Add security and project harness Adds local and CI tooling to keep the repo ASF-compliant and secure: - prek (.pre-commit-config.yaml) with pre-commit / commit-msg / pre-push hooks: license-header insertion, trailing-whitespace/EOF/YAML/JSON checks, workflow + dependabot schema validation, a commit-msg hook that rejects Co-authored-by trailers, and a pre-push suite (tests, license allowlist, zizmor). - Apache-2.0 license headers on all source files (js/py/sh/html), placed after shebangs and PEP-723 metadata blocks. - Dependency license allowlist check (scripts/check-licenses.mjs) gating npm dependencies to ASF Category-A licenses; wired into CI and pre-push. - Track package-lock.json files (un-ignored) for reproducible "npm ci". - Dependabot coverage for mcp/apache-projects-mcp (cooldowns, like the others). - Consolidate MCP CI into mcp-tests.yml (matrix over both servers x Node 20/22, runs tests + license check); add static-checks.yml running prek. - AGENTS.md documenting setup, the pre-push checks, and the ASF attribution policy (Generated-by, never Co-authored-by). Generated-by: Claude Code 2.1.158 (Claude Opus 4.8)
ASF Community Development (ComDev) project partners with other groups across the ASF to provide resources, tools, programs, and advice in order to attract, retain, educate, and grow key communities around the Apache Software Foundation, in support of sustainability producing software for the public good.
Other repositories:
Contents of this repository: