Skip to content

Commit 60dd5f2

Browse files
Copilotlippytm
andcommitted
Add CI/CD workflows and repository hygiene files
- Add lint-test.yml workflow for Python and Node/TypeScript - Add deploy.yml workflow with environment matrix and OIDC placeholders - Add codeql.yml for security scanning - Add dependency-review.yml for PR dependency review - Add SECURITY.md with vulnerability reporting and SLA - Add CONTRIBUTING.md with development guidelines - Add CODEOWNERS with @lippytm as fallback - Add MIT LICENSE - Add issue and PR templates - Update README with CI status badges Co-authored-by: lippytm <65956507+lippytm@users.noreply.github.com>
1 parent 9b2d452 commit 60dd5f2

11 files changed

Lines changed: 1282 additions & 0 deletions

.github/ISSUE_TEMPLATE.md

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
---
2+
name: Bug Report / Feature Request
3+
about: Create a report to help us improve or suggest a new feature
4+
title: '[TYPE] Brief description'
5+
labels: ''
6+
assignees: ''
7+
---
8+
9+
## Issue Type
10+
<!-- Mark the appropriate type with an 'x' -->
11+
- [ ] Bug Report
12+
- [ ] Feature Request
13+
- [ ] Documentation Update
14+
- [ ] Question
15+
16+
---
17+
18+
## For Bug Reports
19+
20+
### Description
21+
A clear and concise description of what the bug is.
22+
23+
### Steps to Reproduce
24+
1. Go to '...'
25+
2. Click on '...'
26+
3. Scroll down to '...'
27+
4. See error
28+
29+
### Expected Behavior
30+
A clear and concise description of what you expected to happen.
31+
32+
### Actual Behavior
33+
A clear and concise description of what actually happened.
34+
35+
### Screenshots
36+
If applicable, add screenshots to help explain your problem.
37+
38+
### Environment
39+
- **OS**: [e.g., macOS 13.0, Ubuntu 22.04, Windows 11]
40+
- **Browser** (if applicable): [e.g., Chrome 120, Firefox 121]
41+
- **Node.js version**: [e.g., 20.10.0]
42+
- **Python version**: [e.g., 3.11.5]
43+
- **Project component**: [Backend / Frontend / Contracts]
44+
45+
### Additional Context
46+
Add any other context about the problem here.
47+
48+
---
49+
50+
## For Feature Requests
51+
52+
### Problem Statement
53+
A clear and concise description of the problem you're trying to solve.
54+
Ex. I'm always frustrated when [...]
55+
56+
### Proposed Solution
57+
A clear and concise description of what you want to happen.
58+
59+
### Alternative Solutions
60+
A clear and concise description of any alternative solutions or features you've considered.
61+
62+
### Benefits
63+
Describe the benefits of implementing this feature.
64+
- Who will benefit?
65+
- How will it improve the project?
66+
67+
### Additional Context
68+
Add any other context, screenshots, or examples about the feature request here.
69+
70+
---
71+
72+
## Checklist
73+
<!-- Mark items with an 'x' as you complete them -->
74+
- [ ] I have searched existing issues to avoid duplicates
75+
- [ ] I have provided all relevant information
76+
- [ ] I have added appropriate labels (if I have permission)
77+
- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
78+
- [ ] For bugs: I can reproduce this issue consistently
79+
- [ ] For features: I have considered the implementation complexity
80+
81+
---
82+
83+
## Related Issues
84+
<!-- Link any related issues here -->
85+
- Related to #
86+
- Blocks #
87+
- Blocked by #

.github/PULL_REQUEST_TEMPLATE.md

Lines changed: 143 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,143 @@
1+
## Description
2+
<!-- Provide a clear and concise description of your changes -->
3+
4+
### What does this PR do?
5+
<!-- Explain the purpose and scope of this PR -->
6+
7+
### Why is this change needed?
8+
<!-- Explain the motivation and context for this change -->
9+
10+
### How has this been tested?
11+
<!-- Describe the tests you ran and how to reproduce them -->
12+
13+
---
14+
15+
## Type of Change
16+
<!-- Mark the appropriate type(s) with an 'x' -->
17+
- [ ] Bug fix (non-breaking change which fixes an issue)
18+
- [ ] New feature (non-breaking change which adds functionality)
19+
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
20+
- [ ] Documentation update
21+
- [ ] Code refactoring
22+
- [ ] Performance improvement
23+
- [ ] Test addition/update
24+
- [ ] CI/CD change
25+
- [ ] Dependency update
26+
27+
---
28+
29+
## Checklist
30+
<!-- Mark items with an 'x' as you complete them -->
31+
32+
### Code Quality
33+
- [ ] My code follows the project's coding standards
34+
- [ ] I have performed a self-review of my own code
35+
- [ ] I have commented my code, particularly in hard-to-understand areas
36+
- [ ] My changes generate no new warnings or errors
37+
- [ ] I have removed any debugging code or console logs
38+
39+
### Testing
40+
- [ ] I have added tests that prove my fix is effective or that my feature works
41+
- [ ] New and existing unit tests pass locally with my changes
42+
- [ ] I have run the linters and they pass (`npm run lint`, `ruff check`)
43+
- [ ] I have run the formatters (`npm run format`, `ruff format`)
44+
45+
### Backend Specific (if applicable)
46+
- [ ] Backend tests pass (`pytest`)
47+
- [ ] Python code follows PEP 8 standards
48+
- [ ] Type hints are added for new functions
49+
- [ ] API changes are backward compatible (or breaking changes are documented)
50+
51+
### Frontend Specific (if applicable)
52+
- [ ] Frontend tests pass (`npm test`)
53+
- [ ] TypeScript type checking passes (`npm run type-check`)
54+
- [ ] Build succeeds (`npm run build`)
55+
- [ ] UI changes are responsive and accessible
56+
- [ ] Screenshots are included for UI changes
57+
58+
### Smart Contracts Specific (if applicable)
59+
- [ ] Contract tests pass (`npm test`)
60+
- [ ] Contracts compile without warnings (`npm run compile`)
61+
- [ ] Gas optimization has been considered
62+
- [ ] Security best practices have been followed
63+
- [ ] NatSpec documentation is complete
64+
65+
### Documentation
66+
- [ ] I have updated the documentation accordingly
67+
- [ ] I have updated the README if needed
68+
- [ ] I have added/updated code comments where necessary
69+
- [ ] API documentation is updated (if applicable)
70+
71+
### Security
72+
- [ ] I have considered security implications of my changes
73+
- [ ] I have not committed any secrets or credentials
74+
- [ ] Dependencies are up to date and have no known vulnerabilities
75+
- [ ] Input validation is implemented where needed
76+
- [ ] No SQL injection, XSS, or other common vulnerabilities introduced
77+
78+
### Git & PR Hygiene
79+
- [ ] My branch is up to date with the base branch
80+
- [ ] I have resolved any merge conflicts
81+
- [ ] Commit messages follow the [Conventional Commits](https://www.conventionalcommits.org/) specification
82+
- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
83+
- [ ] I have linked related issues (if applicable)
84+
85+
---
86+
87+
## Related Issues
88+
<!-- Link related issues using keywords like 'Closes', 'Fixes', 'Resolves' -->
89+
Closes #
90+
Fixes #
91+
Related to #
92+
93+
---
94+
95+
## Screenshots (if applicable)
96+
<!-- Add screenshots to demonstrate UI changes -->
97+
98+
### Before
99+
<!-- Screenshot or description of current behavior -->
100+
101+
### After
102+
<!-- Screenshot or description of new behavior -->
103+
104+
---
105+
106+
## Breaking Changes
107+
<!-- If this PR introduces breaking changes, describe them here -->
108+
<!-- Include migration steps if necessary -->
109+
110+
**Does this PR introduce breaking changes?**
111+
- [ ] Yes
112+
- [ ] No
113+
114+
<!-- If yes, describe the breaking changes and migration path -->
115+
116+
---
117+
118+
## Additional Notes
119+
<!-- Any additional information that reviewers should know -->
120+
121+
### Performance Impact
122+
<!-- Describe any performance implications -->
123+
124+
### Deployment Notes
125+
<!-- Any special deployment considerations -->
126+
127+
### Future Work
128+
<!-- Any follow-up work that should be done -->
129+
130+
---
131+
132+
## Reviewer Notes
133+
<!-- Specific areas you'd like reviewers to focus on -->
134+
135+
---
136+
137+
## PR Author Checklist
138+
<!-- Final check before submitting -->
139+
- [ ] I have filled out all relevant sections of this template
140+
- [ ] I have marked all completed checklist items
141+
- [ ] I have assigned appropriate reviewers
142+
- [ ] I have added appropriate labels
143+
- [ ] CI checks are passing

.github/workflows/codeql.yml

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
name: "CodeQL Security Analysis"
2+
3+
on:
4+
push:
5+
branches: [ main, develop ]
6+
pull_request:
7+
branches: [ main, develop ]
8+
schedule:
9+
# Run CodeQL analysis every Monday at 00:00 UTC
10+
- cron: '0 0 * * 1'
11+
workflow_dispatch:
12+
13+
permissions:
14+
contents: read
15+
16+
jobs:
17+
analyze:
18+
name: Analyze (${{ matrix.language }})
19+
runs-on: ubuntu-latest
20+
timeout-minutes: 360
21+
permissions:
22+
# Required for all workflows
23+
security-events: write
24+
# Required to fetch internal or private CodeQL packs
25+
packages: read
26+
# Required for workflows in private repositories
27+
actions: read
28+
contents: read
29+
30+
strategy:
31+
fail-fast: false
32+
matrix:
33+
# CodeQL supports: 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
34+
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
35+
language: [ 'javascript-typescript', 'python' ]
36+
# Add 'solidity' analysis if using third-party Solidity analyzer
37+
38+
steps:
39+
- name: Checkout repository
40+
uses: actions/checkout@v4
41+
42+
# Initializes the CodeQL tools for scanning
43+
- name: Initialize CodeQL
44+
uses: github/codeql-action/init@v3
45+
with:
46+
languages: ${{ matrix.language }}
47+
# If you wish to specify custom queries, you can do so here or in a config file.
48+
# By default, queries listed here will override any specified in a config file.
49+
# Prefix the list here with "+" to use these queries and those in the config file.
50+
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
51+
# queries: security-extended,security-and-quality
52+
53+
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
54+
# If this step fails, then you should remove it and run the build manually
55+
- name: Autobuild
56+
uses: github/codeql-action/autobuild@v3
57+
58+
# ℹ️ Command-line programs to run using the OS shell.
59+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
60+
61+
# If the Autobuild fails above, remove it and uncomment the following three lines.
62+
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
63+
64+
# - name: Build Python
65+
# if: matrix.language == 'python'
66+
# run: |
67+
# pip install -r backend/requirements.txt
68+
69+
# - name: Build JavaScript/TypeScript
70+
# if: matrix.language == 'javascript-typescript'
71+
# run: |
72+
# cd frontend && npm ci && npm run build
73+
# cd ../contracts && npm ci && npm run compile
74+
75+
- name: Perform CodeQL Analysis
76+
uses: github/codeql-action/analyze@v3
77+
with:
78+
category: "/language:${{matrix.language}}"
Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
name: Dependency Review
2+
3+
on:
4+
pull_request:
5+
branches: [ main, develop ]
6+
7+
permissions:
8+
contents: read
9+
10+
jobs:
11+
dependency-review:
12+
name: Dependency Review
13+
runs-on: ubuntu-latest
14+
permissions:
15+
contents: read
16+
pull-requests: write
17+
18+
steps:
19+
- name: Checkout code
20+
uses: actions/checkout@v4
21+
22+
- name: Dependency Review
23+
uses: actions/dependency-review-action@v4
24+
with:
25+
# Fail the action if vulnerabilities are found
26+
fail-on-severity: moderate
27+
# Allow licenses (customize based on your requirements)
28+
# deny-licenses: GPL-2.0, LGPL-2.0
29+
# Comment on PR with dependency changes
30+
comment-summary-in-pr: always
31+
# Configuration options:
32+
# fail-on-scopes: runtime, development
33+
# vulnerability-check: true
34+
# license-check: true

0 commit comments

Comments
 (0)