chore: add CI and community hygiene#3
Conversation
3c2636c to
4e6a592
Compare
4e6a592 to
3c2636c
Compare
8a9f273 to
e09cd13
Compare
e09cd13 to
6588c64
Compare
…lates with sdk Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
|
Hey @andreyvelich @kramaranya @kubeflow/kubeflow-sdk-team , are we good to ship this one ? |
Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR enhances repository engineering productivity by updating local developer tooling (uv/ruff/pre-commit/Makefile), tightening CI workflows, and adding GitHub automation for labels, stale issues, dependabot updates, and contribution templates.
Changes:
- Reworked
Makefiletargets arounduv(install/dev sync, lint/format, expanded test/coverage, cleanup). - Added/updated GitHub automation (label sync, stale bot, PR title checks, welcome messages, workflow approvals, dependabot).
- Refreshed repo hygiene/config (pre-commit hooks,
.gitignore, issue/PR templates, contributing docs, minor markdown cleanup).
Reviewed changes
Copilot reviewed 17 out of 20 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| pyproject.toml | Adjusts dependency grouping layout (dev group under [dependency-groups]). |
| kubeflow_mcp/trainer/resources/training-patterns.md | Removes trailing whitespace/blank line at EOF. |
| Makefile | Expands/organizes dev, quality, test, and cleanup targets using uv. |
| LICENSE | Normalizes final line numbering/formatting (no semantic content change). |
| CONTRIBUTING.md | Expands allowed Conventional Commit “Types”. |
| .pre-commit-config.yaml | Adds basic hooks and updates Ruff hooks/config. |
| .gitignore | Broadens ignored artifacts (coverage, envs, uv, notebooks, OS files). |
| .github/workflows/welcome-new-contributors.yaml | Adds first-interaction automation for issues/PRs. |
| .github/workflows/test-python.yaml | Adds pip-audit job; uses setup-uv@v4 in tests. |
| .github/workflows/sync-labels.yaml | Adds workflow to sync labels from .github/labels.yml. |
| .github/workflows/github-stale.yaml | Adds stale issue/PR management workflow. |
| .github/workflows/gh-workflow-approve.yaml | Adds workflow-run approval automation gated by ok-to-test. |
| .github/workflows/check-pr-title.yaml | Switches to pull_request_target and expands semantic title rules. |
| .github/labels.yml | Introduces canonical label set for sync workflow. |
| .github/dependabot.yml | Adds Dependabot config for “uv” and GitHub Actions ecosystems. |
| .github/PULL_REQUEST_TEMPLATE.md | Updates PR template to include related issue/testing/sign-off checklist. |
| .github/ISSUE_TEMPLATE/feature_request.yaml | Updates feature request template and labels. |
| .github/ISSUE_TEMPLATE/config.yml | Adds contact links / issue template config. |
| .github/ISSUE_TEMPLATE/bug_report.yaml | Updates bug report template and labels/required fields. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…5409 and PYSEC-2026-161 Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
…n verify/format Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
- dependabot.yml: change package-ecosystem from "uv" to "pip" — uv is not a supported Dependabot ecosystem; pip correctly reads pyproject.toml - .pre-commit-config.yaml: rename hook id ruff-check → ruff — ruff-check is not a valid hook id in astral-sh/ruff-pre-commit; correct ids are ruff (lint) and ruff-format - sync-labels.yaml: pin third-party actions to immutable commit SHAs (actions/checkout@v4.3.1, EndBug/label-sync@v2) for supply-chain hardening - gh-workflow-approve.yaml: already filters by head_sha client-side — no change needed Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
| "idna>=3.15", # CVE-2026-45409 | ||
| "starlette>=1.0.1", # PYSEC-2026-161 |
There was a problem hiding this comment.
Actually this PR adds security pip-audit checks
And the above pinned versions resolves known CVEs detected by pip-audit, but I have made sure to keep it outside direct dependencies
But I'm happy to tweak it if there is any other standard format to resolve this issues!
There was a problem hiding this comment.
Let's replace pip-audit with osv-scanner in a follow-up which is used in Kubeflow-SDK's implementation.
There was a problem hiding this comment.
I have created issue for follow up here : #29
Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
9019a6a to
43652b2
Compare
Signed-off-by: abhijeet-dhumal <abhijeetdhumal652@gmail.com>
|
Hey @kramaranya @andreyvelich , I have addressed all the above reviews , are we good to launch ? |
@andreyvelich @kramaranya Is there anything remaining for this PR, May I request your review here! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andreyvelich The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes #8
Hardens CI and community workflows before feature work continues.
Inspired from repo : https://github.com/kubeflow/sdk