# Forge Tool Template A starting point for small tools and scripts on the [Hellion Forge](https://gitea.hellion-forge.cloud/) — language-agnostic, Renovate-aware, security-scanned. Use this when you have: - a one-shot script (Bash, Python, PowerShell, Node, etc.) - a small CLI utility - a config-only repo (Ansible, dotfiles, infrastructure-as-code) - anything that doesn't fit the [Dalamud Plugin Template](../dalamud-plugin-template) or the [Web App Template](../web-app-template) --- ## How to use this template 1. Click **"Use this template"** on the Forge. 2. Update this `README.md` to describe your actual tool — replace this template-usage section with real install/run/contribute instructions. 3. Drop your tool's source files at the repo root or under a sensible folder (`scripts/`, `src/`, `bin/`). 4. Adjust `.gitignore` for your language. The default has Python, Node, and shell artifacts pre-listed; remove or extend as needed. 5. If your tool needs a different security-scan config, edit `.gitea/workflows/security.yml`. --- ## What's included ``` . ├── .editorconfig ├── .gitea/ │ ├── ISSUE_TEMPLATE/ Bug + feature templates │ ├── PULL_REQUEST_TEMPLATE.md │ └── workflows/ │ └── security.yml Semgrep + Trivy via Hellion-Forge/security-workflows ├── .gitignore Multi-language defaults ├── examples/README.md Placeholder for usage examples ├── CODEOWNERS Default reviewer (replace for new repo) ├── LICENSE MIT └── README.md This file (replace before shipping) ``` --- ## Renovate Renovate runs as a system-level service on the Forge. New repos in `Hellion-Forge` are picked up automatically — no per-repo config needed unless you want to override the default behavior. Add a `renovate.json` at the repo root for custom rules. --- ## Security scanning The `.gitea/workflows/security.yml` stub calls the reusable workflows in `Hellion-Forge/security-workflows`. Default behavior: - Semgrep with the recommended ruleset - Trivy filesystem scan for known CVEs - Runs on push to main + pull requests + weekly cron To exclude specific paths or rules, drop a `.semgrep-exclude.yml` at the repo root (the reusable workflow honors it). --- ## License MIT — see `LICENSE`.