Skip to content

Fix language-agnostic gaps in the template#4

Merged
mathieusouflis merged 9 commits into
mainfrom
audit/language-agnostic-fixes
Jul 1, 2026
Merged

Fix language-agnostic gaps in the template#4
mathieusouflis merged 9 commits into
mainfrom
audit/language-agnostic-fixes

Conversation

@mathieusouflis

Copy link
Copy Markdown
Owner

Summary

Audit of this template repo's goal of working for any language/project type turned up 8 places where it silently assumed a JS/Node/web-app shape or would break by default on a fresh instantiation:

  • Commit-message CI (commitlint.yml) called wagoid/commitlint-github-action, which needs a Node/commitlint config that doesn't exist in this repo — the job failed by default for every project. Now reuses .githooks/commit-msg directly (single source of truth, no runtime deps).
  • dependabot.yml hardcoded npm as the only ecosystem, so non-JS projects got no dependency-update PRs. Commented out with examples for pip/gomod/cargo/maven/gradle/composer/bundler.
  • FAQ hardcoded pnpm/vitest commands, breaking the placeholder pattern used everywhere else in the docs.
  • .env.example presented PORT=3000 as an active default, assuming every project runs a network service.
  • Issue templates had a required "Area" dropdown assuming a web app (Frontend/Backend/DB/Auth) plus a Node/pnpm-specific environment placeholder.
  • .editorconfig grouped *.go with 4-space languages, fighting gofmt's tabs. Also extended 4-space coverage to Rust/C/C++/C#, which previously fell through to the 2-space default.
  • GitHub Discussions is linked from 6 places as the sole path for questions (blank issues are disabled), but Discussions isn't enabled by default on template-instantiated repos. Added a one-time setup note.
  • CI workflows (ci.yml, commitlint.yml) had no permissions: block, inheriting possibly-broader-than-needed org defaults. Scoped to contents: read, matching release.yml's existing pattern.

Test plan

  • Confirm commitlint.yml passes on this PR (it validates its own commits)
  • Spot-check dependabot.yml, issue templates, and .editorconfig render/parse correctly on GitHub

…t action

The wagoid/commitlint-github-action requires a commitlint config and
Node toolchain that this language-agnostic template doesn't ship,
so the job failed by default. Reuse .githooks/commit-msg instead.
npm was hardcoded as the only dependency ecosystem, so non-JS
projects got no dependency update PRs out of the box. Comment out
npm and add commented examples for pip, gomod, cargo, maven,
gradle, composer, and bundler to uncomment as needed.
The FAQ was the one doc file that hardcoded a Node/pnpm/vitest
toolchain instead of following the placeholder pattern used
everywhere else, contradicting the template's language-agnostic goal.
…irement

PORT=3000 was uncommented and presented as a real default, which
assumes every project using this template runs a network service.
CLIs, libraries, and batch jobs don't. Comment it out and note it
only applies when relevant.
…onment placeholder

The required 'Area' dropdown (Frontend/Backend/Database/Auth) assumed
every project has that shape, forcing CLI tools and libraries into
'Other'. Dropped it — triage labels can categorize manually. Also
replaced the Node/pnpm-specific environment placeholder with
language-neutral examples.
…ages

Go was grouped with 4-space languages, but gofmt formats with tabs —
editors honoring editorconfig were fighting the language's own
formatter. Gave *.go its own tab rule and added rs/c/h/cpp/hpp/cs
to the 4-space group, which were previously uncovered and fell back
to the 2-space default.
Discussions is off by default on repos created from a template, but
CONTRIBUTING.md, SUPPORT.md, the FAQ, and the issue template config
all treat it as the sole path for questions (blank issues are
disabled). Add a one-time setup note so those links don't 404.
ci.yml and commitlint.yml had no explicit permissions block, so they
inherited whatever the org/repo default token permissions were,
which can be broader than read-only. release.yml already scoped
itself correctly; match that pattern here since neither workflow
needs write access.
The regex never enforced lowercase descriptions — .{1,72} already
allows any case — but the error message falsely claimed it did.
Fix the message instead of the (already permissive) pattern.
@mathieusouflis mathieusouflis merged commit 13c9ea2 into main Jul 1, 2026
4 checks passed
@mathieusouflis mathieusouflis deleted the audit/language-agnostic-fixes branch July 1, 2026 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant