feat(ci): Implement comprehensive CI/CD, security, and maintenance wo…

[aniebietafia]

…rkflows

• Enforce 60% test coverage threshold in the CI pipeline.
• Add automated PR labeling based on changed files and PR size.
• Implement automated Issue labeling using regex content matching.
• Add OWASP Dependency Check with a suppression configuration file.
• Implement CodeQL static analysis for deep security scanning.
• Create an automated Release Versioning workflow (tagging, changelog, and GH releases).
• Add a maintenance workflow to manage stale issues and pull requests.
• Centralize project metadata and linter configurations in pyproject.toml.

Summary by CodeRabbit

• New Features

  • Health check endpoint added
  • Token / TokenData models introduced
  • User listening_language preference added

• Documentation

  • CI status badge added to README
  • Linting/type-checking guidance documented

• Chores

  • CI, code-quality, security, dependency-scan, release, labeling, and stale workflows added
  • Automatic issue/PR labeling configured
  • OWASP suppression template added
  • Tooling configs and dev dependencies updated (linting/type-checking)

• Tests

  • Health endpoint test updated to assert response body

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds multiple GitHub Actions workflows, labeler configs and OWASP suppressions; introduces Ruff/Mypy tooling and config changes, dependency updates, PEP 604 type-hint updates across config/models/schemas, a /health endpoint and test, and minor Alembic formatting and migration file updates.

Changes

Cohort / File(s)	Summary
Workflows .github/workflows/ci.yml, .github/workflows/code-quality.yml, .github/workflows/codeql.yml, .github/workflows/dependency-check.yml, .github/workflows/labeler.yml, .github/workflows/release.yml, .github/workflows/stale.yml	Add CI, lint/typecheck, CodeQL analysis, OWASP dependency scanning, auto-labeling, semantic release/versioning, and stale-issues automation workflows.
Labelers & OWASP .github/issue-labeler.yml, .github/labeler.yml, .github/owasp-suppressions.xml	Introduce issue-content regex labeler, file-change-based labeler rules, and an OWASP Dependency Check suppressions template.
Tooling & project config pyproject.toml, requirements.txt, linting_issue.md	Switch to Ruff + MyPy configs, expand mypy overrides, update isort/format settings, add ruff/mypy dev deps, remove FastAPI extras, and add a linting roadmap.
App entry & health app/main.py, tests/test_main.py	Add GET /health endpoint returning status/version and a main uvicorn guard; add test asserting health response.
Schemas & auth app/schemas/user.py	Add Token and TokenData models; extend UserResponse with is_active, is_verified, created_at; convert Optional[...] to `X
User model changes app/models/user.py, app/models/__init__.py	Update type hints to PEP 604 unions, reformat mapped_column usage, add listening_language defaulting to "en", and minor import/comment formatting.
Config typing app/core/config.py	Change Optional[str] hints to `str
Migrations / Alembic alembic/env.py, alembic/versions/11781e907181_initial_migration.py	Remove duplicate import in env.py; reformat migration file, update type hints to PEP 604, reorder imports and quote identifiers—no schema semantics changed.
Docs / README README.md, linting_issue.md	Add CI badge to README and include linting enforcement plan document.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant Repo as Repository
  participant GH as GitHub Actions
  participant Py as pyproject.toml
  participant Release as GitHub Release

  Dev->>Repo: push commit to main
  Repo->>GH: trigger `release.yml`
  GH->>Repo: inspect commits, determine bump type
  GH->>Py: read current version
  GH->>Repo: update pyproject.toml & app version files, commit & tag
  GH->>Repo: push tag
  GH->>Release: create release with changelog and tag
  Release-->>Dev: release published

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I hopped through workflows, labels, and tests,
I nudged the types and tidied up nests,
A health ping I left upon the API gate,
Automations hum while linters negotiate,
Happy hops — versioned carrots on my plate! 🥕

📝 Coding Plan

• Generate coding plan for human review comments

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.

[github-actions]

⚠️ CodeQL security scan failed. Please check the workflow logs.