.github file upgrade

[tmikula-dev]

Overview

.github file upgrade to unite it across the CA projects.

Release Notes

• .github file unification: yaml ISSUE TEMPLATES, PR template, RLS Notes workflows

Related

Closes #99

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced enhanced issue templates with structured forms, required fields, and guided prompts for bug reports, feature requests, epics, tasks, and technical debt tracking.
  • Added standardized pull request template with sections for overview and release notes.

• Chores

  • Updated CI/CD workflows with security improvements and expanded release notes configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR upgrades repository GitHub configuration by migrating issue templates from Markdown to YAML format, introducing five new template types (DevOps, documentation, operative, pointer, technical debt), adding a standardized pull request template, and updating CI/CD workflows with pinned action versions and enhanced release notes configuration.

Changes

Cohort / File(s)	Summary
Issue Templates (Removed) bug_report.md, feature_request.md, epic_task.md, question.md, spike_task.md	Deleted five legacy Markdown issue templates
Issue Templates (YAML Format) bug_report.yml, feature_request.yml, epic_task.yml, spike_task.yml	Migrated existing templates to structured YAML format with interactive form fields, dropdowns, textareas, and validation rules
Issue Templates (New Types) devops_task.yml, documentation_task.yml, operative_task.yml, pointer.yml, technical_debt.yml	Added five new issue templates for DevOps tasks, documentation updates, management tasks, cross-repo references, and technical debt tracking
Pull Request Template .../pull_request_template.md	Added standardized PR description template with sections for Overview, Release Notes, and Related issues
Workflow Updates .../check_pr_release_notes.yml	Added license header, pinned action versions to specific SHAs, changed release notes title pattern matching, and added skip-labels/skip-placeholders configuration
Release Workflow .../release_draft.yml	Added license header, pinned multiple action versions to SHAs, renamed step titles, restructured release notes chapters with expanded metadata configuration, and refactored script logic

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Areas requiring extra attention:

• .github/workflows/release_draft.yml — Complex workflow with multiple action version changes, restructured release notes chapters object format, and modified script logic for tag and release creation
• .github/workflows/check_pr_release_notes.yml — Pattern matching behavior changes for release notes title detection
• New template fields — Verify required/optional field validations align with team workflow expectations

Possibly related issues

• .github File Upgrade #99 — Directly addresses the ".github File Upgrade" objectives by implementing YAML issue templates, pull request template, and updated release note workflows as specified

Possibly related PRs

• Trivy Scanning tool pilot implementation #72 — Modifies similar .github/workflows configuration files with related workflow standardization patterns

Suggested reviewers

• petr-pokorny-absa
• oto-macenauer-absa

Poem

🐰 Templates leap and workflows bound,
YAML forms now standardized around,
Release notes dance in chapters new,
Five fresh templates see us through,
GitHub's garden, neat and tight! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	All changes align with issue #99 requirements; however, the pull request does not include a CODEOWNERS file which is an explicitly required component.	Add the CODEOWNERS file to complete all required components specified in issue #99, or clarify if this file was intentionally omitted.
Title check	❓ Inconclusive	The title '.github file upgrade' is vague and generic, using non-descriptive terms that don't convey specific information about the changeset.	Revise the title to be more specific about the primary change, such as 'Add YAML issue templates and update release workflows' or 'Standardize .github templates and workflows'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	The pull request successfully implements all required coding components from issue #99: YAML issue templates, pull request template, and updated release workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/99-github-file-upgrade

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Trivy has completed a full security repository scan ✅ You can find the analysis results for this PR branch on this overview.
Below is the summary of the findings:

TRIVY	CRITICAL	HIGH	MEDIUM	LOW	TOTAL
vulnerability	0	0	0	0	0
secret	0	6	0	0	6
misconfiguration	0	0	1	10	11
license	0	0	0	0	0
➡️ Total	0	6	1	10	17

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/release_draft.yml (1)

17-120: Add explicit workflow permissions and make tag creation idempotent (re-run safe).

• Missing explicit permissions: contents: write: The GITHUB_TOKEN defaults to read-only (contents: read) on new repositories and organizations (since Feb 2, 2023). Tag creation and draft release require explicit write permission. Without it, the workflow will fail at runtime when attempting to create the tag or release.
• The "Create and Push Tag" step (lines 91–109) will hard-fail if the tag already exists, which occurs on re-run or after partial failure. Check for the existing ref first and skip creation if it already exists to make the workflow safely re-runnable.

Example patch:

 name: Draft Release
+permissions:
+  contents: write
 on:
   workflow_dispatch:
@@
       - name: Create and Push Tag
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
@@
           script: |
             const tag = process.env.TAG_NAME
             const ref = `refs/tags/${tag}`;
             const sha = context.sha; // The SHA of the commit to tag
+
+            // Make re-runs safer: skip if tag already exists
+            try {
+              await github.rest.git.getRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: `tags/${tag}`,
+              });
+              core.info(`Tag already exists, skipping createRef: ${tag}`);
+              return;
+            } catch (e) {
+              // 404 means not found => create it; otherwise rethrow
+              if (e.status !== 404) throw e;
+            }
 
             await github.rest.git.createRef({
               owner: context.repo.owner,
               repo: context.repo.repo,
               ref: ref,
               sha: sha
             });

🧹 Nitpick comments (4)

.github/pull_request_template.md (1)

10-11: Make the issue placeholder more actionable.

The generic #issue_number placeholder could be confusing for contributors. Provide an example or guidance to clarify the format and explain linking conventions.

Consider updating to:

-Closes #issue_number
+Closes #<issue_number> <!-- Link the resolved issue here -->

Alternatively, if you prefer even more guidance:

+<!-- Link related issues/PRs: Closes #123, Related #456 -->
+Closes #issue_number

.github/ISSUE_TEMPLATE/devops_task.yml (1)

1-17: Consider adding structured fields for DevOps task details.

While the minimal template is straightforward, DevOps tasks often benefit from additional structure (environment, rollback plan, impact, validation). Consider expanding slightly to capture these aspects without overwhelming the form.

Example additions:

  - type: input
    id: environment
    attributes:
      label: Target Environment
      placeholder: dev, staging, production
    validations:
      required: true

  - type: textarea
    id: rollback-plan
    attributes:
      label: Rollback Plan
      description: Steps to revert if needed
    validations:
      required: false

This is optional; keep it minimal if your team prefers lightweight task capture.

.github/ISSUE_TEMPLATE/technical_debt.yml (1)

1-96: Align/verify the tech debt label name (and existence) to avoid silent non-application.

• Line 3: If tech debt isn’t an existing label, it won’t get applied. Also consider standardizing naming across repos (e.g., tech-debt vs tech debt) to keep automation consistent.

.github/ISSUE_TEMPLATE/bug_report.yml (1)

1-82: Bug template is solid; tweak “Environment” wording and add a redaction reminder for logs.

• Line 66-71: Consider renaming the field label from “Desktop” to “Environment” to cover server/CLI/mobile cases.
• Line 57-60: Consider adding “(please redact secrets/PII)” to the evidence description to reduce accidental leakage.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b0922f and 57841b0.

📒 Files selected for processing (17)

• .github/ISSUE_TEMPLATE/bug_report.md (0 hunks)
• .github/ISSUE_TEMPLATE/bug_report.yml (1 hunks)
• .github/ISSUE_TEMPLATE/devops_task.yml (1 hunks)
• .github/ISSUE_TEMPLATE/documentation_task.yml (1 hunks)
• .github/ISSUE_TEMPLATE/epic_task.md (0 hunks)
• .github/ISSUE_TEMPLATE/epic_task.yml (1 hunks)
• .github/ISSUE_TEMPLATE/feature_request.md (0 hunks)
• .github/ISSUE_TEMPLATE/feature_request.yml (1 hunks)
• .github/ISSUE_TEMPLATE/operative_task.yml (1 hunks)
• .github/ISSUE_TEMPLATE/pointer.yml (1 hunks)
• .github/ISSUE_TEMPLATE/question.md (0 hunks)
• .github/ISSUE_TEMPLATE/spike_task.md (0 hunks)
• .github/ISSUE_TEMPLATE/spike_task.yml (1 hunks)
• .github/ISSUE_TEMPLATE/technical_debt.yml (1 hunks)
• .github/pull_request_template.md (1 hunks)
• .github/workflows/check_pr_release_notes.yml (2 hunks)
• .github/workflows/release_draft.yml (4 hunks)

💤 Files with no reviewable changes (5)

• .github/ISSUE_TEMPLATE/question.md
• .github/ISSUE_TEMPLATE/epic_task.md
• .github/ISSUE_TEMPLATE/feature_request.md
• .github/ISSUE_TEMPLATE/spike_task.md
• .github/ISSUE_TEMPLATE/bug_report.md

🔇 Additional comments (7)

.github/ISSUE_TEMPLATE/documentation_task.yml (1)

1-53: Well-designed documentation template.

The template structure is clear, with a logical field progression and helpful context. Required/optional field balance is appropriate; descriptions and placeholders guide contributors effectively.

.github/workflows/check_pr_release_notes.yml (2)

40-42: Good release notes validation strategy.

The combination of title pattern matching, skip-labels, and skip-placeholders provides flexibility. The use of TBD placeholders aligns well with the new PR template, allowing contributors to draft notes during development without blocking CI.

---

29-29: SHA pinning is properly implemented with current, valid action versions.

Both pinned SHAs reference legitimate published releases:

• actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 → v6.1.0 (current stable version)
• AbsaOSS/release-notes-presence-check@8e586b26a5e27f899ee8590a5d988fd4780a3dbf → v0.4.0 (latest stable version)

No action required.

.github/ISSUE_TEMPLATE/pointer.yml (1)

1-71: Excellent pointer template design.

The structured fields effectively capture cross-repository dependencies. The dropdown for relationship type is particularly well-designed, and the closure conditions field encourages clear resolution criteria. This template addresses a valuable use case for tracking external work.

.github/ISSUE_TEMPLATE/feature_request.yml (1)

1-65: Well-structured feature request template.

The progression from description → problem → acceptance criteria is thoughtful and guides contributors to think through requirements. The acceptance criteria section is especially valuable for clarity during implementation.

.github/ISSUE_TEMPLATE/epic_task.yml (1)

1-47: Solid epic task template.

The required Background and Goals fields establish clear strategic intent. The optional Subtasks and References fields provide useful structure without over-constraining large initiatives. The checkbox placeholder is helpful guidance.

.github/ISSUE_TEMPLATE/spike_task.yml (1)

1-60: Well-designed spike template with good task discipline.

The required fields (Background, Questions, Desired Outcome) establish clear scope. The checkboxes for common spike deliverables (team discussion, documentation, follow-up tickets) are excellent UX and help prevent incomplete spikes. The "keep scope tight" guidance is appropriate.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Ensure the operative label exists; consider tightening “Deadline / Target Date” guidance.

• Line 3: If the operative label doesn’t exist in the repo, it won’t be applied (and users won’t notice). Consider adding/standardizing it (or choosing an existing label).
• Line 39-46: Since issue forms can’t enforce date formats, consider clarifying the placeholder/help text to prefer ISO YYYY-MM-DD only (or rename to “Target timeframe” if you want flexibility).

🤖 Prompt for AI Agents

.github/ISSUE_TEMPLATE/operative_task.yml lines 1-55: the template references a
non-guaranteed "operative" label and provides ambiguous deadline guidance;
update the repository or template so the label is reliable (either create/add
the "operative" label to the repo or replace it with an existing standardized
label and document its use), and tighten the deadline field guidance by changing
the placeholder/description to prefer ISO format "YYYY-MM-DD" only (or
alternatively rename the field to "Target timeframe" if flexibility is intended)
so users get clear instructions.