diggsweden · brorlarsnicklas · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025
diff --git a/.github/workflows/openssfscorecard.yaml b/.github/workflows/openssfscorecard.yaml
diff --git a/.github/workflows/openssfscorecard.yml b/.github/workflows/openssfscorecard.yml
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2025 diggsweden/rest-api-profil-lint-processor
+#
+# SPDX-License-Identifier: CC0-1.0
+
+---
+name: OpenSSF Scorecard analysis
+
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    # Weekly on Thursdays at 01:30 UTC
+    - cron: "30 1 * * 4"
+
+permissions:
+  contents: read  # Best Security practice. Jobs only get read as base, and then permissions are added as needed
+
+jobs:
+  scorecard-analysis:
+    permissions:
+      contents: read
+      security-events: write
+      id-token: write
+    uses: diggsweden/reusable-ci/.github/workflows/security-openssf-scorecard.yml@v1
diff --git a/.github/workflows/pre-release-workflow.yaml b/.github/workflows/pre-release-workflow.yaml
diff --git a/.github/workflows/publish-image.yaml b/.github/workflows/publish-image.yaml
diff --git a/.github/workflows/publish-package.yaml b/.github/workflows/publish-package.yaml
diff --git a/.github/workflows/pullrequest-workflow.yaml b/.github/workflows/pullrequest-workflow.yaml
diff --git a/.github/workflows/pullrequest-workflow.yml b/.github/workflows/pullrequest-workflow.yml
@@ -0,0 +1,39 @@
+# SPDX-FileCopyrightText: 2025 diggsweden/rest-api-profil-lint-processor
+#
+# SPDX-License-Identifier: CC0-1.0
+
+---
+name: Pull Request Workflow
+
+on:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - 'release/**'
+      - 'feature/**'
+
+permissions:
+  contents: read  # Best Security practice. Jobs only get read as base, and then permissions are added as needed
+
+jobs:
+  pr-checks:
+    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@v1
+    secrets: inherit  # Pass org-level secrets (NPM token if private packages)
+    permissions:
+      contents: read         # Clone repository and read source code
+      packages: read         # Access private NPM packages from GitHub registry
+      security-events: write # Upload ESLint/security findings to GitHub Security tab
+    with:
+      projectType: npm
+      # MegaLinter is disabled for this project
+      linters.megalint: false  # Skip MegaLinter
+      linters.publiccodelint: true
+
+  test:
+    needs: [pr-checks]
+    if: always()  # Run tests even if linting fails (get full CI feedback)
+    permissions:
+      contents: read  # Read test files and source code
+      packages: read  # Fetch test dependencies from registry
+    uses: ./.github/workflows/test.yml
diff --git a/.github/workflows/release-dev-workflow.yml b/.github/workflows/release-dev-workflow.yml
@@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: 2025 diggsweden/rest-api-profil-lint-processor
+#
+# SPDX-License-Identifier: CC0-1.0
+
+# Release Workflow Dev
+# 
+# This workflow triggers the dev release orchestrator for development and feature branches.
+# It creates dev-tagged artifacts and container images for testing.
+#
+# Triggers:
+# - Push to dev/* or feat/* branches  
+# - Manual workflow dispatch
+#
+# Created artifacts:
+# - Maven/NPM packages with -dev versions (e.g., 1.2.4-dev.1)
+# - Container images with dev tags
+# - See release summary for full details
+
+name: Release Workflow Dev
+
+on:
+  push:
+    branches:
+      - 'dev/**'
+      - 'feat/**'
+  workflow_dispatch:
+
+jobs:
+  dev-release:
+    permissions:
+      contents: write         # Read code and create version bump commits
+      packages: write         # Push dev images to ghcr.io
+    uses: diggsweden/reusable-ci/.github/workflows/release-dev-orchestrator.yml@v1
+    with:
+      projectType: npm
+    secrets: inherit