#3336 reduced the PR-checks workflow to pull-requests:read on the
assumption that PR labels/comments only need issues:write (the REST path
is /issues/{n}/...). They do not: modifying a pull request's labels or
comments requires the pull-requests scope, so issues:write alone returns
403 and crashed the description check on every PR. Restore
pull-requests:write, and fail soft in swapLabel so a label-permission
error can never mask the description verdict.
* ci(pr-checks): add Conventional Commits PR-title check, pin actions by SHA
Add a check-title job that fails the PR when the title is not Conventional
Commits format (type(scope): summary), via an inline github-script regex.
Pin the workflow's actions to their latest release commit SHAs:
actions/checkout v6.0.3 and actions/github-script v9.0.0.
* ci(pr-checks): flag unmergeable PRs in the PR-checks workflow
Add a check-mergeable job to the (renamed) PR checks workflow: on PR events,
poll the PR's mergeable state and, when it conflicts with the base, remove
'ready for review', add a red 'merge conflict' label (auto-created), and
comment; clear the label once mergeable again. Single-PR, no push trigger.
Add ready_for_review to the trigger types.
* ci(pr-checks): drop the comment from check-mergeable, label swap only
* ci(pr-checks): least-privilege workflow permissions
contents:read for base-ref checkout, pull-requests:read for pulls.get
mergeability, issues:write for label + comment management. Drops the
unused pull-requests:write (labels and PR comments go through the issues
API).
* ci: skip pytest smoke on documentation-only changes
Adding paths-ignore for **.md and docs/** so that PRs that touch only
markdown files do not trigger the full pytest suite. Runner minutes are
spent only when Python or config files change.
Closes#2646.
* ci: detect docs-only changes inside the job instead of paths-ignore
Previously paths-ignore on the pull_request trigger caused the entire
workflow to be skipped, which can leave required checks pending and block
merging. Instead, keep the workflow always-triggered and detect docs-only
changes inside python-tests with a git diff step; if every changed file
is a .md or docs/ path, the step reports success without running pytest.
The syntax jobs (python-syntax, node-syntax) are cheap enough to always run.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Switching to a two-branch workflow: contributors open PRs against `dev`,
and `main` is fast-forwarded to a tested `dev` commit at each release.
This separates "things land in staging" (can move fast) from "things
ship to users" (slow, tested in a browser by the maintainer first).
CONTRIBUTING: add a Branch model section explaining the split + how to
retarget a PR.
PR template: add an explicit "this PR targets dev" checkbox at the top
so it's the first thing a contributor confirms.
End-users cloning the repo will now land on `dev` by default; they can
`git checkout main` if they want the curated branch.
.github/workflows/ci.yml runs on push to main + PRs:
- python-syntax: compileall over app.py + core/routes/src/services/scripts/tests
- node-syntax: node --check on our JS (static/app.js + static/js)
- python-tests: pip install + pytest (continue-on-error for now)
Hardening: least-privilege `permissions: contents: read`, a `concurrency`
group that cancels superseded runs, and actions pinned to commit SHAs
(version in a comment) instead of mutable tags.
* ci: harden description checks (dropdown placeholder, how-to-test, link \b)
- issue: flag sections still showing the "-- Please Select --" dropdown
placeholder (added in #2068) as a single comma-separated line item;
presence-only checks previously let an un-chosen dropdown pass.
- PR: replace the numbered-step "How to Test" rule with a non-trivial
content requirement (>=30 chars). The old /\d+\.\s*\S/ rule both
false-failed prose/code-block test plans and was gamed by an empty
"1. 2. 3." shell; the message now explains what detail to provide.
- PR: tighten the linked-issue regex to /#\d+\b/ so a hex colour like
#1a2b3c no longer counts as an issue reference.
---------
Co-authored-by: Povilas Kirna <povilas.kirna@pebble.net>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* fix: add 'willing to fix' dropdown to bug report issue template
The feature request template has an 'Are you willing to implement
this?' dropdown but the bug report template was missing it, leaving
a plain textarea with a placeholder hint instead. Add a matching
dropdown for consistency.
Fixes#2059
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add '-- Please Select --' default option to match feature_request template
Rebased on #2068 and added the placeholder option for consistency.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci: add issue/PR description completeness checks (#1958)
Two github-script workflows that validate description structure on
issue/PR open/edit/reopen, for submissions that bypass the browser
template (API, gh CLI, agent bulk PRs).
- PR check: Summary, Linked Issue, Type of Change, duplicate-search
box, How to Test.
- Issue check: body length + per-label bug/enhancement fields, plus a
bug+enhancement conflict guard.
- Pass deletes any prior bot comment and applies `ready for review`;
fail posts an in-place comment, fails the check, and applies
`needs work` (PRs) / `needs more info` (issues).
- References existing labels only — never creates or recolours repo
labels (checks existence first, warns and skips if absent).
- Safe pull_request_target: checkout pinned to the base ref, sparse
`.github/scripts` only; PR head never checked out.
Closes#1958
Co-authored-by: Povilas Kirna <povilas.kirna@pebble.net>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
The post-launch PR flood from LLM coding agents drowned the repo in PRs
that don't run the app, attach no screenshots, and invent parallel
component styling. Even tiny correctness fixes accumulated into a visual
mess. Make the rules explicit in both the PR template and CONTRIBUTING:
- Run the app and view the change in a browser before submitting.
- Required screenshot for any UI/render touch (no longer "delete if not UI").
- Explicit style requirements: reuse CSS variables, no Unicode emoji
(use SVG icons), monospaced font, dark theme, no parallel widgets.
- Direct callout for bulk agent-generated PRs: open an issue first.
PRs that ignore these will be closed without merge, regardless of code
correctness.
* chore: add PR template, issue templates, and triage action
Adds a complete contribution quality layer to reduce maintainer triage burden:
- .github/pull_request_template.md — structured PR description with checklist
enforcing target branch, one-concern rule, CI green, no print(), schema
regeneration, and ADR/CONTEXT.md update requirements
- .github/ISSUE_TEMPLATE/bug_report.yml — required-field YAML form; GitHub
blocks submission until reproduction steps and environment are filled in
- .github/ISSUE_TEMPLATE/feature_request.yml — required problem/proposal fields
with duplicate-check prompt
- .github/ISSUE_TEMPLATE/config.yml — disables blank issues; funnels questions
to Discussions
- .github/workflows/triage.yml — auto-closes issues and PRs from accounts
younger than 7 days, and closes anything with an empty or unfilled body
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: simplify to templates only — drop triage workflow
- PR template: target main (not dev), strip TS/pnpm/ADR checklist items
that aren't enforced in the current codebase yet
- Remove .github/workflows/triage.yml — account-age and auto-close
policy needs explicit maintainer sign-off before automation
Issue templates and config.yml are unchanged.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: drop CI-green item — no active CI workflow yet
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: upgrade templates with feedback from #1222 and #1211 thread
Bug report:
- Add install method dropdown (Docker / pip / Windows / macOS)
- Split into separate Expected Behaviour and Actual Behaviour fields
- Add Model / Backend field for LLM-related bugs
- Add prerequisites checkboxes: duplicate search, security vuln redirect,
running latest main
- Add Additional Information free-text field
Feature request:
- Add prerequisites checkboxes (searched issues, searched discussions,
concrete proposal)
- Add area dropdown (Chat/Email/Calendar/Cookbook/etc.) for triage
- Rename and tighten Problem and Solution fields
- Add Prior Art / Related Issues field
- Add Alternatives Considered field
config.yml:
- Replace two generic links with three specific ones: Q&A discussions,
Ideas discussions, and GitHub Security Advisories for vulnerabilities
PR template:
- Rename Summary section with clearer placeholder text
- Add Linked Issue section (Fixes #NNN)
- Add How to Test section with numbered placeholder steps
- Add Screenshots section for UI changes
- Add duplicate-search checklist item
- Remove No print() item (style note, not a structural requirement)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Kenny Van de Maele