feat: enhance CI workflow with parallelization and mandatory checks

- Remove semantic release workflow for manual version management
- Parallelize CI jobs: code-quality, tests, security, gitleaks
- Add gitleaks secret scanning with full git history
- Split linting/type checking from tests for faster feedback
- Update branch protection to require all parallel CI jobs
- Remove semantic release configuration files (.releaserc.json, node_modules)
- All CI jobs must pass before merge is allowed

CI Jobs:
✅ Code Quality: linting, formatting, type checking
✅ Test Suite: pytest with coverage
✅ Security Scan: bandit security linter
✅ Secret Scanning: gitleaks for credential detection
✅ Build Package: verify package builds correctly
✅ Docker Build: verify Docker image builds

Branch Protection:
- Requires: Code Quality, Test Suite, Security Scan, Secret Scanning
- Pull request reviews: 1 approval required
- Dismiss stale reviews on new commits
- Code owner review required

Author: Zvi Fried

.github/workflows/ci.yml

@@ -10,12 +10,10 @@ env:
   PYTHON_VERSION: "3.13"
 
 jobs:
-  test:
-    name: Test Suite
+  # Parallel job 1: Code Quality (linting, formatting, type checking)
+  code-quality:
+    name: Code Quality
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: ["3.13"]
 
     steps:
     - name: Checkout code
@@ -26,21 +24,42 @@ jobs:
       with:
         version: "latest"
 
-    - name: Set up Python ${{ matrix.python-version }}
-      run: uv python install ${{ matrix.python-version }}
+    - name: Set up Python
+      run: uv python install ${{ env.PYTHON_VERSION }}
 
     - name: Install dependencies
-      run: |
-        uv sync --all-extras --dev
+      run: uv sync --all-extras --dev
 
     - name: Run linting
       run: |
         uv run ruff check src tests
         uv run ruff format --check src tests
 
     - name: Run type checking
-      run: |
-        uv run mypy src
+      run: uv run mypy src
+
+  # Parallel job 2: Tests
+  tests:
+    name: Test Suite
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.13"]
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v5
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v6
+      with:
+        version: "latest"
+
+    - name: Set up Python ${{ matrix.python-version }}
+      run: uv python install ${{ matrix.python-version }}
+
+    - name: Install dependencies
+      run: uv sync --all-extras --dev
 
     - name: Run tests
       run: |
@@ -56,13 +75,16 @@ jobs:
       env:
         CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
+  # Parallel job 3: Security Scanning
   security:
     name: Security Scan
     runs-on: ubuntu-latest
 
     steps:
     - name: Checkout code
       uses: actions/checkout@v5
+      with:
+        fetch-depth: 0  # Full history for gitleaks
 
     - name: Install uv
       uses: astral-sh/setup-uv@v6
@@ -75,17 +97,33 @@ jobs:
     - name: Install dependencies
       run: uv sync --all-extras --dev
 
-
-
     - name: Run bandit security linter
       run: |
         uv add --dev bandit
         uv run bandit -r src/
 
+  # Parallel job 4: Secret Scanning with Gitleaks
+  gitleaks:
+    name: Secret Scanning
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v5
+      with:
+        fetch-depth: 0  # Full history for gitleaks
+
+    - name: Run Gitleaks
+      uses: gitleaks/gitleaks-action@v2
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+
+  # Build job - depends on all parallel jobs
   build:
     name: Build Package
     runs-on: ubuntu-latest
-    needs: [test, security]
+    needs: [code-quality, tests, security, gitleaks]
 
     steps:
     - name: Checkout code
@@ -118,10 +156,11 @@ jobs:
         path: dist/
         retention-days: 7
 
+  # Docker job - depends on all parallel jobs
   docker:
     name: Build Docker Image
     runs-on: ubuntu-latest
-    needs: [test, security]
+    needs: [code-quality, tests, security, gitleaks]
 
     steps:
     - name: Checkout code