Skip to content

ci: add CI pipeline with linting, tests, secrets scan, and Dependabot#397

Open
LewallenAE wants to merge 6 commits intonlweb-ai:mainfrom
LewallenAE:feature/add-ci-cd-pipeline
Open

ci: add CI pipeline with linting, tests, secrets scan, and Dependabot#397
LewallenAE wants to merge 6 commits intonlweb-ai:mainfrom
LewallenAE:feature/add-ci-cd-pipeline

Conversation

@LewallenAE
Copy link

Adds automated CI pipeline as mentioned in the README ("CI/CD pipelines are not yet included. Contributions welcome.")

What's included

  • Lint & Format — Ruff for linting and format checking
  • Type checking — mypy (non-blocking for now)
  • Secrets scan — Gitleaks to catch accidentally committed API keys
  • Tests — pytest matrix across Python 3.10, 3.11, 3.12 with coverage
  • Docker build — Validates Dockerfile builds successfully
  • Dependabot — Weekly dependency updates for pip and GitHub Actions

Files added

  • .github/workflows/ci.yml
  • .github/dependabot.yml
  • ruff.toml

Copilot AI review requested due to automatic review settings January 31, 2026 21:35
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a comprehensive CI/CD pipeline to the NLWeb project, addressing the gap mentioned in the README. The implementation includes automated linting, testing, security scanning, and dependency management through GitHub Actions.

Changes:

  • Added CI workflow with linting (Ruff), type checking (mypy), testing across Python 3.10-3.12, secrets scanning (Gitleaks), and Docker build validation
  • Configured Dependabot for automated weekly dependency updates for Python packages and GitHub Actions
  • Added Ruff configuration file for consistent code formatting and linting rules

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 12 comments.

File Description
.github/workflows/ci.yml Defines the complete CI pipeline with jobs for linting, security scanning, matrix testing, and Docker build validation
.github/dependabot.yml Configures automated dependency updates for pip and GitHub Actions with weekly schedules and grouped updates
ruff.toml Establishes linting and formatting rules for the Python codebase with conservative initial configuration

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@LewallenAE
Copy link
Author

@chelseacarter29 Ready for review! Fixed the ruff.toml configuration error and replaced gitleaks with TruffleHog (free alternative) to resolve the CI failures.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments