chore: precommit checks + added missing docs #88
Conversation
📝 WalkthroughWalkthroughAdds repository governance and contributor infrastructure: CODEOWNERS, issue/PR templates, SBOM compliance CI workflow, local pre-commit hooks, and documentation/policy files (CONTRIBUTING, CODE_OF_CONDUCT, SECURITY, SUPPORT); also updates docs index. No runtime code changes. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
rect rgba(200,200,255,0.5)
participant User as Trigger (push/PR/schedule)
end
rect rgba(200,255,200,0.5)
participant GH as GitHub Actions
participant Checkout as Checkout
participant Matrix as Component Matrix
end
rect rgba(255,200,200,0.5)
participant SBOM as anchore/sbom-action
participant Scan as anchore/scan-action
participant Artifact as actions/upload-artifact
participant SARIF as codeql-action (SARIF)
end
User->>GH: trigger workflow
GH->>Checkout: checkout code
GH->>Matrix: iterate components (backend, frontend)
Matrix->>SBOM: generate SPDX SBOM (per-component)
SBOM->>Scan: provide SBOM for scanning
Scan->>Artifact: upload <component>-sbom.spdx.json
GH->>SARIF: upload/emit SARIF vulnerability report
SARIF->>Artifact: attach SARIF per-component
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Fix all issues with AI agents
In `@CODE_OF_CONDUCT.md`:
- Around line 37-43: Replace the bare email and raw URL with proper Markdown
links to satisfy MD034: change the plain email address "max.azatian@gmail.com"
to a mailto link (e.g., <mailto:...>) and convert the raw Contributor Covenant
URL "https://www.contributor-covenant.org/version/3/0/" into a Markdown link
(e.g., [Contributor Covenant](...)) in CODE_OF_CONDUCT.md so the contact and
attribution are clickable and conform to Markdown linting rules.
In `@SECURITY.md`:
- Around line 25-26: Replace the plain email "max.azatian@gmail.com" in
SECURITY.md with a proper mailto link to satisfy MD034 (e.g. use
[max.azatian@gmail.com](mailto:max.azatian@gmail.com) or
<mailto:max.azatian@gmail.com>) so the contact is a clickable email link; update
the line that currently reads "1. **Email:** Send a detailed report to
**max.azatian@gmail.com**." to use the mailto markup instead.
In `@SUPPORT.md`:
- Around line 21-24: Replace the bare email address "max.azatian@gmail.com" in
the SUPPORT.md contact line with a Markdown mailto link to satisfy MD034; update
the Email line so it uses a mailto hyperlink for the address (keep the visible
text as the email) instead of the bare email string.
🧹 Nitpick comments (4)
.github/workflows/sbom-compliance.yml (2)
54-55: Consider increasing artifact retention for compliance purposes.A 5-day retention period may be too short for SBOM artifacts, which are often needed for compliance audits and security reviews over longer periods. Consider increasing to 30-90 days depending on your compliance requirements.
57-62: Verify SARIF output exists before upload.When using
if: always(), the SARIF upload step will run even if the scan step failed or was skipped, potentially causing the step to fail ifsteps.scan.outputs.sarifdoesn't exist.🛠️ Suggested improvement
- name: Upload Vulnerability Report uses: github/codeql-action/upload-sarif@v3 - if: always() + if: always() && steps.scan.outputs.sarif != '' with: sarif_file: ${{ steps.scan.outputs.sarif }} category: ${{ matrix.component }}-dependencies.github/ISSUE_TEMPLATE/bug_report.yml (1)
40-54: Minor: Component options differ between bug report and feature request templates.The bug report template has more specific component options (e.g., "SSE / Real-time updates", "Authentication") while the feature request uses simpler labels. This is fine if intentional, but you may want to align them for consistency in labeling and triage.
CONTRIBUTING.md (1)
119-125: Add language specifier to fenced code block.The commit message examples code block is missing a language specifier, which triggers a markdown lint warning. Since these are plain text examples, you can use
textor leave it empty with an explicit marker.📝 Suggested fix
-``` +```text feat: add user notification preferences fix: resolve race condition in execution coordinator docs: update deployment guide for k3s setup refactor: extract common validation logic test: add integration tests for DLQ processor</details> </blockquote></details> </blockquote></details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
Summary by cubic
Adds pre-commit checks (ruff + mypy) for the backend, sets up SBOM scanning in CI, and adds repo templates and governance docs to standardize contributions and improve security. Also updates docs with Contributing, Code of Conduct, Security, and Support, and links Contributing in docs/index.
New Features
Migration
Written for commit 6b2d2cb. Summary will update on new commits.
Summary by CodeRabbit
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.