chore: harden .github to 10/10

sharon77242 · sharon77242 · commit a3f48fb7de1d · 2026-05-03T18:14:52.000+03:00
- Add CODEOWNERS (all files → @sharon77242) - Add ISSUE_TEMPLATE/config.yml — disable blank issues, link to Discussions + README - ci.yml: add concurrency cancel-in-progress, workflow-level permissions, per-job timeout-minutes - codeql.yml: add weekly schedule, timeout-minutes, autobuild step - pr-title-linter.yml: add build + revert types, permissions block, timeout - release-please.yml: explicit config-file/manifest-file, timeout - dependabot.yml: commit-message prefix, minor/patch grouping, open-pull-requests-limit - bug_report.md: replace generic click/scroll template with Node.js code snippet + actual/expected split - PULL_REQUEST_TEMPLATE.md: add self-review checkbox
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @sharon77242
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -11,19 +11,22 @@ assignees: ''
 A clear and concise description of what the bug is.
 
 **To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
+Minimal code snippet or steps to trigger the bug:
+```ts
+import { Argus } from 'argus-apm';
+// ...
+```
 
 **Expected behavior**
 A clear and concise description of what you expected to happen.
 
+**Actual behavior**
+What actually happened (error message, stack trace, wrong output, etc.)
+
 **Environment details:**
  - OS: [e.g. Ubuntu 22.04]
- - Node.js version: [e.g. 18.17.0]
- - `argus-apm` version: [e.g. 0.2.0]
+ - Node.js version: [e.g. 22.6.0]
+ - `argus-apm` version: [e.g. 0.4.1]
  - Database driver (if applicable): [e.g. pg 8.11.0]
 
 **Additional context**
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Question or Discussion
+    url: https://github.com/sharon77242/Argus/discussions
+    about: Ask a question or start a discussion about argus-apm
+  - name: Documentation
+    url: https://github.com/sharon77242/Argus#readme
+    about: Check the docs before filing an issue
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -20,6 +20,7 @@ None.
 
 ## Checklist
 
+- [ ] Self-reviewed the diff for correctness and unintended changes
 - [ ] No secrets, tokens, or PEM files committed
 - [ ] No new `console.log` left in production code
 - [ ] README / CHANGELOG updated if this changes the public API or project structure
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,8 +4,32 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      minor-and-patch:
+        update-types:
+          - "minor"
+          - "patch"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,10 +6,18 @@ on:
   pull_request:
     branches: [main]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
 jobs:
   quality:
     name: Code Quality (Lint, Format, Typecheck)
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     steps:
       - uses: actions/checkout@v6
 
@@ -37,6 +45,7 @@ jobs:
   test:
     name: Test Coverage
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
       - uses: actions/checkout@v6
 
@@ -58,6 +67,7 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     needs: [quality, test]
     steps:
       - uses: actions/checkout@v6
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -5,11 +5,14 @@ on:
     branches: ["main"]
   pull_request:
     branches: ["main"]
+  schedule:
+    - cron: "30 1 * * 1"
 
 jobs:
   analyze:
     name: Analyze Code
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     permissions:
       actions: read
       contents: read
@@ -24,5 +27,8 @@ jobs:
         with:
           languages: javascript-typescript
 
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/pr-title-linter.yml b/.github/workflows/pr-title-linter.yml
@@ -7,10 +7,14 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     name: Validate PR Title
     runs-on: ubuntu-latest
+    timeout-minutes: 5
     steps:
       - uses: amannn/action-semantic-pull-request@v6
         env:
@@ -25,3 +29,5 @@ jobs:
             refactor
             perf
             test
+            build
+            revert
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -12,7 +12,9 @@ permissions:
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     steps:
       - uses: googleapis/release-please-action@v5
         with:
-          release-type: node
+          config-file: release-please-config.json
+          manifest-file: release-please-manifest.json
