Org-wide standards and inheritance hub for the dryvist GitHub organization. Contains AI assistant policy, lint/format config, dependency-management config, security policy, and the org profile page.
This repo holds only vendor-agnostic org infrastructure. Cribl-specific
test harnesses and reusable workflows live in
dryvist/cc-edge-pack-template.
This repo is consumed by reference, not installed. Other dryvist repos inherit configs and policies via the mechanisms below.
| Inheritance mechanism | Where it shows up |
|---|---|
GitHub auto-applied org files (SECURITY.md, profile/README.md) |
Visible on every dryvist repo's Security tab + at https://github.com/dryvist |
Renovate extends |
renovate.json in each repo: extends: github>JacobPEvans/.github:renovate-presets (this repo's renovate.json is the example) |
| Biome config | Each repo carries a copy of biome.jsonc scaffolded from this repo; Renovate keeps it in sync |
| markdownlint config | Each repo carries a copy of .markdownlint-cli2.yaml from this repo; sync TBD (manual for now) |
| AI assistant policy | CLAUDE.md — read by Claude Code on every session |
For a new TS-based dryvist repo, copy the canonical configs from this repo:
# From the new repo's root (raw content via Accept header — no base64
# decoding, portable across macOS and Linux):
gh api repos/dryvist/.github/contents/biome.jsonc -H "Accept: application/vnd.github.raw" > biome.jsonc
gh api repos/dryvist/.github/contents/.markdownlint-cli2.yaml -H "Accept: application/vnd.github.raw" > .markdownlint-cli2.yaml
gh api repos/dryvist/.github/contents/renovate.json -H "Accept: application/vnd.github.raw" > renovate.jsonIf the repo is a Cribl pack, scaffold from
dryvist/cc-edge-pack-template
instead — the template already includes the canonical configs.
Each repo needs .release-please-manifest.json + release-please-config.json
plus a thin caller workflow that delegates to the inherited reusable workflow:
# .github/workflows/release-please.yml
name: release-please
on:
push:
branches: [main]
permissions:
contents: write
pull-requests: write
jobs:
release-please:
uses: JacobPEvans/.github/.github/workflows/_release-please.yml@main
# The inherited workflow's secret is named GH_ACTION_JACOBPEVANS_APP_ID for
# historical reasons. dryvist exposes a generic GH_APP_ID org secret and
# forwards it here at the boundary — repo readers only see the generic name.
secrets:
GH_ACTION_JACOBPEVANS_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}Org-level secret prereqs (one-time, owner-handled):
GH_APP_ID— App ID (numeric)GH_APP_PRIVATE_KEY— App private key PEM
Generic names so any future App swap or org-internal rebrand is a one-line secret update — no caller-workflow churn.
-
Locate the App owned by JacobPEvans (
https://github.com/settings/appsorhttps://github.com/organizations/JacobPEvans/settings/apps). -
Verify "Where can this GitHub App be installed?" is set to "Any account" (change + save if currently "Only on this account").
-
Visit the App's public install URL (
https://github.com/apps/<app-slug>/installations/new) and install on the dryvist org with access to "All repositories". -
Back in the App settings: copy the App ID; generate + download a private key
.pem(cannot be re-downloaded). -
Set the dryvist org secrets:
gh secret set GH_APP_ID --org dryvist --visibility all gh secret set GH_APP_PRIVATE_KEY --org dryvist --visibility all < /path/to/private-key.pem
Or via UI at https://github.com/organizations/dryvist/settings/secrets/actions.
This repo exposes the following inheritance surfaces:
| Path | Purpose |
|---|---|
CLAUDE.md |
AI assistant policy (read by Claude Code) |
biome.jsonc |
Canonical Biome lint + format config (code) |
.markdownlint-cli2.yaml |
Canonical markdownlint-cli2 config (.md files) |
renovate.json |
Org-default Renovate extending JacobPEvans presets |
SECURITY.md |
Org-wide vulnerability reporting policy (auto-applied to every dryvist repo's Security tab) |
profile/README.md |
Org profile page at https://github.com/dryvist |
Changes here affect every dryvist repo. Tread carefully:
- Bump rules in
biome.jsoncor.markdownlint-cli2.yamlcautiously — they cascade to every repo on next sync. - Don't introduce vendor-specific (Cribl, etc.) content. That belongs in the relevant template repo.
- Conventional commits required (
feat:,fix:,chore:,docs:).
To validate locally before pushing:
# Lint this repo's own code and markdown
npx -y @biomejs/biome check .
npx -y markdownlint-cli2 "**/*.md"JacobPEvans/.github— upstream org we inherit fromdryvist/cc-edge-pack-template— Cribl pack template- Biome configuration reference
- markdownlint-cli2 configuration
- Renovate
extendsdocs - release-please-action