eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/.github/pull_request_template.md
Claude 1c3b7e53a1
feat: Add comprehensive GitHub Actions CI/CD pipeline 
GitHub Actions Workflows:
- docker-compose-validation.yml: Validates all compose files
  - Syntax validation
  - Network configuration checks
  - Traefik label validation
  - Port exposure warnings
  - Domain consistency checks
  - File naming convention enforcement

- security-checks.yml: Security scanning and validation
  - Gitleaks secret detection
  - Environment file validation
  - Placeholder password checks
  - Container image vulnerability scanning with Trivy
  - Dependency review for pull requests
  - Security report generation

- yaml-lint.yml: YAML formatting and validation
  - yamllint with custom configuration
  - File extension consistency checks
  - YAML structure validation
  - Service naming convention checks
  - Docker Compose version validation

- documentation.yml: Documentation quality checks
  - Markdown linting
  - Link validation
  - README completeness verification
  - Service documentation checks
  - Domain URL validation

- auto-label.yml: Automated PR labeling
  - Category-based labeling (core/media/services)
  - File type detection
  - Size-based labeling
  - Security-related changes detection

Configuration Files:
- .yamllint.yml: YAML linting rules for Docker Compose
- .markdownlint.json: Markdown formatting rules
- .markdown-link-check.json: Link checking configuration
- .pre-commit-config.yaml: Pre-commit hooks setup
- .github/labeler.yml: Auto-labeler configuration
- .github/CODEOWNERS: Code ownership definitions

Templates:
- pull_request_template.md: Comprehensive PR checklist
- ISSUE_TEMPLATE/bug-report.md: Bug report template
- ISSUE_TEMPLATE/service-request.md: New service request template

Documentation:
- SECURITY.md: Security policy and best practices
- CONTRIBUTING.md: Contribution guidelines

Benefits:
- Automated validation of all compose files
- Security scanning on every PR
- Consistent code formatting
- Documentation quality assurance
- Automated issue/PR management
- Pre-commit hooks for local validation
- Comprehensive security policy
- Clear contribution guidelines
2025-11-05 20:09:33 +00:00

2.1 KiB
Raw Permalink Blame History

Description

Type of Change

  • New service addition
  • Service configuration update
  • Bug fix
  • Documentation update
  • Security fix
  • Infrastructure change

Changes Made

Checklist

General

  • All compose files use compose.yaml (not .yml)
  • Code follows Docker Compose best practices
  • Changes tested locally
  • Documentation updated (README.md)

Services (if applicable)

  • Service added to correct category (core/media/services)
  • Proper network configuration (homelab + internal if needed)
  • Volumes properly configured
  • Environment variables use .env file or are documented

Traefik & SSL (if applicable)

  • Traefik labels configured correctly
  • Uses websecure entrypoint
  • Let's Encrypt cert resolver configured
  • Both domains configured (fig.systems and edfig.dev)
  • SSO middleware applied (if appropriate)

Security

  • No secrets committed in .env files
  • Placeholder passwords use changeme_* format
  • No sensitive data in compose files
  • Container runs as non-root user (where possible)

Documentation

  • Service added to README.md service table
  • Deployment instructions added/updated
  • Configuration requirements documented
  • Comments added to compose file explaining purpose

Testing

# Commands used to test:


# Expected behavior:


# Actual behavior:

Screenshots (if applicable)

Related Issues

Additional Notes

For Reviewers

  • All CI checks pass
  • Docker Compose validation passes
  • YAML linting passes
  • Security scans pass
  • No security vulnerabilities introduced