chore: repo hygiene — CodeQL, Dependabot, SECURITY.md, badges#12
Merged
Conversation
…ge in CI - Add CodeQL scanning workflow (weekly + on PRs) - Add Dependabot config for pip and GitHub Actions - Add SECURITY.md with vulnerability reporting process - Add README badges (tests, CodeQL, license, Python version) - Add coverage reporting to CI test step - Set repo description and topics Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
Greptile SummaryThis PR adds standard repo hygiene: CodeQL default-setup scanning, Dependabot for pip and GitHub Actions, a
Confidence Score: 5/5Safe to merge — all changes are additive repo hygiene with no logic or runtime risk. All prior review concerns have been resolved. No P0 or P1 issues found. Every change is either a new config file, a CI flag backed by an already-declared dependency, or a documentation update. No files require special attention.
|
| Filename | Overview |
|---|---|
| .github/dependabot.yml | New Dependabot config enabling weekly updates for pip and GitHub Actions dependencies — looks correct and well-configured. |
| .github/workflows/test.yml | Adds pytest-cov flags to the test step; pytest-cov>=5.0 is already listed in dev dependencies in pyproject.toml, so no missing dependency issue. |
| .gitignore | Adds .coverage to gitignore — correct companion to the new coverage reporting step. |
| README.md | Adds four badges (Tests, CodeQL, License, Python); CodeQL badge now correctly points to github-code-scanning/codeql for the default setup workflow, addressing the prior broken-badge issue. |
| SECURITY.md | New security policy file with private advisory link and 72-hour SLA; misleading 'Email:' label from earlier review has been removed. |
Reviews (4): Last reviewed commit: "fix: CodeQL badge URL for default setup ..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
- Remove custom codeql.yml — repo default setup already handles it - Fix SECURITY.md misleading "Email:" label (Greptile P2) - CodeQL badge points to code scanning page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
No PyPI deployment
Not needed yet — hippofloop is used locally via
uv run hippofloop. PyPI publishing can be added when there's a stable release.