ci: advanced CodeQL + dependabot commitlint guard#94
Merged
Conversation
Two CI hygiene changes: - Replace CodeQL default setup with an advanced workflow (matching project-template / aozora-proof). The matrix scans only Rust + the TypeScript (afm-wasm, afm-book theme); vendored upstream/comrak is excluded via codeql-config.yml. Default setup is disabled for the repo. - Skip the `committed` commit-lint step for dependabot. Its auto-generated subjects exceed the 50/72 limits; the job still runs and passes so the required check stays green, and dependabot PRs (squash-merged with a maintainer subject) no longer wedge.
P4suta
force-pushed
the
ci/codeql-advanced
branch
from
fece8a3 to
d29b33f
Compare
This was referenced Jun 17, 2026
P4suta
added a commit
that referenced
this pull request
Jun 17, 2026
The dependabot commitlint skip (added in #94) guarded on `github.actor`, which is the **triggering** identity — a human `gh pr update-branch` on a dependabot PR flips it away from `dependabot[bot]`, so `committed` ran and failed on the bot's long subjects and on the update-branch merge commit. This wedged #70/#71/#96. - Guard on the PR **author** (`github.event.pull_request.user.login`), stable across re-triggers. - Pass `committed --no-merge-commit` so `gh pr update-branch` merge commits ("Merge branch 'main' …") never fail the lint. Unblocks the open dependabot PRs (#70/#71/#96). Part of P4suta/aozora#105.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two CI hygiene changes:
Advanced CodeQL
Replace CodeQL default setup with an explicit advanced workflow
(matching project-template / aozora-proof). Default setup is disabled for the
repo. Matrix scans only the real source —
rust+javascript-typescript(afm-wasm, afm-book theme) — dropping the redundant js/ts aliases and
actions.Vendored
upstream/comrak(0-diff per ADR-0001) is excluded via.github/codeql/codeql-config.yml. New contextscodeql (rust)/codeql (javascript-typescript)are added to required checks after merge.Dependabot commitlint guard
Skip the
committedstep fordependabot[bot]: its auto-generated commitsubjects/bodies exceed committed's 50/72 limits and were wedging dependabot PRs
(e.g. #72) on the required
commitlintcheck. The job still runs and passes(skipped step → green required check); dependabot PRs are squash-merged with a
maintainer-set subject anyway.
Part of the ecosystem CI alignment (umbrella P4suta/aozora#105).