Init

Signed-off-by: l.feng <[email protected]>

.github/workflows/ci.yml

@@ -0,0 +1,56 @@
+name: CI
+
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - master
+      - beta
+      - alpha
+      - '*.x'
+
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  FORCE_COLOR: 3
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
+        with:
+          python-version: 3.x
+
+      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
+        with:
+          extra_args: --hook-stage manual --all-files
+
+
+  pass:
+    if: always()
+    needs:
+      - pre-commit
+    runs-on: ubuntu-24.04
+    timeout-minutes: 2
+    permissions:
+      pull-requests: write
+
+    steps:
+      - name: Decide whether the needed jobs succeeded or failed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
+
+      - name: Approve pr if all jobs succeeded
+        if: contains(github.event.pull_request.labels.*.name, 'auto-approval') && contains(github.actor, '[bot]')
+        uses: hmarr/auto-approve-action@v4

.github/workflows/renovate.yml

@@ -0,0 +1,52 @@
+name: Renovate
+
+on:
+  schedule:
+    # Match renovate schedule:earlyMondays and schedule:automergeMonthly
+    - cron: '*/15 0-3 * * *'
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    container:
+      env:
+        LOG_LEVEL: debug
+        RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '["^git", "^find"]'
+        RENOVATE_BRANCH_PREFIX: renovate-github/
+        RENOVATE_ENABLED: ${{ vars.RENOVATE_ENABLED || true }}
+        RENOVATE_ENABLED_MANAGERS: '["pep621", "copier", "github-actions", "regex", "pre-commit"]'
+        RENOVATE_OPTIMIZE_FOR_DISABLED: 'true'
+        RENOVATE_PLATFORM: github
+        RENOVATE_REPOSITORIES: '["${{ github.repository }}"]'
+        RENOVATE_REPOSITORY_CACHE: enabled
+      image: ghcr.io/renovatebot/renovate:39.72.2@sha256:275cec5f507c674af0f388ba9bf0e25e1093b2ba4a25c0830102497ef0e700ff
+      options: --user root
+    runs-on: ubuntu-24.04
+    steps:
+      - run: env | sort
+
+      - name: Generate a token with GitHub App if App ID exists
+        id: generate-token
+        if: vars.BOT_APP_ID
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
+        with:
+          app-id: ${{ vars.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+
+      - name: Warn if RENOVATE_GIT_AUTHOR is set while using GitHub App token
+        if: steps.generate-token.outputs.token && vars.RENOVATE_GIT_AUTHOR
+        run: |
+          echo "# :warning: `RENOVATE_GIT_AUTHOR` is set explicitly while using GitHub App token" >> $GITHUB_STEP_SUMMARY
+          echo "Generally, Renovate automatically detects the git author and email using the token. However, explicitly setting the `RENOVATE_GIT_AUTHOR` will override this behavior." >> $GITHUB_STEP_SUMMARY
+
+      - name: Run Renovate
+        env:
+          RENOVATE_PLATFORM_COMMIT: ${{ steps.generate-token.outputs.token && true || false }}
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN || steps.generate-token.outputs.token }}
+          RENOVATE_GIT_AUTHOR: ${{ vars.RENOVATE_GIT_AUTHOR }}
+        run: |
+          if [ -z "$RENOVATE_TOKEN" ]; then
+            echo "RENOVATE_TOKEN is not properly configured, skipping ..."
+          else
+            renovate $RENOVATE_EXTRA_FLAG
+          fi

.github/workflows/semantic-release.yml

@@ -0,0 +1,60 @@
+name: Semantic Release
+
+on:
+  workflow_run:
+    workflows: [CI]
+    types: [completed]
+    branches:
+      - master
+      - beta
+      - alpha
+      - '*.x'
+
+jobs:
+  semantic-release:
+    name: Semantic Release
+    runs-on: ubuntu-24.04
+    if: github.event.workflow_run.conclusion == 'success' && github.repository == 'serious-scaffold/ss-common'
+    permissions:
+      contents: write
+      id-token: write
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Generate a bot token with BOT_APP_ID
+        id: bot_token
+        if: vars.BOT_APP_ID && env.BOT_PRIVATE_KEY != null
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
+        env:
+          BOT_PRIVATE_KEY: ${{ secrets.BOT_PRIVATE_KEY }}
+        with:
+          app-id: ${{ vars.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+
+      - name: Warn if use GITHUB_TOKEN
+        if: env._GITHUB_TOKEN == env._TO_BE_VERIFIED_TOKEN
+        env:
+          _GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          _TO_BE_VERIFIED_TOKEN: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}
+        run: |
+          echo "# :warning: GITHUB_TOKEN is used" >> $GITHUB_STEP_SUMMARY
+          echo "The GITHUB_TOKEN is used instead of a bot token or PAT that will not emit the released publish event for triggering a released workflow." >> $GITHUB_STEP_SUMMARY
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          fetch-depth: 0
+          token: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
+        with:
+          node-version: lts/*
+
+      - name: Semantic Release
+        env:
+          GITHUB_TOKEN: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}
+        run: >
+          npx
+          --package conventional-changelog-conventionalcommits@7
+          --package semantic-release@22
+          semantic-release

.pre-commit-config.yaml

@@ -0,0 +1,93 @@
+# To use:
+#
+#     pre-commit run -a
+#
+# Or:
+#
+#     pre-commit install  # (runs every time you commit in git)
+#
+# To update this file:
+#
+#     pre-commit autoupdate
+#
+# See https://github.com/pre-commit/pre-commit
+
+fail_fast: false
+exclude: |
+  (?x)(
+    ^(.vscode/.*)
+  )
+files: '' # set '' as default
+
+repos:
+  # Standard hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-added-large-files
+        args: [--maxkb=4096]
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: debug-statements
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: trailing-whitespace
+
+  # Check yaml
+  - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
+    rev: v2.14.0
+    hooks:
+      - id: pretty-format-yaml
+        args:
+          - --autofix
+          - --offset=2
+        exclude: |
+          (?x)(
+            .copier-answers.yml
+          )
+
+  # Changes tabs to spaces
+  - repo: https://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.5.5
+    hooks:
+      - id: remove-tabs
+
+  # Check jsonschema
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.30.0
+    hooks:
+      - id: check-dependabot
+      - id: check-github-workflows
+      - id: check-readthedocs
+
+  # Check for spelling
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+      - id: codespell
+        args:
+          - -L=lang
+          - --check-filenames
+          - --write-changes
+
+  # Check for common shell mistakes
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.9.0.6
+    hooks:
+      - id: shellcheck
+
+  # Check for renovate config
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 39.72.2
+    hooks:
+      - id: renovate-config-validator
+        stages: [manual]
+
+  - repo: local
+    hooks:
+      - id: disallow-caps
+        name: Disallow improper capitalization
+        language: pygrep
+        entry: PyBind|Numpy|Cmake|CCache|Github|PyTest
+        exclude: .pre-commit-config.yaml

.renovaterc.json

@@ -0,0 +1,63 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    "helpers:pinGitHubActionDigests",
+    ":enablePreCommit"
+  ],
+  "automergeType": "pr",
+  "automergeStrategy": "merge-commit",
+  "ignoreScripts": false,
+  "platformAutomerge": false,
+  "packageRules": [
+    {
+      "automerge": true,
+      "addLabels": [
+        "auto-approval"
+      ],
+      "extends": [
+        "schedule:earlyMondays",
+        "schedule:automergeMonthly"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch",
+        "pin",
+        "digest"
+      ]
+    },
+    {
+      "description": "Group renovate docker tag and pre-commit-hooks tag",
+      "groupName": "renovate group",
+      "addLabels": [
+        "renovate"
+      ],
+      "matchDatasources": [
+        "docker",
+        "github-tags"
+      ],
+      "matchDepNames": [
+        "ghcr.io/renovatebot/renovate",
+        "renovate/renovate",
+        "renovatebot/pre-commit-hooks"
+      ]
+    }
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "datasourceTemplate": "github-runners",
+      "depTypeTemplate": "github-runner",
+      "description": "Match GitHub runner defined in GitHub Actions matrix strategy",
+      "fileMatch": [
+        "^\\.github/workflows/.+\\.yml$"
+      ],
+      "matchStringsStrategy": "recursive",
+      "matchStrings": [
+        "[-:] (.*) # renovate: github-runner",
+        "(?<depName>ubuntu|windows|macos)-(?<currentValue>[\\d\\.\\-\\w]+)"
+      ],
+      "versioningTemplate": "docker"
+    }
+  ]
+}

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Serious Scaffold
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,22 @@
+# Serious Scaffold Common
+
+<!-- SPHINX-START -->
+
+The shared serious scaffold common meta template.
+
+[![License](https://img.shields.io/github/license/serious-scaffold/ss-common)](https://github.com/serious-scaffold/ss-common/blob/master/LICENSE)
+[![SS Badge](https://img.shields.io/badge/Serious%20Scaffold-cmake-blue)](https://github.com/serious-scaffold/ss-common)
+
+[![CI](https://github.com/serious-scaffold/ss-common/actions/workflows/ci.yml/badge.svg)](https://github.com/serious-scaffold/ss-common/actions/workflows/ci.yml)
+[![Renovate](https://github.com/serious-scaffold/ss-common/actions/workflows/renovate.yml/badge.svg)](https://github.com/serious-scaffold/ss-common/actions/workflows/renovate.yml)
+[![Semantic Release](https://github.com/serious-scaffold/ss-common/actions/workflows/semantic-release.yml/badge.svg)](https://github.com/serious-scaffold/ss-common/actions/workflows/semantic-release.yml)
+
+[![Release](https://img.shields.io/github/v/release/serious-scaffold/ss-common)](https://github.com/serious-scaffold/ss-common/releases)
+
+[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit)](https://github.com/pre-commit/pre-commit)
+[![codespell](https://img.shields.io/badge/codespell-enabled-blue)](https://github.com/codespell-project/codespell)
+[![shellcheck](https://img.shields.io/badge/shellcheck-enabled-blue)](https://github.com/shellcheck-py/shellcheck-py)
+
+## License
+
+MIT License, for more details, see the [LICENSE](https://github.com/serious-scaffold/ss-common/blob/master/LICENSE) file.

copier.yml

@@ -0,0 +1,22 @@
+_exclude:
+  - .copier-answers.*.yml
+  - '!.copier-answers.ss-common.yml'
+  - copier.*.yml
+  - '!copier.ss-common.yml'
+
+# This is where the parent template lives
+_subdirectory: template
+
+# Separate settings for the parent template to not collide with the child template
+_templates_suffix: .j2
+
+_envops:
+  block_end_string: '%]]'
+  block_start_string: '[[%'
+  comment_end_string: '#]]'
+  comment_start_string: '[[#'
+  keep_trailing_newline: true
+  variable_end_string: ']]]'
+  variable_start_string: '[[['
+
+_answers_file: .copier-answers.ss-common.yml