Skip to content

feat: project init#29

Open
nazarli-shabnam wants to merge 8 commits into
mainfrom
init/project-init
Open

feat: project init#29
nazarli-shabnam wants to merge 8 commits into
mainfrom
init/project-init

Conversation

@nazarli-shabnam
Copy link
Copy Markdown
Member

@nazarli-shabnam nazarli-shabnam commented May 16, 2026

This pull request introduces foundational configuration and documentation to support local development, CI/CD, Docker builds, and contribution guidelines for the project. It adds essential files for environment setup, Docker image creation, Git hooks, and continuous integration workflows, as well as detailed documentation for contributors and AI code assistants. These changes establish a robust baseline for both developer experience and automation.

Key changes include:

CI/CD and Automation:

  • Added a comprehensive GitHub Actions workflow for CI, covering commit message linting, UI type checking/building, Python testing/compilation, and Docker image build verification. (.github/workflows/ci.yml)
  • Introduced a release workflow to build and publish Docker images for API, worker, and UI to GHCR on version tags. (.github/workflows/release.yml)

Development Environment and Tooling:

  • Added .dockerignore to optimize Docker build context, excluding unnecessary files and secrets from images. (.dockerignore)
  • Provided sample environment variables in .env.example for consistent local and CI configuration. (.env.example)
  • Added Dockerfile for the API service, supporting containerized deployment. (apps/api/Dockerfile)
  • Added Alembic configuration for database migrations, including alembic.ini and a README for migration scripts. (apps/api/alembic.ini, apps/api/alembic/README) [1] [2]

Documentation and Contribution Guidelines:

  • Added detailed contributing guidelines, including commit conventions, local checks, and project structure. (CONTRIBUTING.md)
  • Added a comprehensive README describing project purpose, self-hosting instructions, and CI/CD overview. (README.md)
  • Introduced a CLAUDE.md file to guide AI code assistants on project architecture and setup. (CLAUDE.md)

Git and Commit Hooks:

  • Enforced consistent line endings and binary file handling via .gitattributes. (.gitattributes)
  • Added Husky Git hooks for local commit message linting and UI type checking before commits. (.husky/commit-msg, .husky/pre-commit) [1] [2]

@nazarli-shabnam nazarli-shabnam self-assigned this May 16, 2026
Copilot AI review requested due to automatic review settings May 16, 2026 14:05
@nazarli-shabnam nazarli-shabnam added the enhancement New feature or request label May 16, 2026
@nazarli-shabnam nazarli-shabnam changed the title Init/project init feat: project init May 16, 2026
Copilot AI reviewed May 16, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bootstraps the repository with baseline configuration for local development and CI/CD, plus initial Python API/worker services, a shared “checks” package, Docker/Compose artifacts, and contributor/assistant documentation.

Changes:

  • Added CI and release GitHub Actions workflows, plus commitlint + Husky hooks to enforce commit conventions and run local checks.
  • Introduced initial FastAPI API, a psycopg-based worker, Alembic migrations, and a shared packages/checks library for GitHub security checks.
  • Added Dockerfiles, Compose stack, env examples, and repo hygiene files (.gitignore/.gitattributes/.dockerignore) + docs (README/CONTRIBUTING/CLAUDE).

Reviewed changes

Copilot reviewed 63 out of 67 changed files in this pull request and generated 9 comments.

Show a summary per file
File Description
skills-lock.json Locks AI “skills” metadata.
requirements-test.txt Adds pytest test dependency pin.
README.md Project overview + self-host/CI notes.
pytest.ini Sets pytest discovery paths and pythonpath.
packages/checks/src/checks/base.py Defines Check base + metadata dataclass.
packages/checks/src/checks/github_checks.py Implements GitHub org/repo security checks.
packages/checks/src/checks/runner.py Aggregates and runs all checks.
packages/checks/pyproject.toml Defines build metadata for clevis-checks.
package.json Adds root dev tooling (husky/commitlint).
package-lock.json Locks root Node dev dependencies.
docker-compose.yml Defines db/api/worker/ui services with profiles.
CONTRIBUTING.md Contributor workflow + local/CI parity commands.
commitlint.config.cjs Commitlint configuration + merge commit ignores.
CLAUDE.md Architecture/setup guidance for AI assistants.
apps/worker/tests/test_process_job.py Unit-style tests for worker job processing.
apps/worker/src/worker.py Worker loop + job processing implementation.
apps/worker/src/config.py Worker settings loading via pydantic-settings.
apps/worker/src/_crypto.py Worker token decryption helper.
apps/worker/requirements.txt Worker runtime dependency pins.
apps/worker/entrypoint.sh Worker container entrypoint (builds DATABASE_URL).
apps/worker/Dockerfile Worker image build instructions.
apps/worker/.dockerignore Minimizes worker image build context.
apps/api/tests/test_repositories.py Repository-layer DB tests.
apps/api/tests/test_health.py Health endpoint unit + integration tests.
apps/api/tests/conftest.py SQLAlchemy session/transaction test fixtures.
apps/api/src/services/rbac.py Header-based RBAC dependency.
apps/api/src/services/github_client.py Simple GitHub API client with retries.
apps/api/src/services/cache_service.py Enqueues cache-clear jobs + audit logging.
apps/api/src/services/analytics_service.py Builds an overview score from checks.
apps/api/src/schemas/job.py Pydantic response model for jobs.
apps/api/src/schemas/installation.py Pydantic models for installation sync.
apps/api/src/schemas/cache.py Pydantic models for cache list/clear.
apps/api/src/schemas/analytics.py Pydantic models for analytics overview.
apps/api/src/schemas/init.py Schema package marker.
apps/api/src/routers/jobs.py Jobs listing endpoint.
apps/api/src/routers/health.py Health endpoint.
apps/api/src/routers/auth.py GitHub installation sync endpoint.
apps/api/src/routers/analytics.py Analytics overview endpoint + error mapping.
apps/api/src/routers/actions_cache.py Actions cache list/clear endpoints + RBAC.
apps/api/src/repositories/job_repo.py Job persistence functions.
apps/api/src/repositories/installation_repo.py Installation persistence function.
apps/api/src/repositories/audit_repo.py Audit log persistence function.
apps/api/src/repositories/init.py Repository package marker.
apps/api/src/main.py FastAPI app wiring + middleware/router setup.
apps/api/src/core/middleware.py Request ID middleware.
apps/api/src/core/logging.py Request-id logging filter wiring.
apps/api/src/core/db.py SQLAlchemy models + engine/session factory.
apps/api/src/core/config.py API settings loading via pydantic-settings.
apps/api/src/core/_crypto.py Token encrypt/decrypt helpers for jobs.
apps/api/requirements.txt API runtime dependency pins.
apps/api/entrypoint.sh API entrypoint (builds DATABASE_URL + runs alembic).
apps/api/Dockerfile API image build instructions.
apps/api/alembic/versions/0002_add_jobs_index.py Migration adding composite jobs index.
apps/api/alembic/versions/0001_initial_schema.py Initial DB schema migration.
apps/api/alembic/script.py.mako Alembic revision template.
apps/api/alembic/README Alembic placeholder readme.
apps/api/alembic/env.py Alembic env configuration.
apps/api/alembic.ini Alembic config file.
.husky/pre-commit Local pre-commit hook (UI typecheck).
.husky/commit-msg Local commit-msg hook (commitlint).
.gitignore Updates ignore rules for env, node, data, etc.
.github/workflows/release.yml Builds/pushes images to GHCR on tags.
.github/workflows/ci.yml CI for commitlint, UI checks, Python tests, Docker builds.
.gitattributes Normalizes line endings and marks binaries.
.env.example Sample environment variables for local/CI.
.dockerignore Reduces root Docker build context and excludes secrets.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread apps/worker/tests/test_process_job.py
Comment on lines +4 to +8
from unittest.mock import MagicMock, patch

from _crypto import encrypt_job_token
from config import settings
from worker import process_job
Comment thread packages/checks/pyproject.toml
Comment on lines +8 to +10

[tool.setuptools.packages.find]
where = ["src"]
Comment thread apps/api/alembic/versions/0001_initial_schema.py Outdated
Comment thread apps/api/src/repositories/job_repo.py
Comment on lines +31 to +38
def mark_done(db: Session, job_id: int, result: str) -> None:
db.query(Job).filter(Job.id == job_id).update({"status": "done", "result": result})
db.commit()


def mark_failed(db: Session, job_id: int, error: str) -> None:
db.query(Job).filter(Job.id == job_id).update({"status": "failed", "result": error})
db.commit()
Comment thread apps/api/src/core/config.py
Comment on lines +6 to +10
_ROOT = Path(__file__).resolve().parent
while _ROOT != _ROOT.parent:
if (_ROOT / ".env").exists():
break
_ROOT = _ROOT.parent
Comment thread apps/worker/src/config.py
Comment on lines +6 to +10
_ROOT = Path(__file__).resolve().parent
while _ROOT != _ROOT.parent:
if (_ROOT / ".env").exists():
break
_ROOT = _ROOT.parent
Comment thread apps/api/src/services/rbac.py
Comment on lines +10 to +15
def require_role(required: str) -> Callable:
def _check(x_role: str | None = Header(default=None)) -> str:
role = x_role or settings.default_rbac_role
if _LEVELS.get(role, 0) < _LEVELS.get(required, 0):
raise HTTPException(status_code=403, detail="Insufficient role")
return role
Comment thread packages/checks/src/checks/github_checks.py
Comment on lines +61 to +72
def run(self, owner: str, token: str, base_url: str = "https://api.github.com") -> dict:
repos = _get_all_pages(base_url, f"/orgs/{owner}/repos", token)
checked = 0
protected = 0
for repo in repos:
checked += 1
branch = repo.get("default_branch")
details = _get(f"{base_url}/repos/{owner}/{repo['name']}/branches/{branch}", token)
if details.get("protected"):
protected += 1
compliant = checked > 0 and checked == protected
return {"status": "pass" if compliant else "fail", "value": {"checked": checked, "protected": protected}}
Comment thread .github/workflows/ci.yml
Comment on lines +86 to +94
env:
DATABASE_URL: postgresql+psycopg://clevis:clevis@localhost:5432/clevis
JOB_SECRET_KEY: ${{ secrets.JOB_SECRET_KEY }}
GITHUB_API_BASE: https://api.github.com
CORS_ORIGINS: '["http://localhost:3000"]'
DEFAULT_RBAC_ROLE: viewer
WORKER_POLL_SECONDS: "5"
DEBUG: "false"
steps:
@nazarli-shabnam
fix(ui): replace gitlink with tracked source files
9f1f083 
apps/ui was committed as a submodule gitlink (mode 160000) because
create-next-app ran git init inside the directory. CI checked out an
empty folder, causing the UI typecheck/build and Docker UI build to fail.

Removed the nested .git, unstaged the gitlink, and re-added all source
files as regular tracked files.
@nazarli-shabnam
refactor: update versions, src, checks for API, worker, and checks
92118cb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@nazarli-shabnam nazarli-shabnam

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nazarli-shabnam