ci: wire org-wide security-scan + dependabot + CODEOWNERS#3
Conversation
Standardization pass across public ResQ repos. Inherits org-level
defaults (CoC / Contributing / Security / Support / PR + issue
templates) from resq-software/.github.
.github/workflows/security.yml Thin caller for the reusable workflow
with languages=["actions"].
.github/dependabot.yml Weekly grouped updates for: github-actions.
.github/CODEOWNERS Default owner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 1 minutes and 21 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces repository configuration files, specifically adding a .github/CODEOWNERS file and a .github/dependabot.yml file for weekly GitHub Actions dependency updates. Feedback indicates that a security workflow file mentioned in the PR description is missing from the changes and suggests expanding security scanning to include JavaScript. Additionally, it is recommended to assign a team rather than an individual as the default owner in the CODEOWNERS file for better maintainability.
| # | ||
| # Weekly dependency updates, grouped to keep PR noise low. | ||
|
|
||
| version: 2 |
There was a problem hiding this comment.
The pull request description mentions the addition of .github/workflows/security.yml, but this file is missing from the current changes. Additionally, the description notes languages=['actions'] for the scan; however, given the presence of MDX files and OpenAPI specs in this repository, consider including javascript in the scan languages to ensure comprehensive coverage.
| @@ -0,0 +1,2 @@ | |||
| # Default owner for everything not matched by a more specific rule. | |||
| * @WomB0ComB0 | |||
There was a problem hiding this comment.
For organization-owned repositories, it is a best practice to assign a team (e.g., @resq-software/maintainers) as the default owner rather than an individual user. This ensures that code review responsibilities are shared and remain functional even if an individual's availability or role changes.
* @resq-software/maintainers
1 participant
Standardization pass across public ResQ repos.
.github/workflows/security.yml— caller for the reusablesecurity-scan.yml(CodeQL + Gitleaks + OSV + dependency-review) withlanguages=["actions"]..github/CODEOWNERS— default owner.Inherits CoC / Contributing / Security / Support / PR + issue templates from
resq-software/.github.🤖 Generated with Claude Code