Conversation
- add a standalone Release Please workflow (pinned to v4.4.0 by SHA) - add manifest config to track version + use plain vX.Y.Z tags - tighten existing security workflows to avoid push-trigger noise Generated-by: GitHub Copilot <copilot@github.com> Signed-off-by: Ashley Childress <6563688+anchildress1@users.noreply.github.com>
- add actionlint checks to lefthook pre-commit and pre-push hooks - quote $GITHUB_STEP_SUMMARY in workflows to satisfy shellcheck/actionlint - consolidate multi-echo summary writes into a single redirect block Generated-by: GitHub Copilot <copilot@github.com> Signed-off-by: Ashley Childress <6563688+anchildress1@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces automated release management using Release Please and improves workflow safety through proper shell variable quoting. It also adjusts CI/CD triggers and adds workflow linting via actionlint hooks.
Changes:
- Added Release Please workflow with configuration files for automated versioning and changelog generation
- Improved shell safety by quoting
$GITHUB_STEP_SUMMARYthroughout workflows - Modified CodeQL and security-ci workflow triggers to optimize when they run
- Added actionlint validation to pre-commit and pre-push hooks
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| release-please-config.json | Configuration for Release Please automation with Python release type |
| .release-please-manifest.json | Initial version manifest set to 0.1.0 |
| .github/workflows/release-please.yml | New workflow to automate releases on main branch pushes |
| lefthook.yml | Added actionlint checks for workflow file validation |
| .github/workflows/security-ci.yml | Removed main branch push trigger, added ready_for_review PR type, improved variable quoting |
| .github/workflows/publish.yaml | Improved shell safety with proper variable quoting |
| .github/workflows/codeql.yml | Removed push and PR triggers, keeping only scheduled runs |
- Pin github/codeql-action to v4 commit SHA and scope permissions per-job - Pin astral-sh/setup-uv and peaceiris/actions-gh-pages to commit SHAs Generated-by: GitHub Copilot <copilot@github.com> Signed-off-by: Ashley Childress <6563688+anchildress1@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several improvements to the project's CI/CD workflows and release management. The main changes include the addition of automated release management using Release Please, improved safety and clarity in workflow scripts, and enhanced pre-commit/pre-push hooks for workflow validation.
Release automation and configuration:
.github/workflows/release-please.yml) to automate releases using Release Please, along with its configuration and manifest files (release-please-config.json,.release-please-manifest.json). This enables automated versioning and changelog generation for the project. [1] [2] [3]Workflow safety and summary improvements:
$GITHUB_STEP_SUMMARYwhen appending output, preventing issues with filenames containing spaces or special characters. This affects thepublish.yamlandsecurity-ci.ymlworkflows. [1] [2] [3] [4]CI/CD workflow trigger adjustments:
codeql.ymlandsecurity-ci.ymlworkflows to streamline when they run, such as removing push triggers fromcodeql.ymland expanding pull request types forsecurity-ci.ymlto includeready_for_review. [1] [2]Pre-commit and pre-push hook enhancements:
actionlintchecks to both pre-commit and pre-push hooks inlefthook.yml, ensuring that workflow YAML files are linted before changes are committed or pushed. [1] [2]