Import YAML helpers for repository governance

[CommitAxis]

This pull request introduces necessary configuration files for repository management.

• Chores
  • Configured automated dependency monitoring with weekly checks and auto-merge for minor/patch updates.
  • Added security scanning workflows using CodeQL and OpenSSF Scorecard for continuous code analysis.
  • Enabled automated code quality and linting checks on pull requests.
  • Introduced standardized templates for bug reports and feature requests to improve contribution workflow.
  • Added GitHub funding links and configured label synchronization for improved repository management.

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow configurations to refine CI/CD pipeline behavior during Python and Node.js setup processes.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
issues-heroes-badge	Ready	Preview, Comment	Apr 10, 2026 9:27pm

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e5a70774-7927-4e0c-94a5-6bcb7bc76612

📥 Commits

Reviewing files that changed from the base of the PR and between a0b192d and 68a57ab.

📒 Files selected for processing (2)

• .github/workflows/ai-issue.yml
• .github/workflows/lint.yml

💤 Files with no reviewable changes (2)

• .github/workflows/ai-issue.yml
• .github/workflows/lint.yml

---

📝 Walkthrough

Walkthrough

Removed pip and npm caching configurations from GitHub Actions workflows. The cache: 'pip' option was removed from the Python setup step in ai-issue.yml, and the cache: 'npm' option was removed from the Node setup step in lint.yml.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Cache Configuration .github/workflows/ai-issue.yml, .github/workflows/lint.yml	Removed caching options (cache: 'pip' and cache: 'npm') from setup-python and setup-node action steps, respectively.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related issues

• [MEDIUM] Updated dependency monitoring and security scanning workflows readme-SVG-site-preview#16: Touches the same workflow files (ai-issue.yml and lint.yml) that were modified in this PR.
• [INFORMATIONAL] Repository governance and workflow configuration updates repo-promotion-guide#2: Related through workflow configuration updates to ai-issue.yml mentioned in both issues.

Possibly related PRs

• ci: add Dependabot, auto-merge, lint and CodeQL SAST workflows #13: Both PRs modify .github/workflows/lint.yml setup-node configuration, toggling npm caching behavior.
• Import YAML helpers for repository governance #65: Both PRs modify the same workflow steps in ai-issue.yml and lint.yml, changing pip and npm caching settings.

Suggested labels

codex

Poem

🐰 The caches do disappear, pip and npm take flight,
No more storing dependencies through the workflow night,
Clean and swift, the actions run so free,
A rabbit hops with joy at what will be! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title claims to 'Import YAML helpers for repository governance' but the actual changes only remove caching options from two GitHub Actions workflows, with no YAML helpers introduced.	Update the title to accurately reflect the changes, such as 'Remove pip and npm caching from GitHub Actions workflows' or 'Disable dependency caching in CI workflows'.
Description check	⚠️ Warning	The description describes adding configuration files and various governance features, but the actual changes only involve removing caching from two workflow files, making the description misleading and incomplete.	Revise the description to accurately reflect that only caching options were removed from existing workflows, not new configuration files added for governance.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch upload-repo-governance-1775856467318

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

AI Analysis Summary

The caching for pip and npm has been removed in the workflows, which could slow down the build process. The removed lines are in files .github/workflows/ai-issue.yml and .github/workflows/lint.yml. Consider adding back the caching if it was intentionally removed.

Severity: MEDIUM | Role: ci

Full details: #68