chore(ci): externalize workflow scripts and relocate main flow doc (#722)

* feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs - Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`. - Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily. - Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically. - Introduced `test-benchmarks.yml` for performance benchmarks using Criterion. - Established `test-e2e.yml` for running integration and end-to-end tests. - Developed `test-fuzz.yml` for fuzz testing with configurable runtime. - Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters. - Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes. * ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script * chore(ci): externalize workflow scripts and relocate main flow doc
2026-02-17 19:48:37 -05:00 · 2026-02-17 19:48:37 -05:00 · 69a3b54968
commit 69a3b54968
parent 41da46e2b2
34 changed files with 2090 additions and 1777 deletions
--- a/.github/workflows/pr-auto-response.yml
+++ b/.github/workflows/pr-auto-response.yml
@ -0,0 +1,80 @@
+name: PR Auto Responder
+
+on:
+  issues:
+    types: [opened, reopened, labeled, unlabeled]
+  pull_request_target:
+    types: [opened, labeled, unlabeled]
+
+permissions: {}
+
+jobs:
+  contributor-tier-issues:
+    if: >-
+      (github.event_name == 'issues' &&
+      (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'labeled' || github.event.action == 'unlabeled')) ||
+      (github.event_name == 'pull_request_target' &&
+      (github.event.action == 'labeled' || github.event.action == 'unlabeled'))
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+      - name: Apply contributor tier label for issue author
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          script: |
+            const script = require('./.github/workflows/scripts/pr_auto_response_contributor_tier.js');
+            await script({ github, context, core });
+  first-interaction:
+    if: github.event.action == 'opened'
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Greet first-time contributors
+        uses: actions/first-interaction@a1db7729b356323c7988c20ed6f0d33fe31297be # v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          issue-message: |
+            Thanks for opening this issue.
+
+            Before maintainers triage it, please confirm:
+            - Repro steps are complete and run on latest `main`
+            - Environment details are included (OS, Rust version, ZeroClaw version)
+            - Sensitive values are redacted
+
+            This helps us keep issue throughput high and response latency low.
+          pr-message: |
+            Thanks for contributing to ZeroClaw.
+
+            For faster review, please ensure:
+            - PR template sections are fully completed
+            - `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` are included
+            - If automation/agents were used heavily, add brief workflow notes
+            - Scope is focused (prefer one concern per PR)
+
+            See `CONTRIBUTING.md` and `docs/pr-workflow.md` for full collaboration rules.
+
+  labeled-routes:
+    if: github.event.action == 'labeled'
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+      - name: Handle label-driven responses
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          script: |
+            const script = require('./.github/workflows/scripts/pr_auto_response_labeled_routes.js');
+            await script({ github, context, core });