Skip to content

ci: Add GitHub workflows for dependency review, code quality checks, … #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 10, 2025
Merged

ci: Add GitHub workflows for dependency review, code quality checks, … #3

merged 2 commits into from
Oct 10, 2025

Conversation

@adrianlasota
Copy link
Contributor

This pull request makes significant updates to the repository's CI/CD and code quality automation by standardizing workflows, delegating job definitions to a centralized template repository, and introducing new configuration files for dependency and security management. The changes improve maintainability, consistency, and security across the development lifecycle.

CI/CD Workflow Standardization and Delegation

  • Replaces local workflow definitions (e.g., build_upload_whl.yml, pull_requests.yml, manual_release.yml) with references to reusable workflows from the intel/mfd repository, ensuring consistency and reducing duplication across projects. Updates job names, matrix strategies, and input parameters for better clarity and maintainability. [1] [2] [3] [4]

Addition of Code Quality and Review Automation

  • Adds new workflows for code standard checks, PR title/commit validation, dependency review, and test execution, all referencing centralized templates. This automates quality gates and security checks for every pull request and push to main. [1] [2] [3] [4]

Security and Dependency Management Enhancements

  • Introduces .github/dependabot.yml to enable daily checks for Python dependencies, and .github/dependency_review.yml to enforce license and vulnerability policies for dependencies, increasing supply chain security. [1] [2]

CodeQL Analysis Workflow Refactoring

  • Refactors the codeql.yml workflow to use a remote reusable workflow, simplifies the language matrix, and standardizes job and input names for improved security scanning. [1] [2]

CI/CD Workflow Standardization

  • Delegates build, test, and release workflows (pull_requests.yml, manual_release.yml, main.yml) to reusable workflows in intel/mfd, removing complex local job logic and aligning with organization-wide best practices. [1] [2] [3] [4]

Quality and Security Automation

  • Adds workflows for code standard checks, PR format validation, dependency review, and test execution, all referencing shared templates for consistent enforcement. [1] [2] [3] [4]

Dependency and Vulnerability Management

  • Adds .github/dependabot.yml for daily dependency updates and .github/dependency_review.yml to enforce strict license and vulnerability policies. [1] [2]

Security Scanning Improvements

  • Refactors codeql.yml to use a remote, reusable workflow and simplifies configuration for multi-language analysis. [1] [2]

@adrianlasota
ci: Add GitHub workflows for dependency review, code quality checks, …
4f89059 
…and CI builds

Signed-off-by: Lasota, Adrian <adrian.lasota@intel.com>
@Copilot Copilot AI review requested due to automatic review settings October 10, 2025 07:45
Copilot
Copilot AI reviewed Oct 10, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request modernizes the repository's CI/CD infrastructure by transitioning from local workflow definitions to reusable workflows hosted in the intel/mfd repository, while adding comprehensive code quality and security automation.

  • Replaces local CI/CD workflows with centralized reusable workflows from intel/mfd repository
  • Introduces automated code quality checks, dependency review, and security scanning workflows
  • Adds dependency management configuration through Dependabot and dependency review policies

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/run_tests.yml New workflow for running unit and functional tests using centralized template
.github/workflows/pull_requests.yml Simplified dev build workflow delegating to reusable template
.github/workflows/manual_release.yml Refactored release workflow using centralized template with updated matrix strategy
.github/workflows/main.yml New CI build workflow for main branch pushes
.github/workflows/dependency_review.yml New workflow for automated dependency security and license review
.github/workflows/codeql.yml Simplified CodeQL analysis workflow using reusable template
.github/workflows/check_pr_format.yml New workflow for PR title and commit message validation
.github/workflows/check_code_standard.yml New workflow for code standard compliance checking
.github/workflows/build_upload_whl.yml Removed local reusable workflow in favor of centralized templates
.github/dependency_review.yml Configuration file defining license and vulnerability policies
.github/dependabot.yml Configuration for automated daily dependency updates

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 10, 2025
View reviewed changes
@mfd-intel-bot
Copy link
Contributor

We don't publish DEVs .whl.
To build .whl, run 'pip install git+https://intel/mfd-kvm@ci'

@adrianlasota
fix: Remove unused import from test_hypervisor.py
0ffcc1f 
Signed-off-by: Lasota, Adrian <adrian.lasota@intel.com>
@adrianlasota adrianlasota requested a review from Copilot October 10, 2025 08:26
Copilot
Copilot AI reviewed Oct 10, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated no new comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@adrianlasota adrianlasota merged commit 5c71840 into main Oct 10, 2025
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mchromin mchromin mchromin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adrianlasota @mfd-intel-bot @mchromin