Skip to content

Commit 96ae111

Browse files
feat(.github): Add GitHub workflows from hve-core (#22)
* build(scripts): add linting infrastructure with npm scripts - add package.json with lint:md, lint:ps, lint:links, spell-check scripts - migrate .markdownlint.json to .markdownlint-cli2.jsonc with ignores - add PowerShell linting scripts from hve-core pattern - add LintingHelpers module for GitHub Actions integration 🔧 - Generated by Copilot * ci(.github): add GitHub Actions workflows from hve-core - add pr-validation.yml orchestrating linting on pull requests - add main.yml for CI on pushes to main branch - add codeql-analysis.yml for Python security scanning - add dependency-review.yml for PR dependency security checks - add individual reusable workflows: spell-check, markdown-lint, table-format, ps-script-analyzer, link-lang-check, markdown-link-check - add Markdown-Link-Check.ps1 script and config 🔧 - Generated by Copilot * fix(.github): address Copilot review comments on PR #22 - link-lang-check: remove unused SoftFail param splatting - link-lang-check: correct env var LINK_LANG_CHECK_FAILED to LINK_LANG_FAILED - pr-validation: add pull-requests: write for dependency-review job - dependency-review: remove duplicate pull_request trigger, add harden-runner - package.json: use exact versions (remove ^ prefix) - codeql-analysis: clarify time format to 04:00 UTC 🔧 - Generated by Copilot * fix: add package-lock.json for npm caching in CI workflows 📦 - Generated by Copilot * fix(build): lint only changed markdown files in PRs - add changed-files detection step to markdown-lint workflow - add changed-files detection step to markdown-link-check workflow - skip lint/link-check when no markdown files changed 📦 - Generated by Copilot * fix(docs): resolve markdown lint and link errors - auto-fix blanks-around-lists and blanks-around-fences violations - add LICENSE.md and ISSUE_TEMPLATE.md to lint ignores - fix line length and emphasis-as-heading in README - update Azure CLI URL to learn.microsoft.com 📝 - Generated by Copilot # Conflicts: # .github/ISSUE_TEMPLATE.md # README.md * fix(docs): correct broken link to OSMO workflow examples 🔗 - Generated by Copilot * chore(docs): rename LICENSE.md to LICENSE 📄 - Generated by Copilot * docs: update LICENSE references after rename - Update README.md link to point to LICENSE instead of LICENSE.md - Remove LICENSE.md from markdownlint ignores 📝 - Generated by Copilot * fix(docs): resolve markdown lint errors and update linting workflows - Fix 332 markdownlint errors across 24 files (tables, headings, code blocks) - Revert workflows to lint all files instead of using changed-files filter - Use 4-backtick wrapper in chatlog.prompt.md for nested code block template - Restore SECURITY.md Microsoft boilerplate content 📝 - Generated by Copilot * fix(docs): remove en-us path segment from Microsoft Docs URLs - Remove en-us from 4 URLs in vpn/README.md and azureml-validation-job-debugging.md - Reformat tables after URL changes 🔗 - Generated by Copilot * fix(docs): correct broken relative links in templates and docs - Fix issue template: README.md → ../../README.md, docs/ → ../../docs/ - Fix PR template: remove .github/ prefix from relative paths - Fix debugging doc: update deploy/004-workflow path to workflows/azureml 🔗 - Generated by Copilot
1 parent 4aede6f commit 96ae111

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

43 files changed

+6502
-758
lines changed

.github/ISSUE_TEMPLATE/00-general.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -45,14 +45,14 @@ Include any relevant information:
4545

4646
<!-- Fill in if relevant to your issue -->
4747

48-
| Component | Version |
49-
|-----------|---------|
50-
| OS | Ubuntu 22.04 / Windows 11 |
51-
| Python | 3.10.x / 3.11.x |
52-
| Terraform | 1.9.x |
53-
| Azure CLI | 2.x |
54-
| Isaac Sim | 4.5 / 5.0 |
55-
| GPU | NVIDIA RTX / A100 |
48+
| Component | Version |
49+
|-----------|---------------------------|
50+
| OS | Ubuntu 22.04 / Windows 11 |
51+
| Python | 3.10.x / 3.11.x |
52+
| Terraform | 1.9.x |
53+
| Azure CLI | 2.x |
54+
| Isaac Sim | 4.5 / 5.0 |
55+
| GPU | NVIDIA RTX / A100 |
5656

5757
## Additional Notes
5858

@@ -63,4 +63,4 @@ Include any relevant information:
6363
**Before submitting:**
6464

6565
- [ ] I have searched [existing issues](https://github.com/Azure-Samples/azure-nvidia-robotics-reference-architecture/issues) for duplicates
66-
- [ ] I have reviewed the [README](README.md) and [documentation](docs/)
66+
- [ ] I have reviewed the [README](../../README.md) and [documentation](../../docs/)

.github/PULL_REQUEST_TEMPLATE.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
1+
# Pull Request
2+
13
## Description
4+
25
<!-- Brief description of changes. Link related issues using Closes #123 -->
36

47
Closes #
@@ -34,8 +37,8 @@ Closes #
3437

3538
## Checklist
3639

37-
- [ ] My code follows the [project conventions](.github/copilot-instructions.md)
38-
- [ ] Commit messages follow [conventional commit format](.github/instructions/commit-message.instructions.md)
40+
- [ ] My code follows the [project conventions](copilot-instructions.md)
41+
- [ ] Commit messages follow [conventional commit format](instructions/commit-message.instructions.md)
3942
- [ ] I have performed a self-review
4043
- [ ] Documentation updated as needed
4144
- [ ] No new linting warnings introduced

.github/copilot-instructions.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,20 +13,24 @@ Items in **HIGHEST PRIORITY** sections from attached instructions files override
1313
**Artifacts:** Do not create or modify tests, scripts, or one-off markdown docs unless explicitly requested.
1414

1515
**Comment policy:** Never include thought processes, step-by-step reasoning, or narrative comments in code.
16+
1617
* Keep comments brief and factual; describe **behavior/intent, invariants, edge cases**.
1718
* Remove or update comments that contradict the current behavior. Do not restate obvious functionality.
1819
* Do NOT add temporal or plan-phase markers (e.g. "Phase 1 cleanup", "... after migration", dates, or task references) to code files. When editing or updating any code files, always remove or replace these types of comments.
1920

2021
**Conventions and Styling:** Always follow conventions and styling in this codebase FIRST for all changes, edits, updates, and new files.
22+
2123
* Conventions and styling are in instruction files and must be read in with the `read_file` tool if not already added as an `<attachment>`.
2224

2325
**Proactive fixes:** Always fix problems and errors you encounter, even if unrelated to the original request. Prefer root-cause, constructive fixes over symptom-only patches.
26+
2427
* Always correct all incorrect or problematic conventions, styling, and redundant and/or misleading comments.
2528

2629
**Deleting files and folders:** Use `rm` with the run_in_terminal tool when needing to delete files or folders.
2730

2831
**Edit tools:** Never use `insert_edit_into_file` tool when other edit and file modification tools are available.
2932

3033
**Memory and tracking work**: Always track work in Beads instead of Markdown.
34+
3135
* All upcoming work, tracked work, issues, plans, todos, phases, tasks, and memory must always use the mcp_beads tools.
3236
* Don't ever use git commands for anything related to the mcp_beads tools and beads in general, its at the user's discretion when to use git commands and tools.

.github/instructions/commit-message.instructions.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,6 @@ Scopes MUST be one of the following:
3838
- `(src)`
3939
- `(deploy)`
4040

41-
4241
## Description
4342

4443
- Description MUST be short and LESS THAN 100 bytes
@@ -62,7 +61,7 @@ For larger changes only:
6261

6362
- Footer MUST start with a blank line
6463
- Must include an emoji that represents the change
65-
- Must end with ` - Generated by Copilot`
64+
- Must end with `- Generated by Copilot`
6665

6766
## Example Complete Commit Message - Large
6867

.github/instructions/docs-style-and-conventions.instructions.md

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -39,12 +39,12 @@ Documents follow this section order when applicable:
3939

4040
### Heading Levels
4141

42-
| Level | Usage |
43-
|-------|-------|
44-
| H1 (`#`) | Document title only, one per file |
45-
| H2 (`##`) | Major sections |
46-
| H3 (`###`) | Subsections within H2 |
47-
| H4+ | Avoid; restructure content instead |
42+
| Level | Usage |
43+
|------------|------------------------------------|
44+
| H1 (`#`) | Document title only, one per file |
45+
| H2 (`##`) | Major sections |
46+
| H3 (`###`) | Subsections within H2 |
47+
| H4+ | Avoid; restructure content instead |
4848

4949
### README Section Emojis
5050

@@ -98,9 +98,9 @@ Use tables for structured information. Tables are scannable and align related da
9898
- Prerequisites with versions
9999

100100
```markdown
101-
| Script | Purpose |
102-
|--------|---------|
103-
| `01-deploy-robotics-charts.sh` | GPU Operator, KAI Scheduler |
101+
| Script | Purpose |
102+
|----------------------------------|---------------------------------------|
103+
| `01-deploy-robotics-charts.sh` | GPU Operator, KAI Scheduler |
104104
| `02-deploy-azureml-extension.sh` | AzureML K8s extension, compute attach |
105105
```
106106

@@ -280,10 +280,10 @@ This pattern appears frequently in AI-generated content:
280280
**Use tables when structure matters:**
281281

282282
```markdown
283-
| Component | Requirement |
284-
|-----------|-------------|
285-
| Storage | Blob containers for checkpoints |
286-
| Compute | GPU nodes with sufficient memory |
283+
| Component | Requirement |
284+
|------------|---------------------------------------|
285+
| Storage | Blob containers for checkpoints |
286+
| Compute | GPU nodes with sufficient memory |
287287
| Networking | Private endpoints with DNS resolution |
288288
```
289289

@@ -329,10 +329,10 @@ Required fields: `title`, `description`. Add `ms.date` for versioned content.
329329

330330
## File Naming
331331

332-
| Type | Convention | Example |
333-
|------|------------|---------|
334-
| README | `README.md` (uppercase) | `deploy/README.md` |
335-
| Guides | kebab-case | `mlflow-integration.md` |
332+
| Type | Convention | Example |
333+
|------------|-----------------------------|---------------------------------------|
334+
| README | `README.md` (uppercase) | `deploy/README.md` |
335+
| Guides | kebab-case | `mlflow-integration.md` |
336336
| References | kebab-case with type suffix | `azureml-validation-job-debugging.md` |
337337

338338
## Checklist

.github/instructions/shell-scripts.instructions.md

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -100,34 +100,40 @@ info "Operation complete"
100100
<!-- <important-conventions> -->
101101

102102
**Arguments:**
103+
103104
- Short: `-h`, `-t` | Long: `--help`, `--tf-dir`
104105
- Value options: `shift 2` | Flags: `shift`
105106
- Unknown options: `fatal "Unknown option: $1"`
106107

107108
**Variables:**
109+
108110
- Always quote: `"$var"`, `"${array[@]}"`
109111
- Defaults: `var="${ENV_VAR:-default}"`
110112
- Booleans: `true`/`false` strings, test with `[[ "$var" == "true" ]]`
111113

112114
**Output:**
115+
113116
- Progress: `info "message"`
114117
- Warnings: `warn "message"`
115118
- Fatal errors: `fatal "message"`
116119
- Sections: `section "Title"`
117120
- Summaries: `print_kv "Key" "$value"`
118121

119122
**Idempotent operations:**
123+
120124
```bash
121125
kubectl create ... --dry-run=client -o yaml | kubectl apply -f -
122126
helm repo add name url 2>/dev/null || true
123127
```
124128

125129
**Conditional output:**
130+
126131
```bash
127132
print_kv "Status" "$([[ $skip == true ]] && echo 'Skipped' || echo "$version")"
128133
```
129134

130135
**Array building:**
136+
131137
```bash
132138
args=(--version "$ver" --namespace "$ns")
133139
[[ -n "$extra" ]] && args+=(--set "$extra")
@@ -138,14 +144,14 @@ command "${args[@]}"
138144

139145
## Library Functions (lib/common.sh)
140146

141-
| Function | Purpose |
142-
|----------|---------|
143-
| `info`, `warn`, `error`, `fatal` | Colored logging |
144-
| `require_tools tool1 tool2` | Validate CLI tools exist |
145-
| `read_terraform_outputs "$dir"` | Read terraform JSON |
146-
| `tf_get "$json" "path" "default"` | Extract optional value |
147-
| `tf_require "$json" "path" "desc"` | Extract required value |
148-
| `connect_aks "$rg" "$cluster"` | Get AKS credentials |
149-
| `ensure_namespace "$ns"` | Create namespace idempotently |
150-
| `section "Title"` | Print section header |
151-
| `print_kv "Key" "$val"` | Print key-value pair |
147+
| Function | Purpose |
148+
|------------------------------------|-------------------------------|
149+
| `info`, `warn`, `error`, `fatal` | Colored logging |
150+
| `require_tools tool1 tool2` | Validate CLI tools exist |
151+
| `read_terraform_outputs "$dir"` | Read terraform JSON |
152+
| `tf_get "$json" "path" "default"` | Extract optional value |
153+
| `tf_require "$json" "path" "desc"` | Extract required value |
154+
| `connect_aks "$rg" "$cluster"` | Get AKS credentials |
155+
| `ensure_namespace "$ns"` | Create namespace idempotently |
156+
| `section "Title"` | Print section header |
157+
| `print_kv "Key" "$val"` | Print key-value pair |

.github/prompts/chatlog.prompt.md

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ Manage conversation details by creating and maintaining structured chatlog files
3737
* Create the `.copilot-tracking/chatlogs/` directory if it doesn't exist
3838
* Generate a new chatlog file with the following structure:
3939

40-
```markdown
40+
````markdown
4141
# [Descriptive Title]
4242

4343
**Date**: YYYY-MM-DD (e.g., November 19, 2025)
@@ -83,7 +83,7 @@ command here
8383

8484
## Related Documentation
8585

86-
- [Link Title](URL)
86+
* [Link Title](URL)
8787

8888
## Follow-up Issues
8989

@@ -96,7 +96,8 @@ command here
9696

9797
1. [Key takeaway with brief explanation]
9898
2. [Another key takeaway]
99-
```
99+
100+
````
100101

101102
* Populate the chatlog with details from the current conversation context
102103
* Follow markdown linting rules strictly:
@@ -165,6 +166,7 @@ Ready to continue. What would you like to work on?
165166
### Initial Response (mode=create)
166167

167168
Format:
169+
168170
```text
169171
✅ Created chatlog: .copilot-tracking/chatlogs/YYYYMMDD-brief-description-chatlog.md
170172
@@ -191,6 +193,7 @@ Use the format specified in Phase 3 above, then proceed with the conversation.
191193
### Final Summary (optional, at conversation end)
192194

193195
Format:
196+
194197
```text
195198
📋 Chatlog Summary
196199
@@ -201,7 +204,8 @@ Format:
201204
- [Section 2]: [brief description]
202205
203206
**Key Additions**:
204-
- [Most important new insight/solution]
207+
* [Most important new insight/solution]
208+
205209
```
206210

207211
---
Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
name: CodeQL Security Analysis
2+
3+
on:
4+
schedule:
5+
# Weekly scan: Sundays at 04:00 UTC
6+
- cron: '0 4 * * 0'
7+
workflow_call:
8+
9+
permissions:
10+
contents: read
11+
security-events: write
12+
13+
jobs:
14+
analyze:
15+
name: CodeQL Analysis
16+
runs-on: ubuntu-latest
17+
permissions:
18+
contents: read
19+
security-events: write
20+
actions: read
21+
22+
strategy:
23+
fail-fast: false
24+
matrix:
25+
language: ['python']
26+
27+
steps:
28+
- name: Checkout repository
29+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.2.2
30+
with:
31+
persist-credentials: false
32+
33+
- name: Initialize CodeQL
34+
uses: github/codeql-action/init@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0
35+
with:
36+
languages: ${{ matrix.language }}
37+
queries: security-extended,security-and-quality
38+
39+
- name: Autobuild
40+
uses: github/codeql-action/autobuild@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0
41+
42+
- name: Perform CodeQL Analysis
43+
uses: github/codeql-action/analyze@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0
44+
with:
45+
category: "/language:${{ matrix.language }}"
46+
47+
- name: Add job summary
48+
if: always()
49+
run: |
50+
echo "## CodeQL Security Analysis Complete" >> $GITHUB_STEP_SUMMARY
51+
echo "**Language:** ${{ matrix.language }}" >> $GITHUB_STEP_SUMMARY
52+
echo "**Queries:** security-extended, security-and-quality" >> $GITHUB_STEP_SUMMARY
53+
echo "" >> $GITHUB_STEP_SUMMARY
54+
echo "📊 View results in the Security tab under Code Scanning" >> $GITHUB_STEP_SUMMARY
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
name: Dependency Review
2+
3+
on:
4+
workflow_call:
5+
6+
permissions:
7+
contents: read
8+
pull-requests: write
9+
10+
jobs:
11+
dependency-review:
12+
name: Review Dependencies
13+
runs-on: ubuntu-latest
14+
permissions:
15+
contents: read
16+
pull-requests: write
17+
18+
steps:
19+
- name: Harden Runner
20+
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.10.2
21+
with:
22+
egress-policy: audit
23+
24+
- name: Checkout code
25+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.2.2
26+
with:
27+
persist-credentials: false
28+
29+
- name: Dependency Review
30+
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.3.4
31+
with:
32+
fail-on-severity: moderate
33+
comment-summary-in-pr: always

0 commit comments

Comments
 (0)