From c31f5584ebf7444da95c81271f1326430517457c Mon Sep 17 00:00:00 2001 From: lsj1206 <1007ckddjs12@gmail.com> Date: Sun, 26 Apr 2026 16:37:03 +0900 Subject: [PATCH] Chore: add CodeQL and community conduct --- .github/ISSUE_TEMPLATE/config.yml | 8 ++++++ .github/workflows/codeql.yml | 48 +++++++++++++++++++++++++++++++ CODE_OF_CONDUCT.md | 35 ++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 CODE_OF_CONDUCT.md diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..6fd2f99 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: Security vulnerability + url: https://github.com/lsj1206/PixConvert/security/policy + about: Please review the security policy before reporting sensitive issues. + - name: GitHub Releases + url: https://github.com/lsj1206/PixConvert/releases + about: Download the latest release package before reporting issues fixed in newer versions. diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..99dad62 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,48 @@ +name: CodeQL + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: "30 18 * * 1" + +permissions: + actions: read + contents: read + packages: read + security-events: write + +jobs: + analyze: + name: Analyze (csharp) + runs-on: windows-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: 10.0.x + + - name: Restore + run: dotnet restore PixConvert.sln + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: csharp + build-mode: manual + + - name: Build + run: dotnet build PixConvert.sln -c Release --no-restore -v minimal -m:1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 + with: + category: "/language:csharp" diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..d3dd651 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,35 @@ +# Code of Conduct + +## Our Standards + +PixConvert aims to be a respectful and practical open source project. Contributors, users, and maintainers are expected to communicate clearly, assume good intent, and focus on improving the project. + +Examples of encouraged behavior include: + +- Using welcoming and inclusive language +- Being respectful of different viewpoints and experience levels +- Giving and receiving constructive technical feedback +- Keeping discussions focused on the project and user impact +- Acknowledging mistakes and correcting them when needed + +Examples of unacceptable behavior include: + +- Harassment, insults, or personal attacks +- Discriminatory language or conduct +- Public sharing of private information without permission +- Repeated off-topic or disruptive comments +- Any behavior that makes participation unsafe or hostile + +## Scope + +This Code of Conduct applies to project spaces including issues, pull requests, discussions, release comments, and other public project-related communication. + +## Enforcement + +Maintainers may remove comments, close discussions, block users, or take other reasonable action when behavior violates this Code of Conduct. + +If you need to report conduct concerns, contact the maintainer through GitHub profile contact methods. Do not include private personal information in public issues. If the report also involves a security vulnerability, follow the process in `SECURITY.md` instead. + +## Attribution + +This policy is inspired by common open source community standards, including the Contributor Covenant.