This repository is the starting point for working across the rundeck-plugins organization. It holds the org-wide engineering guide for AI agents and humans, shared security scanning infrastructure, and bulk-operation scripts.
Start here, whether you're a contributor or pointing an AI agent at the org:
-
Read the engineering guide.
CLAUDE.mdis the canonical guide: working agreements, build/release and branch conventions, security scanning, and environment notes.AGENTS.mdmirrors it. Plugin inventory and per-plugin specifics are inPLUGINS_OVERVIEW.md. -
Set up a local workspace. Create a container folder and clone the repos into it (the folder itself is just a container, not a git repo):
mkdir -p ~/Documents/GitHub/rundeck-plugins && cd ~/Documents/GitHub/rundeck-plugins git clone https://github.com/rundeck-plugins/.github.git # Clone all active (non-archived) repos in parallel: gh repo list rundeck-plugins --no-archived --limit 200 --json name -q '.[].name' \ | xargs -P4 -I{} gh repo clone rundeck-plugins/{}
-
Let the per-repo instructions do the work. Every active repo has a generated
.github/copilot-instructions.mdthat points back to this guide and inlines the essentials, so Copilot/Cursor/Claude follow the same conventions in any repo. Don't hand-edit those files; edittemplates/copilot-instructions.shared.mdand re-run the sync script. -
Use the bulk-ops scripts in
scripts/for multi-repo work:scripts/org-sync.sh status- read-only branch / dirty / ahead-behind report across all clones.scripts/org-sync.sh sync --discard- re-point every clone to its default branch (discards local changes).scripts/sync-copilot-instructions.sh- stamp the shared Copilot template into each repo (--checkto report drift only).
-
Use the shared Agent Skills in
skills/for repeatable workflows:skills/rundeck-plugin-versions- bump a released plugin's version acrossrundeck,rundeckpro, andua-runner, or run a pre-release drift sweep. Install withcp -R skills/rundeck-plugin-versions ~/.cursor/skills/.
Default branch for all active repos is main.
The primary goal is centralized Snyk security scanning across all plugin repositories. This ensures consistent security standards and simplifies maintenance.
.github/workflows/snyk-scan-reusable.yml- Central reusable workflow for security scanningsnyk-scan.yml- Minimal template for implementing security scanscalling-workflow-example.yml- Full configuration example with commentssnyk-scan-info.md- Complete setup documentation and troubleshootingprofile/README.md- Organization profile page content
See snyk-scan-info.md for detailed setup instructions and configuration options.
For repository maintainers:
- Copy
snyk-scan.ymlto your repository as.github/workflows/security-scan.yml - Commit and push
- Security scans run automatically on pushes and pull requests
No additional configuration is required. All parameters are optional with sensible defaults.
- Automatic detection of main/master branches
- Pre-configured organization secrets
- Blocking security tests (workflow fails on high-severity vulnerabilities)
- Results integrated with Snyk dashboard
- Support for Java 8, 11, 17, and 21 (default: 17)
- Single point of maintenance for security scanning logic
- Consistent security standards across all repositories
- Easy updates to scanning procedures organization-wide
- Simplified onboarding for new repositories