feat: implement issue #375 — Compliance audit — 2026-05-29#376
feat: implement issue #375 — Compliance audit — 2026-05-29#376don-petry wants to merge 4 commits into
Conversation
|
Warning Review limit reached
More reviews will be available in 50 minutes and 7 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThis PR introduces a Copilot cloud agent setup workflow template at ChangesCopilot Cloud Agent Setup
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related issues
Suggested labels
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Adds the org-standard copilot-setup-steps.yml workflow template to the .github repo to bootstrap Copilot cloud agent environments, and updates .gitignore for the .dev-lead/ agent working directory. Part of the 2026-05-29 compliance audit remediation.
Changes:
- Adds new
.github/workflows/copilot-setup-steps.ymltemplate with optional Node/Go/Python stack blocks, fork-PR guard, and environment verification step. - Adds a
.dev-lead/entry to.gitignore(duplicates an existing entry).
Reviewed changes
Copilot reviewed 1 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
.github/workflows/copilot-setup-steps.yml |
New Tier-2 template workflow for Copilot cloud agent setup with required checkout + verify steps and commented-out stack blocks. |
.gitignore |
Adds .dev-lead/ ignore entry (already present on the line above). |
Dev-Lead — review-changes (applied)Changes committed and pushed. |
Dev-Lead — fix-bot-comment (applied)Changes committed and pushed. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
https://github.com/petry-projects/.github/blob/b0a4c1c1d98a9561ddedd21c11b9bc8631d55d6f/actionlint#L1
This adds a 5.1 MB Linux executable to the repository root even though the CI workflow already downloads and checksum-verifies actionlint before invoking ./actionlint in .github/workflows/ci.yml. Keeping this unreviewable binary in source control bloats every checkout and can mislead local or future automation into running the committed artifact instead of the verified download; remove it and rely on the existing installer step.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/copilot-setup-steps.yml:
- Around line 91-92: Update the upstream workflow template so the "Checkout
code" step that uses actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
includes persist-credentials: false; modify the upstream
standards/workflows/copilot-setup-steps.yml (not the per-repo copy) to add
persist-credentials: false to the actions/checkout step, then re-sync the
template to propagate the change to this repo.
In @.gitignore:
- Around line 392-393: Remove the duplicate `.dev-lead/` entry (the repeated
line shown) and move a single `.dev-lead/` line out of below the "End of
petry-projects secrets baseline" footer into the main body (place it in the
agent/worktrees section, e.g., section 13), ensuring the footer remains the
final block; delete the extra occurrence so only one `.dev-lead/` entry exists
in the designated section.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: ded7b92c-914a-419d-b2bd-fbe37a28fa0f
📒 Files selected for processing (3)
.github/workflows/copilot-setup-steps.yml.gitignoreactionlint
Dev-Lead — fix-reviews (applied)Changes committed and pushed. |
|
Dev-Lead — review-changes (no-changes)No changes were needed for this PR. |
Closes #375
Implemented by dev-lead agent. Please review.
Summary by CodeRabbit