feat: implement issue #329 — Compliance: non-stub-feature-ideation.yml

[don-petry]

Closes #329

Implemented by dev-lead agent. Please review.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Review limit reached

@github-actions[bot], we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 58 minutes and 31 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2e950e3c-f023-4df3-8a5f-a2d67cb53f59

📥 Commits

Reviewing files that changed from the base of the PR and between b6c4f09 and 98bb05a.

📒 Files selected for processing (3)

• .github/workflows/ci-failure-analyst.yml
• .github/workflows/feature-ideation.yml
• .gitignore

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev-lead/issue-329-20260526-1717

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d0e8a293ca

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Pin reusable workflow to immutable commit SHA

Referencing the reusable workflow as @v1 makes this job non-deterministic and reintroduces a supply-chain risk: if the upstream tag is retargeted (maliciously or accidentally), this repository will execute different workflow code without a local review. In this job that is especially sensitive because it grants id-token: write and other write-capable permissions, so tag drift can directly change what privileged automation runs.

Useful? React with 👍 / 👎.

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Updates the repository’s Feature Ideation thin-caller workflow to meet org compliance requirements by pinning the reusable workflow to the canonical @v1 ref.

Changes:

• Pin .github/workflows/feature-ideation.yml reusable workflow reference to @v1 (per compliance issue #329).
• Update .gitignore (but introduces an additional duplicate ignore entry that should be cleaned up).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
.gitignore	Adds another .dev-lead/ entry (now duplicated multiple times).
.github/workflows/feature-ideation.yml	Switches reusable workflow reference to petry-projects/.github/...@v1 for compliance.