Conversation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Comprehensive analysis scoring the repository 8.2/10 with detailed assessments across 10 categories and actionable improvement suggestions. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents all 11 workflows with triggers, purposes, permissions, required secrets/variables, and configuration details. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…and common tasks
Includes: - Supported versions - Reporting channels (GitHub Security Advisories) - Expected response timeline - Scope and out-of-scope items - Security best practices and features Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Mark as done: - SECURITY.md created - .github/WORKFLOWS.md created Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents: - Template sync mechanism and configuration - Makefile hierarchy and extension points - Hook system for customization - uv-first execution model - Release pipeline flow Includes mermaid diagrams for all major flows. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Defines 40+ terms across categories: - Core Concepts (living templates, sync, materialize, validate) - Configuration Files (template.yml, rhiza.mk, make.d/, local.mk) - Hooks (pre/post targets for install, sync, release, etc.) - Tools (uv, uvx, deptry, hatch) - Workflows (CI, sync, release) - Versioning (bump, release, version source of truth) - Publishing (OIDC, Private :: Do Not Upload) - Patterns (include/exclude, configuration drift) - Environment (.python-version, .venv, uv.lock) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Score changes: - Documentation: 9 → 9.5 (architecture.md, glossary.md added) - CI/CD: 9 → 9.5 (WORKFLOWS.md added) - Security: 8 → 8.5 (SECURITY.md added) - Architecture: 8 → 8.5 (architecture.md added) - Overall: 8.2 → 8.5 Added score summary table for quick reference. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Includes: - Top 10 commands table - Daily workflow guide - Test running examples - Version and release commands - Template sync commands - Troubleshooting table - Key files reference - Environment variables Updates Developer Experience score: 9 → 9.5 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Covers: - Full adoption vs selective adoption paths - Step-by-step migration process - Conflict resolution strategies - Common migration tasks (setup.py, requirements.txt, tox, Black) - Post-migration checklist - Troubleshooting guide - Rollback instructions Updates Developer Experience score: 9.5 → 10 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents: - release.sh purpose, usage, and behavior - Exit codes and environment variables - Safety features and prompts - Script conventions (POSIX, colors, error handling) - Guide for adding new scripts - Customization directory pattern Updates Shell Scripts score: 8 → 8.5 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds new 'sbom' job that generates Software Bill of Materials: - Uses Syft to scan repository and dist artifacts - Outputs SPDX and CycloneDX JSON formats - Attaches SBOM files to GitHub release - Adds SBOM section to release notes Updates: - Release workflow pipeline phases (6 → 7) - WORKFLOWS.md documentation - Security score: 8.5 → 9 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Member
Author
|
Those are only md files suggested by Claude. @HarryCampion There is some work on release. It creates a SBOM. Never heard of this before but it seems to be interesting. Can you please have a look |
- Update overall score header to match table (8.7/10) - Mark shell script documentation as done in Medium Priority - Mark SBOM generation and migration guide as done in Medium-term Actions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add docs/DEPENDENCIES.md documenting all dev dependencies with purposes - Configure Renovate auto-merge for patch updates in renovate.json - Add rhiza_deps-check.yml workflow for automated dry-run checks - Update WORKFLOWS.md to include deps-check workflow (now 12 workflows) - Update analysis.md: Dependency Management score improved to 9.5/10 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Documentation score updated to 10/10 (was 9.5/10) - pdoc API docs are generated and published via make book workflow - Marked pdoc actionable item as already implemented Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Test Coverage score updated to 9/10 (was 7/10) - Coverage is measured, uploaded, and badge generated via make book - No threshold needed as template repo has no src folder - Overall score now 9.1/10 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create docs/ADVANCED.md with monorepo usage patterns - Cover root-level vs hybrid architecture options - Include Makefile extensions for package coordination - Add CI/CD patterns for dynamic package discovery - Document uv workspaces integration - Add versioning strategies (independent vs synchronized) - Include troubleshooting section - Update analysis.md: remove pytest.ini migration suggestion - Mark monorepo documentation as completed Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Coverage reports are published via make book, not as CI artifacts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document required secrets (PAT_TOKEN, PYPI_TOKEN) - Document repository variables for workflow configuration - Add instructions for setting up secrets - Add guide for creating PAT_TOKEN with correct permissions - Document PyPI trusted publishing setup (recommended over tokens) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document recommended branch protection settings for main - Include required status checks (CI, PRE-COMMIT, DEPTRY) - Add settings table with recommendations - Include GitHub Enterprise-specific options Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Mark monorepo documentation as completed in Architecture section. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
release.sh is the only shell script and it is already tested. Remove misleading suggestions about testing "all shell scripts". Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Collaborator
I was just about to ask what this SBOM is. First time I've seen it. I'll have a look |
Collaborator
can we write a test for the SBOM? Or temporarily add to a make? I would like to see what it outputs. |
Member
Author
|
@copilot: Write a test for the SBOM? to see what it outputs. |
Contributor
* Initial plan * Add SBOM test suite and make target Co-authored-by: tschm <2046079+tschm@users.noreply.github.com> * Fix redundant assertion in CycloneDX test Co-authored-by: tschm <2046079+tschm@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: tschm <2046079+tschm@users.noreply.github.com>
The tests were incorrectly using `uvx syft` which installs PySyft (OpenMined's privacy-preserving ML library) instead of Anchore's Syft SBOM generator. Tests now use the syft binary directly and skip gracefully when not installed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CI/CD: 9.5 → 10 (benchmarks + security workflows) - Security: 9 → 9.5 (dedicated security workflow) - Test Coverage: 9 → 9.5 (benchmarks in CI, SBOM test fix) - Updated workflow count: 12 → 14 - Updated test lines: 1,366 → 1,917 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All matrix jobs already have fail-fast: false set: - rhiza_ci.yml - rhiza_codeql.yml - rhiza_marimo.yml Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Signed-off-by: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Quote shell variables ($GITHUB_STEP_SUMMARY, $GITHUB_OUTPUT) and group consecutive echo redirects to satisfy SC2086 and SC2129 checks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
also detailed analysis, workflow documentation and README for .rhiza