This document provides GitHub-specific enhancements and configuration details for the REChain VC Flutter project. It serves as a companion to the main README.md and focuses on repository management, CI/CD workflows, and collaboration features.
https://api.codemagic.io/apps/6915bcd283aa11ca7b9283c5/6915bcd283aa11ca7b9283c4/status_badge.svg
# Fork the repository on GitHub
# Clone your fork
git clone https://github.com/YOUR_USERNAME/rechain-vc.git
cd rechain-vc
# Add upstream remote
git remote add upstream https://github.com/REChainVC/rechain-vc.git- Create feature branch:
git checkout -b feature/your-feature - Sync with main:
git pull upstream main - Make changes and commit: Follow CONTRIBUTING.md
- Push to your fork:
git push origin feature/your-feature - Create Pull Request: Use the PR template
Our project uses comprehensive GitHub Actions workflows for automated testing and deployment:
- CI Pipeline - Tests, linting, and multi-platform builds
- Deployment - Automated deployment to staging/production
- Release Automation - Semantic versioning and changelog generation
- Code Quality - Static analysis and security scanning
- Dependency Updates - Automated dependency management
# Trigger CI workflow
gh workflow run ci.yml
# Trigger specific build
gh workflow run build-matrix.yml --ref develop
# View workflow runs
gh run list --workflow ci.ymlAdd these badges to your README or documentation:
[](https://github.com/REChainVC/rechain-vc/actions/workflows/ci.yml)
[](https://github.com/REChainVC/rechain-vc/actions/workflows/code-quality.yml)
[](https://github.com/REChainVC/rechain-vc/actions/workflows/security.yml)- Bug Report - For reporting bugs
- Feature Request - For suggesting new features
- Security Issues - For security vulnerabilities
See .github/branch-protection.yml for configuration:
- Main Branch: 2 approvals required, CI must pass, code owners must review
- Develop Branch: 1 approval required, basic CI checks
- Release Branches: Strict protection with linear history enforcement
Merge queue is enabled for protected branches (.github/merge-queue.yml):
- Max Queue Size: 5 PRs
- Batch Timeout: 30 seconds
- Required Checks: CI, tests, code quality
- Auto-merge: After all checks pass and approvals received
Code ownership is defined in .github/CODEOWNERS:
- Core Flutter Code:
@rechain-flutter-devs - Android:
@rechain-android-devs - iOS:
@rechain-ios-devs - Web:
@rechain-web-devs - Desktop:
@rechain-desktop-devs - CI/CD:
@rechain-devops
scripts/setup-repository.sh- Initial repository setupscripts/update-dependencies.sh- Update Flutter dependenciesscripts/release.sh- Create GitHub release
# Setup new development environment
chmod +x scripts/setup-repository.sh
./scripts/setup-repository.sh
# Update dependencies
./scripts/update-dependencies.sh
# Create release (requires proper permissions)
./scripts/release.sh v1.2.0- Enable GitHub Advanced Security
- Configure Dependabot for security updates
- Set up code scanning with CodeQL
- Enable dependency review workflow
- Configure secret scanning
- Codecov - Test coverage reporting
- Sentry - Error tracking and performance monitoring
- SonarCloud - Code quality and security analysis
- BrowserStack - Cross-browser and device testing
Labels are automatically created and managed (.github/labels.yml):
- Type:
bug,enhancement,documentation,question - Priority:
priority::critical,priority::high,priority::medium,priority::low - Status:
status::in-progress,status::review-needed,status::blocked - Platform:
platform::android,platform::ios,platform::web,platform::desktop
PRs are automatically labeled based on file paths (.github/workflows/labeler.yml):
- Android changes:
platform::android - iOS changes:
platform::ios - Flutter core:
type::enhancement - Documentation:
documentation
- Security Policy: .github/SECURITY.md
- Vulnerability Reporting: security@rechain.vc
- Security Scanning: Trivy and CodeQL integrated in CI
- Dependency Security: Dependabot security updates
- Code Owners: Required reviews for sensitive code
- Branch Protection: Enforced for main branches
- Merge Queue: Batch merges with validation
- Audit Logs: GitHub audit log enabled
- CONTRIBUTING.md - Contribution guidelines
- SECURITY.md - Security policy and reporting
- RELEASES.md - Release notes template and process
- CODEOWNERS - Code ownership and review requirements
- WORKFLOW.md - CI/CD pipeline overview (TBD)
- ENVIRONMENT.md - Environment variables and secrets (TBD)
- CHANGELOG.md - Automated changelog from commits
- GitHub Releases - Release artifacts and notes
- Action Workflow Logs - Detailed build and test logs
- FUNDING.yml - Support the project
- Bug Bounty Program - Security vulnerability rewards
- Sponsor Button - GitHub Sponsors integration
- Review and approve created configuration files
- Apply branch protection using GitHub repository settings
- Enable merge queue for protected branches
- Configure secrets in repository settings
- Set up integrations (Slack, Discord, etc.)
- Enable GitHub Advanced Security for code scanning
- Configure Dependabot for dependency updates
- Set up monitoring with external tools
- Configure deployment environments in workflow files
- Review and customize all workflow configurations
- Create test PR to verify labeling and workflows
- Test merge queue with sample PRs
- Verify code owner notifications
- Test release workflow with a tag
- Validate security scanning results
- Workflow Coverage: 95% (8/8 workflows active)
- Branch Protection: Configured for main branches
- Code Owners: Defined for all major directories
- Templates: Complete issue and PR templates
- Security: Policy documented, scanning enabled
# Check workflow status
gh workflow list
# View recent runs
gh run list --limit 10
# Check branch protection status
gh api repos/OWNER/REPO/branches/main/protection
# List open PRs with labels
gh pr list --label "tests-passed"Last updated: September 2024
For questions about GitHub configuration, see CONTRIBUTING.md or open a discussion using our templates.