You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore(docs): proofread README and docs prose for grammar and style
Fix broken grammar and inconsistent capitalisation in the README,
unify the German address form to the dominant impersonal infinitive,
spell out abbreviations on first use, and align em-dash spacing and a
heading to the established project style. README is Vale-clean and all
include-markdown markers are preserved.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|```reusable-ansible-galaxy-push.yaml```| Publish an Ansible role to [Ansible Galaxy](https://galaxy.ansible.com/) via [robertdebock/galaxy-action](https://github.com/robertdebock/galaxy-action). |
17
17
|```reusable-ansible-molecule.yaml```| Run a [Molecule](https://molecule.readthedocs.io/) test scenario via [gofrolist/molecule-action](https://github.com/gofrolist/molecule-action). |
18
18
|```reusable-automerge.yaml```| Auto-merge pull requests via [pascalgn/automerge-action](https://github.com/pascalgn/automerge-action). |
19
-
|```reusable-chain-bench.yaml```| Run the supply-chain CIS benchmark via [aquasecurity/chain-bench-action](https://github.com/aquasecurity/chain-bench-action).|
19
+
|```reusable-chain-bench.yaml```| Run the supply-chain CIS (Center for Internet Security) benchmark via [aquasecurity/chain-bench-action](https://github.com/aquasecurity/chain-bench-action). |
20
20
|```reusable-dependency-review.yaml```| Gate pull requests against vulnerable or licence-incompatible dependency changes via [actions/dependency-review-action](https://github.com/actions/dependency-review-action). |
21
21
|```reusable-docker-lint-build.yaml```| Run [hadolint](https://github.com/hadolint/hadolint-action) on a Dockerfile and a buildx dry-build (no push) for fast PR feedback. |
22
22
|```reusable-docker-publish.yaml```| Build a multi-arch container image with [docker/build-push-action](https://github.com/docker/build-push-action) and push it to a configurable OCI registry. |
|```reusable-spelling-vale.yaml```| Lint Markdown prose via [errata-ai/vale-action](https://github.com/errata-ai/vale-action) with inline reviewdog annotations on pull requests. |
29
29
|```reusable-sphinx.yaml```| Build and publish a [Sphinx](https://www.sphinx-doc.org/en/master) documentation site to [GitHub Pages](https://pages.github.com/). |
30
30
|```reusable-stale.yaml```| Mark and close stale issues and pull requests via [actions/stale](https://github.com/actions/stale). |
31
-
|```reusable-trivy.yaml```| Scan the GitRepo by using [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). |
32
-
|```reusable-tf-lint.yaml```|Use [terraform-linters/setup-tflint](https://github.com/terraform-linters/setup-tflint) for Lint terraform sources.|
31
+
|```reusable-trivy.yaml```| Scan the repository with [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).|
32
+
|```reusable-tf-lint.yaml```|Lint Terraform sources with [terraform-linters/setup-tflint](https://github.com/terraform-linters/setup-tflint). |
33
33
34
34
<!--td-workflows-end-->
35
35
36
36
37
37
## Probot configuration
38
38
39
39
<!--probot-intro-start-->
40
-
Collection of common Configurations for Project Management and CI/CD.
41
-
For Using in other GitHub Projects, having a reusable set of Probot Configuration Repository, more information at [probot.github.io](https://probot.github.io/docs/best-practices/#configuration).
40
+
Collection of common configurations for project management and CI/CD.
41
+
Reuse this shared set of Probot configurations across your GitHub projects. For more information, see the [Probot best-practices documentation](https://probot.github.io/docs/best-practices/#configuration).
|[boring-cyborg](https://probot.github.io/apps/boring-cyborg/)|[kaxil/boring-cyborg](https://github.com/kaxil/boring-cyborg)|Automates pull-request labelling and other repository housekeeping tasks.|
48
48
|[release-drafter](https://probot.github.io/apps/release-drafter/)|[release-drafter/release-drafter](https://github.com/release-drafter/release-drafter)| Creates a human-readable release changelog (**deprecated** as a Probot app—prefer the workflow implementation). |
49
-
|[renovate](https://github.com/apps/renovate)||Using [renovate](https://www.whitesourcesoftware.com/free-developer-tools/renovate/) for keep dependencies in sync. |
49
+
|[renovate](https://github.com/apps/renovate)||Keeps dependencies in sync with [Renovate](https://www.whitesourcesoftware.com/free-developer-tools/renovate/), an automated dependency-update bot. |
50
50
|[settings](https://probot.github.io/apps/settings/)|[probot/settings](https://github.com/probot/settings)| Configure GitHub Projects by Source. |
51
51
<!--td-probot-apps-end-->
52
52
53
-
For More information take a look to the GH Page, [gh-plumbing](http://nolte.github.io/gh-plumbing).
53
+
For more information, see the [gh-plumbing GitHub Pages site](http://nolte.github.io/gh-plumbing).
54
54
55
55
## Development
56
56
@@ -63,13 +63,13 @@ asdf install
63
63
64
64
### Workflows
65
65
66
-
For local testing you can use [nektos/act](https://github.com/nektos/act), run the GitHub Actions locally.
66
+
For local testing, use [nektos/act](https://github.com/nektos/act) to run the GitHub Actions on your machine.
Will be start the [](https://github.com/nolte/gh-plumbing/actions/workflows/build-static-tests.yaml) at your system.
72
+
This runs the [`build-static-tests`](https://github.com/nolte/gh-plumbing/actions/workflows/build-static-tests.yaml) workflow on your machine.
[Vale](https://vale.sh/) prüft Markdown-Dateien im CI über `reusable-spelling-vale.yaml`. Die Regeln liegen in `.vale.ini`, die Styles unter `.github/styles/`.
Die Cascade-emittierenden Wrapper in `nolte/gh-plumbing` zeigen das
152
-
Pattern. Übernimm dieselbe Form in dein Repository für jeden Wrapper,
153
-
der eine `reusable-*.yaml` aufruft, deren Arbeit nachgelagerte
154
-
Workflows triggern soll oder die du unter derselben Release-Audit-
155
-
Identität halten willst.
152
+
Pattern. Dieselbe Form in das eigene Repository für jeden Wrapper
153
+
übernehmen, der eine `reusable-*.yaml` aufruft, deren Arbeit
154
+
nachgelagerte Workflows triggern soll oder die unter derselben
155
+
Release-Audit-Identität bleiben soll.
156
156
157
157
```yaml title=".github/workflows/automerge.yaml"
158
158
on:
@@ -233,7 +233,7 @@ Eine dritte Self-Check-Zeile betrifft den Issue-Lifecycle:
233
233
|---|---|
234
234
| PR squash-mergen, dessen Body `Closes #N` enthält | Issue `#N` flippt automatisch auf `CLOSED`; `gh issue view N --json state` liefert `CLOSED`. Setzt die App-Permission `Issues: Read and write` voraus — ohne sie greift der Merge zwar, der Close feuert aber nicht, obwohl `gh pr view --json closingIssuesReferences` den Autolink korrekt geparst zeigt. |
235
235
236
-
Wenn ein Cascade immer noch nicht triggert, prüfe:
236
+
Wenn ein Cascade immer noch nicht triggert, prüfen:
237
237
238
238
1. Die App ist im Konsument-Repo installiert (`Settings → GitHub Apps`).
239
239
2. `vars.PORTFOLIO_APP_ID` ist für den Workflow sichtbar.
@@ -254,7 +254,7 @@ Wenn ein Cascade immer noch nicht triggert, prüfe:
254
254
| Reguläre jährliche Rotation | Neuen Private Key auf der App-Seite generieren, `PORTFOLIO_APP_PRIVATE_KEY` in jedem Konsumenten aktualisieren (oder einmal auf Org-Level, falls org-scoped), den alten Key auf der App-Seite löschen. |
255
255
| Vermuteter Key-Leak | Geleakten Key sofort in den App-Settings widerrufen, neuen Key generieren, am selben Tag verteilen. App-ID bleibt unverändert. |
256
256
| App-ID-Rotation | Niemals nötig — App-IDs sind unveränderlich. |
257
-
| Permission-Scope-Änderung | App-Permissions editieren; bestehende Installation-Tokens mit alten Permissions laufen für ihre TTL (≤ 1 h) weiter, dann werden sie mit neuem Scope erneuert. |
257
+
| Permission-Scope-Änderung | App-Permissions editieren; bestehende Installation-Tokens mit alten Permissions laufen für ihre Gültigkeitsdauer (TTL, ≤ 1 h) weiter, dann werden sie mit neuem Scope erneuert. |
Copy file name to clipboardExpand all lines: docs/en/portfolio-app/setup.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,7 +58,7 @@ permissions**:
58
58
|---|---|---|
59
59
|`Contents`|`Read and write`| Squash-merge to develop, edit releases, fast-forward master |
60
60
|`Pull requests`|`Read and write`|`pascalgn/automerge-action` reads and merges PRs |
61
-
|`Issues`|`Read and write`|Auto-close issues referenced via `Closes #N` / `Fixes #N` / `Resolves #N` in the PR body when the App squash-merges. GitHub only honours these autolinks when the merging actor has `Issues: write`; without this scope the autolinks parse correctly into `closingIssuesReferences` but the close never fires (observed end-to-end on #357 / #358). |
61
+
|`Issues`|`Read and write`|Automatically close issues referenced via `Closes #N` / `Fixes #N` / `Resolves #N` in the PR body when the App squash-merges. GitHub only honours these autolinks when the merging actor has `Issues: write`; without this scope the autolinks parse correctly into `closingIssuesReferences` but the close never fires (observed end-to-end on #357 / #358). |
62
62
|`Actions`|`Read-only`|`release-publish` reads `gh run list` for the post-publish cascade sanity check |
63
63
|`Metadata`|`Read-only`| Mandatory baseline (GitHub sets this automatically and won't let you disable it) |
64
64
@@ -226,7 +226,7 @@ A third self-check covers the issue lifecycle:
226
226
227
227
| Action | Expected outcome |
228
228
|---|---|
229
-
| Squash-merge a PR whose body says `Closes #N` | Issue `#N` flips to `CLOSED` automatically; `gh issue view N --json state` returns `CLOSED`. Requires the App's `Issues: Read and write` permission — without it the merge succeeds but the close never fires, even though `gh pr view --json closingIssuesReferences` shows the link was parsed. |
229
+
| Squash-merge a PR whose body says `Closes #N` | Issue `#N` flips to `CLOSED` automatically; `gh issue view N --json state` returns `CLOSED`. Requires the App's `Issues: Read and write` permission—without it the merge succeeds but the close never fires, even though `gh pr view --json closingIssuesReferences` shows that GitHub parsed the link. |
0 commit comments