Chore/add GitHub config#11
Merged
Merged
Conversation
- Add pre-commit and pre-push git hooks - Add GitHub workflows, issue templates, and CI/CD configs - Add CODEOWNERS with louisdevzz as owner and reviewer - Add security, release, and connectivity policies
- Add pre-commit and pre-push git hooks - Add GitHub workflows, issue templates, and CI/CD configs - Add CODEOWNERS with louisdevzz as owner and reviewer - Add security, release, and connectivity policies
|
Caution Review failedThe pull request is closed. Warning
|
| Cohort / File(s) | Summary |
|---|---|
Git Hooks .githooks/pre-commit, .githooks/pre-push |
Pre-commit hook runs gitleaks secret scanning on staged changes; pre-push hook orchestrates Rust quality gates, delta linting, docs checks, and test execution before pushes. |
GitHub Configuration & Ownership .github/CODEOWNERS, .github/ISSUE_TEMPLATE/bug_report.yml, .github/ISSUE_TEMPLATE/feature_request.yml, .github/ISSUE_TEMPLATE/config.yml, .github/pull_request_template.md |
Defines code ownership policies, structured issue templates for bug reports and feature requests with validation rules, issue template configuration disabling blank issues, and comprehensive PR template with sections for metadata, validation, security, and rollback planning. |
Tool Configurations .github/actionlint.yaml, .github/codeql/codeql-config.yml, .github/dependabot.yml, .github/labeler.yml, .github/label-policy.json |
Actionlint self-hosted runner labels, CodeQL configuration excluding test directory, Dependabot setup for cargo/actions/docker with daily updates, file-change-based labeling across project modules, and contributor tier policy with merged PR thresholds. |
Release & Security Policies .github/release/canary-policy.json, .github/release/docs-deploy-policy.json, .github/release/ghcr-tag-policy.json, .github/release/ghcr-vulnerability-policy.json, .github/release/nightly-owner-routing.json, .github/release/prerelease-stage-gates.json, .github/release/release-artifact-contract.json |
Canary deployment policy with cohort phases and observability thresholds, docs deployment controls with manual dispatch and rollback settings, GHCR tag formatting and immutability rules, vulnerability severity blocking policies, nightly release owner routing, prerelease stage gating with required checks, and release artifact/SBOM/notice contracts. |
Security Governance .github/security/deny-ignore-governance.json, .github/security/gitleaks-allowlist-governance.json, .github/security/unsafe-audit-governance.json |
Transitive dependency advisories with expiration tracking, gitleaks allowlist patterns and regex exceptions with ownership metadata, and unsafe code audit governance configuration. |
Connectivity & LLM Provider Management .github/connectivity/probe-contract.json, .github/connectivity/providers.json |
LLM provider connectivity probe contract with consecutive failure escalation, list of required/optional providers with timeout and retry configuration, and global timeout settings with provider URLs and criticality flags. |
Core CI Workflows .github/workflows/ci-build-fast.yml, .github/workflows/ci-change-audit.yml, .github/workflows/ci-canary-gate.yml, .github/workflows/ci-provider-connectivity.yml, .github/workflows/ci-reproducible-build.yml, .github/workflows/ci-rollback.yml, .github/workflows/ci-run.yml |
Fast CI build on Rust changes with change detection, pull request change auditing with violation enforcement, canary deployment planning and execution with policy evaluation, LLM provider connectivity probing with audit events, reproducible build verification with drift detection, rollback planning and execution workflows, and comprehensive multi-path CI pipeline with quality gates, approval requirements, and conditional execution based on change scope. |
Testing Workflows .github/workflows/test-benchmarks.yml, .github/workflows/test-e2e.yml, .github/workflows/test-fuzz.yml |
Weekly Criterion benchmarks with PR summary posting, integration/E2E tests on dev/main pushes, and fuzz testing with configurable duration and multiple fuzz targets. |
Release & Publishing Workflows .github/workflows/pub-docker-img.yml, .github/workflows/pub-prerelease.yml, .github/workflows/pub-release.yml, .github/workflows/ci-supply-chain-provenance.yml |
Docker image publishing with smoke testing, contract validation, and Trivy vulnerability scanning; prerelease guard validation with artifact building and GitHub pre-release creation; comprehensive multi-target release orchestration with Android NDK setup, artifact verification, SBOM generation, cosign signing, and GitHub Release creation; supply-chain provenance generation and signing. |
Security Audit Workflows .github/workflows/sec-audit.yml, .github/workflows/sec-codeql.yml, .github/workflows/sec-vorpal-reviewdog.yml |
Multi-stage security audit with dependencies, licenses, supply-chain hygiene, secrets, SBOMs, unsafe code debt, and security regression testing; CodeQL analysis with custom configuration; Vorpal static analysis with reviewdog integration and scope/filter controls. |
PR Automation & Maintenance .github/workflows/pr-auto-response.yml, .github/workflows/pr-check-stale.yml, .github/workflows/pr-check-status.yml, .github/workflows/pr-intake-checks.yml, .github/workflows/pr-label-policy-check.yml, .github/workflows/pr-labeler.yml |
Automated contributor tier labeling and first-interaction greetings, stale PR/issue detection and closure, PR status nudges for behind/failing state, PR intake validation for required sections and formatting issues, contributor tier label policy consistency checks, and comprehensive PR labeling with size/risk/module/path inference and contributor tier assignment. |
Documentation & Pages Deployment .github/workflows/docs-deploy.yml, .github/workflows/deploy-web.yml, .github/workflows/pages-deploy.yml |
Docs deployment with quality gates, preview generation, and GitHub Pages publishing; web frontend building and GitHub Pages deployment; site build and Pages deployment from main branch. |
Feature & Nightly Testing .github/workflows/feature-matrix.yml, .github/workflows/nightly-all-features.yml |
Comprehensive feature matrix with multiple lanes, compile and nightly profiles, per-lane retry logic, and historical nightly tracking; daily nightly builds across feature lanes with libudev handling and aggregated reporting. |
Maintenance & Documentation .github/workflows/sync-contributors.yml, .github/workflows/workflow-sanity.yml, .github/workflows/main-branch-flow.md, .github/workflows/README.md |
Automated contributor list synchronization to NOTICE file with draft PR creation, workflow YAML sanity checks (tabs and actionlint validation), comprehensive main branch delivery flow documentation with event triggers and step-by-step sequences, and workflow directory conventions documentation. |
GitHub Actions Helper Scripts .github/workflows/scripts/ci_human_review_guard.js, .github/workflows/scripts/ci_license_file_owner_guard.js, .github/workflows/scripts/ci_workflow_owner_approval.js, .github/workflows/scripts/lint_feedback.js |
Human approval enforcement filtering bot accounts, license file editor allowlist validation, workflow file change approval requirement with allowlist enforcement, and lint failure feedback posting as sticky PR comments. |
PR Management Scripts .github/workflows/scripts/pr_auto_response_contributor_tier.js, .github/workflows/scripts/pr_auto_response_labeled_routes.js, .github/workflows/scripts/pr_check_status_nudge.js, .github/workflows/scripts/pr_intake_checks.js, .github/workflows/scripts/pr_labeler.js, .github/workflows/scripts/test_benchmarks_pr_comment.js |
Contributor tier label assignment based on merged PR count with policy fallbacks, label-driven issue/PR response routing with idempotent commenting and conditional closing, stale PR nudging based on commit age and CI status, PR metadata validation and formatting issue detection with sticky commenting, comprehensive label governance with module inference, provider/channel hints, metadata drift repair, and contributor tier assignment, and benchmark result summary posting to PR comments. |
Sequence Diagram(s)
sequenceDiagram
participant Developer
participant LocalGit as Local Git Hooks
participant GitHub as GitHub
participant Actions as GitHub Actions
participant Cache as Build Cache
participant Registry as GHCR
participant Security as Security Tools
Developer->>LocalGit: git commit
LocalGit->>Security: gitleaks protect (staged)
Security-->>LocalGit: Allow/Block commit
Developer->>LocalGit: git push
LocalGit->>Actions: Pre-push hooks
Actions->>Actions: rust_quality_gate
Actions->>Actions: cargo test --locked
Actions-->>LocalGit: Allow/Block push
Developer->>GitHub: Push to branch
GitHub->>Actions: Trigger CI
Actions->>Actions: Detect changes scope
alt Rust changes detected
Actions->>Cache: Restore Rust cache
Actions->>Actions: Lint & quality gates
Actions->>Actions: Run tests
Actions->>Cache: Store Rust cache
end
alt Docs changes detected
Actions->>Actions: Markdown quality checks
Actions->>Actions: Link validation
end
Actions->>Actions: Feature matrix build
Actions->>Actions: Fuzz testing
Actions->>Security: CodeQL analysis
opt Release mode
Actions->>Actions: Build multi-target binaries
Actions->>Security: Generate SBOMs
Actions->>Security: Cosign signing
Actions->>Registry: Push Docker image
Actions->>Registry: Run Trivy scans
Actions->>GitHub: Create Release
end
GitHub-->>Developer: CI results & deployment
Estimated code review effort
🎯 5 (Critical) | ⏱️ ~120 minutes
Poem
🐰 Hops with joy through GitHub Actions deep,
CI gates and tests stand watch while devs sleep!
Workflows orchestrate from hook to release,
Security, quality, features at peace. ✨
A rabbit's refrain: automate with care,
Where policy guides and no secrets lay bare. 🔐
✨ Finishing Touches
- 📝 Generate docstrings (stacked PR)
- 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
- Create PR with unit tests
- Post copyable unit tests in a comment
- Commit unit tests in branch
chore/add-github-config
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Chores