From 975451a3e13d875f3085c1fe050ed1adf8ca3601 Mon Sep 17 00:00:00 2001
From: Sarah Withee <2601974+geekygirlsarah@users.noreply.github.com>
Date: Fri, 23 Jun 2023 13:51:57 -0400
Subject: [PATCH] Add Handbook CI/CD files, disabling some steps for now

---
 .github/dependabot.yml                | 15 +++++
 .github/pull_request_template.md      |  9 +++
 .github/workflows/codeql-analysis.yml | 53 +++++++++++++++
 .github/workflows/pull-request.yml    | 93 +++++++++++++++++++++++++++
 .github/workflows/stale.yml           | 27 ++++++++
 5 files changed, 197 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/pull_request_template.md
 create mode 100644 .github/workflows/codeql-analysis.yml
 create mode 100644 .github/workflows/pull-request.yml
 create mode 100644 .github/workflows/stale.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..69f485b2
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        # Ignore semver major updates.
+        update-types: ["version-update:semver-major"]
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000..e371c942
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,9 @@
+## Changes proposed in this pull request:
+
+-
+-
+-
+
+## security considerations
+
+[Note the any security considerations here, or make note of why there are none]
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 00000000..3018c6ee
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,53 @@
+# Commented out for now. Re-enable when the project is ready for it.
+
+#name: "CodeQL"
+#
+#on:
+#  push:
+#    branches: [main]
+#  pull_request:
+#    branches: [main]
+#  schedule:
+#    - cron: "20 22 * * 2"
+#
+#jobs:
+#  analyze:
+#    name: Analyze
+#    runs-on: ubuntu-latest
+#    permissions:
+#      actions: read
+#      contents: read
+#      security-events: write
+#
+#    strategy:
+#      fail-fast: false
+#      matrix:
+#        language: ["javascript"]
+#
+#    steps:
+#      - name: Checkout repository
+#        uses: actions/checkout@v3
+#
+#      - name: Initialize CodeQL
+#        uses: github/codeql-action/init@v2
+#        with:
+#          languages: ${{ matrix.language }}
+#
+#      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+#      # If this step fails, then you should remove it and run the build manually (see below)
+#      - name: Autobuild
+#        uses: github/codeql-action/autobuild@v2
+#
+#      # ℹ️ Command-line programs to run using the OS shell.
+#      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+#
+#      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+#      #    and modify them (or add more) to build your code if your project
+#      #    uses a compiled language
+#
+#      #- run: |
+#      #   make bootstrap
+#      #   make release
+#
+#      - name: Perform CodeQL Analysis
+#        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
new file mode 100644
index 00000000..cd240286
--- /dev/null
+++ b/.github/workflows/pull-request.yml
@@ -0,0 +1,93 @@
+name: pull request
+
+on: [pull_request]
+
+jobs:
+  build:
+    name: build
+    runs-on: ubuntu-latest
+
+    outputs:
+      cache_key: ${{ steps.cache_key.outputs.cache_key }}
+
+    steps:
+      - uses: actions/checkout@v3
+      - id: cache_key
+        run: echo "cache_key=${{ hashFiles('**/**') }}-v1" >> "$GITHUB_OUTPUT"
+      - uses: actions/cache@v3
+        id: cache
+        with:
+          path: .
+          key: ${{ steps.cache_key.outputs.cache_key }}
+      - if: steps.cache.outputs.cache-hit != true
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+      - if: steps.cache.outputs.cache-hit != true
+        run: npm install
+      - if: steps.cache.outputs.cache-hit != true
+        env:
+          ELEVENTY_ENV: production
+        run: npm run build
+
+# Disabling for now. Reenable when the project is ready.
+
+#  validate_html:
+#    needs: [build]
+#    name: validate html
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/cache/restore@v3
+#        with:
+#          key: ${{ needs.build.outputs.cache_key }}
+#          path: .
+#      - uses: actions/setup-node@v3
+#        with:
+#          node-version: 18
+#      - run: npm run test:html-validation
+
+#  validate_internal_links:
+#    needs: [build]
+#    name: validate internal links
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/cache/restore@v3
+#        with:
+#          key: ${{ needs.build.outputs.cache_key }}
+#          path: .
+#      - uses: actions/setup-node@v3
+#        with:
+#          node-version: 18
+#      - run: npm run test:internal-links
+
+#  validate_links_use_helper:
+#    needs: [build]
+#    name: validate links use helper
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/cache/restore@v3
+#        with:
+#          key: ${{ needs.build.outputs.cache_key }}
+#          path: .
+#      - uses: actions/setup-node@v3
+#        with:
+#          node-version: 18
+#      - run: npm run test:prefixed-links
+
+#  check_spelling:
+#    needs: [build]
+#    name: "Check Spelling"
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/cache/restore@v3
+#        with:
+#          key: ${{ needs.build.outputs.cache_key }}
+#          path: .
+#      - uses: actions/setup-node@v3
+#        name: Setup node
+#        with:
+#          node-version: 18
+#      - name: Install cSpell
+#        run: npm install -g cspell
+#      - name: Run cSpell
+#        run: cspell --config ./cSpell.json "pages/**/*.md" --no-progress
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 00000000..470277fb
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,27 @@
+# Commented out for now. Re-enable when the project is ready for it.
+
+#name: Close inactive pull requests
+#on:
+#  schedule:
+#    - cron: 0 0 * * *
+#
+#jobs:
+#  close-pulls:
+#    runs-on: ubuntu-latest
+#    permissions:
+#      pull-requests: write
+#    steps:
+#      - uses: actions/stale@v4.0.0
+#        with:
+#          repo-token: ${{ secrets.GITHUB_TOKEN }}
+#          days-before-issue-stale: -1 # disable making issues stale for now
+#          days-before-pr-stale: 30
+#          days-before-pr-close: 14
+#          stale-pr-label: stale
+#          stale-pr-message: >
+#            This pull request has been inactive for 30 days. Is it still in
+#            progress? If so, please comment, remove the "stale" label, or add
+#            new changes. Otherwise, this pull request will be automatically
+#            closed in 14 days.
+#          close-pr-message: >
+#            This pull request has been closed automatically due to inactivity.