AIRA-65: Branch Protection Rules & Core Development Automation

[learn-design-develop]

👤 User Story

As a development team member and external contributor, I need automated branch protection and development workflows for consistent code quality, streamlined contributions, and reduced manual overhead

🎯 Rationale

Currently, the project lacks standardized development workflows and automated quality gates, leading to:

• Manual PR validation and inconsistent branch naming
• No automated testing or security scanning on contributions
• Manual project board updates and branch cleanup overhead
• Unclear process for external contributors to start working
• Risk of unreviewed code reaching main branch
• Time wasted on repetitive manual tasks that could be automated

Implementing core automation will establish professional development practices, improve code quality, and create a scalable foundation for both internal team efficiency and external community contributions.

✅ Acceptance Criteria

🔒 Branch Protection Implementation

• Configure branch protection rules for main branch in repository settings
• Require pull requests before merging with 1 approval minimum
• Enable conversation resolution requirement before merge
• Set up status checks requirement (to be configured after workflows)
• Prevent direct commits to main branch

🤖 Core GitHub Actions Workflows

PR Validation workflow (pr-validation.yml) that validates:

• Branch names follow AIRA-X or hotfix/AIRA-X pattern
• PRs reference issues using "Closes #X" or "AIRA-X" format
• Basic Python tests run successfully
• Security scan with Bandit and TruffleHog passes

Auto-branch creation workflow (auto-branch.yml) for external contributors:

• Triggers when external contribution issues are labeled "approved"
• Creates AIRA-{issue-number} branch automatically
• Comments on issue with setup instructions for contributor

Project automation workflow (project-automation.yml) that:

• Auto-moves issues through board states (Todo → In Progress → Done)
• Auto-closes linked issues when PRs are merged
• Updates project board based on PR/issue events

Branch cleanup workflow (branch-cleanup.yml) that:

• Auto-deletes merged feature branches
• Weekly cleanup of stale branches (>30 days old with no PRs)

📝 Essential Templates

• Pull request template with issue linking and testing checklist
• Internal ticket template for team development with AIRA numbering
• External contribution template for community contributors
• Bug report template for issue reporting

🧪 Testing & Validation

• Test internal developer workflow (create issue → branch → PR → merge)
• Test external contributor workflow (issue → approval → auto-branch → PR)
• Verify all GitHub Actions trigger correctly and pass validation
• Confirm project board automation updates correctly
• Validate branch protection rules prevent direct main commits

📊 Configuration & Integration

• Add required status checks to branch protection after workflow creation
• Configure repository secrets if needed for enhanced security scanning
• Verify all automation works with existing project structure
• Update branch protection to reference specific workflow job names

🎯 Success Metrics

• 100% of new PRs link to issues (enforced by automation)
• 100% consistent branch naming (validated automatically)
• 0% direct commits to main (blocked by protection rules)
• 90%+ reduction in manual project board updates
• External contributors can create working branches within 5 minutes of approval