Thanks for contributing! This repository uses GitHub Actions for CI and a few lightweight rules to keep quality high without slowing iteration.
-
Run the linters and tests locally:
pre-commit install && pre-commit run -apytest -q --maxfail=1
-
Open a PR to
main. CI will run:- Ruff + Black + Codespell
- Mypy
- Pytest + coverage (fail under 85% total)
To simplify iteration right now, we do not enforce:
- Required PR reviews or dismissal of stale approvals.
- Linear history / squash-only, and we do not block direct pushes.
Re-enable later (checklist):
- Settings → Branches →
mainrule → enable “Require a pull request before merging”. - Require 1–2 approvals and “Dismiss stale approvals on new commits”.
- Enable “Require linear history” (and optionally “Require branches to be up to date”).
This repo uses ci/requirements-dev.txt as the cache key for pip caches in CI.
- If you add or update dev tools, update that file so caching stays effective.
- If you later add a top-level
pyproject.toml/requirements.txt, you can removecache-dependency-pathfrom workflows.
- CodeQL scanning is enabled.
- Dependabot is configured for
pipand GitHub Actions. - Do not commit secrets. Tests should mock privileged calls.
We aim for 85% overall, with a focus on critical modules:
provision/cli.py, initramfs.py, postcheck.py, root_sync.py, safety.py.