Add CI Configuration#76
Open
pablo-schmeiser wants to merge 9 commits into
Open
Conversation
pablo-schmeiser
requested review from
Copilot
and removed request for
mfbehrens
There was a problem hiding this comment.
Pull request overview
This PR adds a set of GitHub Actions workflows and configs to automate CI quality/security checks (linting, dependency review, security scanning), plus a Django “integrity” check pipeline that also updates README badges based on supported Python versions.
Changes:
- Added Django integrity CI with a reusable “extract Python versions” workflow and a script to update README integrity badges.
- Added CI workflows for super-linting, OWASP Noir analysis (with PR commenting), dependency review, and AI-generated PR detection.
- Added commitlint configuration intended to enforce conventional commits.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/check_integrity.yml |
Runs Django checks across a Python matrix; auto-updates README integrity badges. |
.github/workflows/extract_python_versions.yml |
Reusable workflow to parse supported Python versions from pyproject.toml. |
.github/workflows/update_integrity_badges.py |
Updates README between markers with Python version badges. |
.github/workflows/super-linter.yml |
Runs Super-Linter on pushes/PRs. |
.github/workflows/owasp-noir.yml |
Runs OWASP Noir analysis and comments results on PRs. |
.github/workflows/check_dependencies.yml |
Runs GitHub dependency review on PRs. |
.github/workflows/detect_ai.yml |
Uses pr406 to detect AI-generated PRs on pull_request_target. |
.github/pr406.yml |
Configuration for the AI-detection action (threshold/label/dry-run). |
.commitlintrc.js |
Commitlint rules for conventional commit messages. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
pablo-schmeiser
force-pushed
the
ci/add-ci
branch
from
f6024f0 to
647f9df
Compare
Checks whether PRs will change dependencies to introduce vulnerabilities or use licenses not allowed in this project.
OWASP Noir is an advanced security analysis tool, capable of scanning, analyzing and annotating a codebase.
pablo-schmeiser
force-pushed
the
ci/add-ci
branch
from
647f9df to
16947ce
Compare
pablo-schmeiser
commented
Jun 28, 2026
pablo-schmeiser
left a comment
pablo-schmeiser
left a comment
Collaborator
Author
There was a problem hiding this comment.
I've just been talking to @postgnostic. He gave me a review IRL.
@hd1ex I would suggest merging this soon.
@postgnostic: LGTM 👍
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several new GitHub Actions workflows and related configuration files to automate quality, security, and compliance checks for the project. The main focus is on improving CI/CD processes, enforcing commit message standards, automating integrity and dependency checks, and enhancing security analysis. Below are the most significant changes:
CI/CD Automation and Quality Checks:
.github/workflows/check_integrity.ymlto automatically build the project, run Django integrity checks across supported Python versions, and update integrity badges in theREADME.md. This workflow uses a new helper script.github/workflows/update_integrity_badges.pyand a shared workflow.github/workflows/extract_python_versions.ymlto dynamically extract supported Python versions frompyproject.toml..github/workflows/super-linter.ymlto run a wide range of classic and advanced linters (including Trivy, GitLeaks, codespell, and more) on every push and pull request, helping to catch code quality and security issues early.Security and Dependency Management:
.github/workflows/owasp-noir.ymlto perform automated OWASP Noir security analysis on the codebase, upload results as artifacts, and comment reports on pull requests..github/workflows/check_dependencies.ymlto automatically review dependencies on pull requests using GitHub's dependency review action, helping to identify vulnerable or unwanted packages.AI-generated Content Detection:
.github/workflows/detect_ai.ymland its configuration file.github/pr406.ymlto detect AI-generated pull requests using thepr406action, labeling suspicious PRs and running in dry-run mode as suggested by its developer (for now).Commit Message Enforcement:
.commitlintrc.jsto enforce conventional commit message standards, ensuring more consistent and meaningful commit history.