Skip to content

Add CI/CD workflows with self-hosted runners, privacy/policy docs, and repository rulesets#1

Open
Copilot wants to merge 7 commits intomasterfrom
copilot/manage-install-workflows-runners
Open

Add CI/CD workflows with self-hosted runners, privacy/policy docs, and repository rulesets#1
Copilot wants to merge 7 commits intomasterfrom
copilot/manage-install-workflows-runners

Conversation

Copy link

Copilot AI commented Feb 15, 2026
edited
Loading

Establishes automated workflows, governance documentation, and repository protection for the BUIP archive.

Workflows

Install & Validation (.github/workflows/install.yml)

  • Dependency installation with caching (Node.js, Python)
  • Recursive markdown linting (**/*.md)
  • Repository structure validation
  • Runs on: [self-hosted, linux]

Security Scanning (.github/workflows/security.yml)

  • Dependency review on PRs
  • Secret detection with configurable patterns (.github/security-patterns.yml)
  • Link validation (.github/markdown-link-check.json)
  • File permission auditing
  • Commit signature verification
  • Weekly scheduled scans (Mon 9AM UTC)

Both workflows use explicit permissions: {contents: read} blocks.

Repository Rulesets

Branch Protection (.github/rulesets/main-branch-protection.json)

  • 1 required approval, stale review dismissal
  • Required status checks: install-dependencies, lint-markdown, validate-structure
  • Enforces: linear history, signed commits, no force-push, no deletion

Tag Protection (.github/rulesets/tag-protection.json)

  • Protects v* and release-* patterns
  • Prevents unauthorized creation/modification/deletion

Documentation

  • PRIVACY.md - Data handling, GDPR compliance, CI/CD privacy
  • POLICY.md - Code of conduct, contribution process, BUIP submission, security policy
  • .github/IMPLEMENTATION_GUIDE.md - Runner setup, ruleset deployment (UI/CLI/API)
  • .github/workflows/README.md - Workflow architecture and maintenance
  • .github/rulesets/README.md - Ruleset configuration reference

Configuration

Security patterns externalized to .github/security-patterns.yml for maintainability:

secret_patterns:
  - pattern: "github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}"
    description: "GitHub Personal Access Token"
    severity: "critical"

Allowed email domains configurable:

allowed_email_patterns:
  - "bitcoinunlimited.info"
  - "bitco.in"

Deployment

Maintainers must:

  1. Configure self-hosted runner with [self-hosted, linux] labels
  2. Apply rulesets via Settings → Rules → Rulesets (import JSON files)
  3. Verify workflows execute on next push/PR
Original prompt

Create and manage install workflows with self hosted runners and configure privacy.md and policy.md, apply advanced rulesets for protection

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 6 commits February 15, 2026 17:54
@Kushmanmb
Add install workflows with self-hosted runners, privacy/policy docs, …
76a54f4 
…and advanced rulesets

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add security scanning workflow and implementation guide
f846353 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Address code review feedback: improve security patterns and markdown …
56ccf66 
…linting

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add explicit permissions blocks to workflows for security
3f3e775 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add implementation summary documentation
15f7a9a 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Update README with links to new policies and workflows
979f30d 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
Copilot AI changed the title [WIP] Create and manage install workflows with self-hosted runners Add CI/CD workflows with self-hosted runners, privacy/policy docs, and repository rulesets Feb 15, 2026
Kushmanmb
Yaketh (Kushmanmb) approved these changes Feb 15, 2026
View reviewed changes
Copy link
Member

@Kushmanmb Yaketh (Kushmanmb) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kushmanmb.eth

@Kushmanmb Yaketh (Kushmanmb) marked this pull request as ready for review February 15, 2026 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Kushmanmb Yaketh (Kushmanmb) Kushmanmb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Kushmanmb Yaketh (Kushmanmb)

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kushmanmb