Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Feat/setup workflow #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 26, 2025
Merged

Feat/setup workflow #2

merged 3 commits into from
Oct 26, 2025

Conversation

@midodimori
Copy link
Owner

@midodimori midodimori commented Oct 26, 2025
edited by sourcery-ai bot
Loading

Summary by Sourcery

Set up a unified development workflow with Makefile targets, CI, and versioning tools

Enhancements:

  • Add Makefile with install, lint-fix, test, pre-commit, bump-patch/minor/major, and clean targets
  • Update version to 0.1.1 and add bump-my-version and pre-commit to dev dependencies
  • Add .pre-commit-config.yaml to enforce code formatting and linting hooks
  • Introduce bumpversion.toml for automated version bumping and tagging

Build:

  • Add GitHub Actions CI workflow to run linting and tests on Ubuntu and macOS

Documentation:

  • Update README and default resource READMEs to use new make commands for setup and workflows

@sourcery-ai
Copy link

sourcery-ai bot commented Oct 26, 2025
edited
Loading

Reviewer's Guide

This PR establishes a robust developer workflow by overhauling build scripts, integrating CI and version bumping, updating dependencies, refreshing documentation, and normalizing config file formatting.

Entity relationship diagram for version bumping configuration

erDiagram
  BUMPVERSION_CONFIG {
    current_version string
    parse string
    serialize string
    search string
    replace string
    tag boolean
    tag_name string
    tag_message string
    commit boolean
    message string
  }
  PYPROJECT_TOML {
    version string
  }
  BUMPVERSION_CONFIG ||--|{ PYPROJECT_TOML : updates
  BUMPVERSION_CONFIG ||--|{ GIT_TAG : creates
  GIT_TAG {
    tag_name string
    tag_message string
  }
Loading

Class diagram for Makefile targets and their relationships

classDiagram
  class Makefile {
    +install()
    +lint-fix()
    +test()
    +pre-commit()
    +bump-patch()
    +bump-minor()
    +bump-major()
    +clean()
  }
  Makefile : install() uses "uv sync --all-groups"
  Makefile : install() uses "uv run pre-commit install"
  Makefile : lint-fix() uses "pyupgrade, autoflake, isort, black, mypy"
  Makefile : test() uses "pytest"
  Makefile : pre-commit() uses "pre-commit run --all-files"
  Makefile : bump-patch() uses "bump-my-version bump patch"
  Makefile : bump-minor() uses "bump-my-version bump minor"
  Makefile : bump-major() uses "bump-my-version bump major"
  Makefile : clean() removes "__pycache__, *.egg-info, .pytest_cache, .mypy_cache"
Loading

File-Level Changes

Change Details Files
Enhanced development workflow
  • Expanded Makefile with install, pre-commit, bump and clean targets
  • Added GitHub Actions CI pipeline for linting and testing
  • Configured automated version bumping via bumpversion and bump-my-version
  • Introduced .pre-commit-config.yaml with formatting and linting hooks
  • Updated pyproject.toml with bumped version and new dev dependencies
 Makefile
.github/workflows/ci.yml
.bumpversion.toml
pyproject.toml
.pre-commit-config.yaml
Updated documentation for setup and development
  • Added make install in global and local setup instructions
  • Refreshed development commands section to include new targets (pre-commit, bump-patch, clean)
  • Mirrored documentation updates in resources/configs/default/README.md
 README.md
resources/configs/default/README.md
Standardized resource and prompt file formatting
  • Removed inconsistent trailing entries in default YAML configs
  • Ensured newline consistency across prompt and suffix markdown files
 resources/configs/default/config.checkpointers.yml
resources/configs/default/config.llms.yml
resources/configs/default/config.subagents.yml
resources/configs/default/prompts/agents/code-reviewer.md
resources/configs/default/prompts/agents/general.md
resources/configs/default/prompts/subagents/explorer.md
resources/configs/default/prompts/subagents/general-purpose.md
resources/configs/default/prompts/suffixes/environments.md
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot requested changes Oct 26, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes - here's some feedback:

Blocking issues:

  • An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. (link)

General comments:

  • There are nearly identical installation and workflow instructions duplicated in README.md and resources/configs/default/README.md—consider centralizing these snippets or referencing a single source to reduce drift.
  • The repo now uses both bump-my-version Make targets and a bumpversion config file, which could lead to inconsistent version bumps—standardize on one tool for clarity and maintenance.
  • Your CI job runs lint-fix and tests but doesn’t validate the new .pre-commit-config.yaml—consider adding a make pre-commit or pre-commit run --all-files step in CI to ensure hooks pass.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- There are nearly identical installation and workflow instructions duplicated in README.md and resources/configs/default/README.md—consider centralizing these snippets or referencing a single source to reduce drift.
- The repo now uses both bump-my-version Make targets and a bumpversion config file, which could lead to inconsistent version bumps—standardize on one tool for clarity and maintenance.
- Your CI job runs lint-fix and tests but doesn’t validate the new .pre-commit-config.yaml—consider adding a `make pre-commit` or `pre-commit run --all-files` step in CI to ensure hooks pass.

## Individual Comments

### Comment 1
<location> `.github/workflows/ci.yml:23` </location>
<code_context>
        uses: astral-sh/setup-uv@v5
</code_context>

<issue_to_address>
**security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha):** An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

*Source: opengrep*
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@midodimori midodimori merged commit 2b1b0cb into main Oct 26, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@midodimori