docs: Update Copilot instructions — secrets & PR checklist #102
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the GitHub Copilot instructions with comprehensive security and development best practices. The update transforms the documentation from containing hardcoded credential examples to providing secure configuration guidance with proper secrets management.
Key changes include:
- Removal of hardcoded credential examples and addition of comprehensive secrets policy
- Introduction of PR/commit checklist and security guidelines for development workflow
- Addition of API naming compatibility guidance to prevent inheritance conflicts
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates GitHub Copilot instructions and related documentation to improve secrets handling and developer guidance.\n\nSummary:\n- Removed hardcoded environment examples from Copilot instructions and added secure guidance for environment variables and secret managers.\n- Added a short Secrets Policy and PR/commit checklist for contributors.\n- Added guidance about Copilot usage (never generate code with embedded credentials).\n- Updated README and MIGRATION.md to reference the new Copilot instructions.\n\nChecklist:\n- [x] No secrets or hardcoded credentials are introduced in this diff\n- [x] Code formatting and static checks suggested (black, flake8, mypy)\n- [x] README and MIGRATION.md updated to reference Copilot guidance\n- [ ] Tests added/updated where applicable (use mocks/fixtures for API calls)\n- [x] Documentation and migration notes updated for any public API or behavior changes\n- [x] Security note added (recommend follow-up pre-commit/secret-scan PR)\n\nRequested reviewers: @mattwyen — please add other maintainers as needed for security review.