potiuk opened a new pull request, #13: URL: https://github.com/apache/comdev/pull/13
Adds local + CI tooling to keep the repo ASF-compliant and secure: - **prek harness** (`.pre-commit-config.yaml`) — `pre-commit` (license headers, trailing-whitespace/EOF, YAML/JSON, GitHub-workflow + dependabot schema validation), `commit-msg` (rejects `Co-authored-by:` trailers), and `pre-push` (MCP test suites + dependency license allowlist + zizmor). - **Apache-2.0 license headers** on all source files (js/py/sh/html), placed after shebangs and PEP-723 metadata blocks. - **Dependency license allowlist** (`scripts/check-licenses.mjs`) — gates npm dependencies to ASF Category-A licenses; per-project `.license-allowlist-exceptions.json` for vetted exceptions. Wired into CI, pre-push, and `npm run licenses`. - **Tracked `package-lock.json`** (un-ignored) for reproducible `npm ci` installs and stable license checks. - **Dependabot** coverage for `mcp/apache-projects-mcp` (release cooldowns, matching the other ecosystems). - **CI** — consolidated MCP testing into `mcp-tests.yml` (matrix over both servers × Node 20/22, runs tests + license check); new `static-checks.yml` runs prek. - **`AGENTS.md`** documenting repo layout, one-time setup, how to run all pre-push checks, and the ASF attribution policy: use a `Generated-by:` trailer naming the agent + version, never `Co-authored-by`. ### Setup ``` uv tool install prek prek install -t pre-commit -t commit-msg -t pre-push ``` ### Verified locally - `prek run --all-files` and `prek run --all-files --hook-stage pre-push` — all green. - `npm ci && npm test && npm run licenses` — pass for both MCP servers. - License allowlist negative test: a fake `GPL-3.0-only` dependency is rejected, naming the package. - commit-msg hook: rejects a `Co-authored-by:` message, accepts a `Generated-by:` one. - Both MCP servers still start and list their tools after the header insertion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
