+          allowlist: bot*, dependabot[bot], davidsulpy, rkuhlman, adametry, bborntrager, RChloe, TJBIII, JeffLoucks, krcummings1, ijavierTek
+
+         #below are the optional inputs - If the optional inputs are not given, then default values will be taken
+          remote-organization-name: 'initialstate'
+          remote-repository-name:  'cla-signatures'
+          #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
+          #signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo'
+          #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
+          #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
+          #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
+          #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
+          #use-dco-flag: true - If you are using DCO instead of CLA

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,98 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '17 16 * * 4'
+
+# select correct state for repository
+env:
+  # state: private
+  state: public
+
+jobs:
+  public-or-private-repo:
+    runs-on: ubuntu-latest
+    outputs:
+      repostate: ${{ steps.repo-state.outputs.repostate }}
+    steps:
+
+      - name: Repo state
+        id: repo-state
+        run: echo "repostate=${{env.state}}" >> $GITHUB_OUTPUT
+      - name: Repo public?
+        if: "${{ env.state == 'public' }}"
+        run: echo "Workflow has repo set as public. If this is incorrect, uncomment line 25."
+      - name: Repo private?
+        if: "${{ env.state == 'private' }}"
+        run: echo "Workflow has repo set as private. If this is incorrect, uncomment line 26."
+
+# REMEMBER TO CHECK `LANGUAGE` MATRIX FOR CORRECT LANGUAGE SETTINGS
+  analyze:
+    needs: public-or-private-repo
+    if: needs.public-or-private-repo.outputs.repostate == 'public'
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/is-repo-lint.yml

@@ -0,0 +1,166 @@
+name: is-repo-lint
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  workflow_dispatch:
+
+# select correct state for repository
+env:
+  # state: private
+  state: public
+
+jobs:
+  public-or-private-repo:
+    runs-on: ubuntu-latest
+    outputs:
+      repostate: ${{ steps.repo-state.outputs.repostate }}
+    steps:
+
+      - name: Repo state
+        id: repo-state
+        run: echo "repostate=${{env.state}}" >> $GITHUB_OUTPUT
+      - name: Repo public?
+        if: "${{ env.state == 'public' }}"
+        run: echo "Workflow has repo set as public. If this is incorrect, uncomment line 11."
+      - name: Repo private?
+        if: "${{ env.state == 'private' }}"
+        run: echo "Workflow has repo set as private. If this is incorrect, uncomment line 12."
+
+  check-for-codeowners-file:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Check for CODEOWNERS
+        id: codeowners_file
+        uses: initialstate/file-check-action@v1
+        with:
+          file: ".github/CODEOWNERS"
+
+      - name: CODEOWNERS file Output Test
+        run: echo ${{ steps.codeowners_file.outputs.file_exists }}
+
+      - name: CODEOWNERS file exists with content
+        if: steps.codeowners_file.outputs.file_exists == 'true'
+        run: echo CODEOWNERS file exists!
+
+      - name: CODEOWNERS file does not exist
+        if: steps.codeowners_file.outputs.file_exists == 'false'
+        run: echo CODEOWNERS file does not exist!
+  
+  check-for-readme-file:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Check for README.md
+        id: readme_file
+        uses: initialstate/file-check-action@v1
+        with:
+          file: "README"
+
+      - name: README file Output Test
+        run: echo ${{ steps.readme_file.outputs.file_exists }}
+
+      - name: README file exists with content
+        if: steps.readme_file.outputs.file_exists == 'true'
+        run: echo README file exists!
+
+      - name: README file does not exist
+        if: steps.readme_file.outputs.file_exists == 'false'
+        run: echo README file does not exist!
+
+  check-for-license:
+    needs: public-or-private-repo
+    if: needs.public-or-private-repo.outputs.repostate == 'public'
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Check for LICENSE.md
+        id: license_file
+        uses: initialstate/file-check-action@v1
+        with:
+          file: "LICENSE"
+
+      - name: LICENSE file Output Test
+        run: echo ${{ steps.license_file.outputs.file_exists }}
+
+      - name: LICENSE file exists with content
+        if: steps.license_file.outputs.file_exists == 'true'
+        run: echo LICENSE file exists!
+
+      - name: LICENSE file does not exist
+        if: steps.license_file.outputs.file_exists == 'false'
+        run: echo LICENSE file does not exist!
+
+  check-for-dependabot-file:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Check for dependabot.yml
+        id: dependabot_file
+        uses: initialstate/file-check-action@v1
+        with:
+          file: ".github/dependabot.yml"
+
+      - name: dependabot.yml file Output Test
+        run: echo ${{ steps.dependabot_file.outputs.file_exists }}
+
+      - name: dependabot file exists with content
+        if: steps.dependabot_file.outputs.file_exists == 'true'
+        run: echo dependabot file exists!
+
+      - name: dependabot file does not exist
+        if: steps.dependabot_file.outputs.file_exists == 'false'
+        run: echo dependabot file does not exist!
+
+  check-for-codeql-file:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Check for codeql-analysis.yml
+        id: codeql-analysis_file
+        uses: initialstate/file-check-action@v1
+        with:
+          file: ".github/workflows/codeql-analysis.yml"
+
+      - name: codeql-analysis.yml file Output Test
+        run: echo ${{ steps.codeql-analysis_file.outputs.file_exists }}
+
+      - name: codeql-analysis file exists with content
+        if: steps.codeql-analysis_file.outputs.file_exists == 'true'
+        run: echo codeql-analysis file exists!
+
+      - name: codeql-analysis file does not exist
+        if: steps.codeql-analysis_file.outputs.file_exists == 'false'
+        run: echo codeql-analysis file does not exist!
+
+  check-for-personal-access-token:
+    needs: public-or-private-repo
+    if: needs.public-or-private-repo.outputs.repostate == 'public'
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check for missing PERSONAL_ACCESS_TOKEN
+        env:
+            MY_KEY: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+        if: "${{ env.MY_KEY == '' }}"
+        uses: actions/github-script@v6
+        with:
+          script: |
+            core.setFailed('PERSONAL_ACCESS_TOKEN secret is missing. It is needed to successfully run the CLA assistant.')