From 8969a322c6320904cb17eeadf8186fbefe719015 Mon Sep 17 00:00:00 2001 From: Sandhya Adavikolanu Date: Sat, 7 Mar 2026 12:49:59 -0800 Subject: [PATCH 1/2] Create qcom-preflight-checks.yaml This PR adds the Qualcomm QC Preflight Checks workflow using the shared orchestrator: qcom-reusable-workflows/reusable-qcom-preflight-checks-orchestrator.yml@v2 The workflow enables: - Semgrep scan - Dependency review - Repolinter check - Copyright/license check - Commit email check These checks help standardize code quality and security validation across the repository. Signed-off-by: Sandhya Adavikolanu Signed-off-by: Sandhya Adavikolanu --- .github/workflows/qcom-preflight-checks.yaml | 24 ++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/qcom-preflight-checks.yaml diff --git a/.github/workflows/qcom-preflight-checks.yaml b/.github/workflows/qcom-preflight-checks.yaml new file mode 100644 index 0000000..1b06899 --- /dev/null +++ b/.github/workflows/qcom-preflight-checks.yaml @@ -0,0 +1,24 @@ +name: QC Preflight Checks + +on: + pull_request: + push: + branches: [main] + workflow_dispatch: + +jobs: + preflight: + name: Run QC Preflight Checks + uses: qualcomm/qcom-reusable-workflows/.github/workflows/reusable-qcom-preflight-checks-orchestrator.yml@v2 + with: + enable-semgrep-scan: true + enable-dependency-review: true + enable-repolinter-check: true + enable-copyright-license-check: true + enable-commit-email-check: true + enable-commit-msg-check: false + enable-armor-checkers: false + + permissions: + contents: read + security-events: write From a9b44870b8acb7181b483b318eed85be62af6567 Mon Sep 17 00:00:00 2001 From: Sandhya Adavikolanu Date: Sat, 7 Mar 2026 13:02:32 -0800 Subject: [PATCH 2/2] Create dependabot.yaml This PR adds a Dependabot configuration (dependabot.yml) to automatically keep GitHub Actions up to date. Enabling Dependabot helps ensure the repository remains secure, follows best practices, and stays aligned with Qualcomm engineering standards. Key details: Enables Dependabot for the GitHub Actions ecosystem Scans the root directory (/) where workflows are located Schedules checks to run daily Automates version update PRs for workflow dependencies This improves repository maintainability and helps proactively identify outdated or vulnerable GitHub Actions. Signed-off-by: Sandhya Adavikolanu Signed-off-by: Sandhya Adavikolanu --- .github/dependabot.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..13150bc --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "github-actions" # See documentation for possible values + directory: "/" # This points to .github/workflows + schedule: + interval: "daily"