zhongwei/gh-josiahsiegel-claude-code-marketplace-plugins-git-master
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:29:08 +08:00
commit 139e230a67
10 changed files with 4284 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

382
skills/github-ai-features-2025.md Normal file
View File

@@ -0,0 +1,382 @@
---
name: github-ai-features-2025
description: GitHub AI-powered security and automation features for 2025
---
## 🚨 CRITICAL GUIDELINES
### Windows File Path Requirements
**MANDATORY: Always Use Backslashes on Windows for File Paths**
When using Edit or Write tools on Windows, you MUST use backslashes (`\`) in file paths, NOT forward slashes (`/`).
**Examples:**
- ❌ WRONG: `D:/repos/project/file.tsx`
- ✅ CORRECT: `D:\repos\project\file.tsx`
This applies to:
- Edit tool file_path parameter
- Write tool file_path parameter
- All file operations on Windows systems
### Documentation Guidelines
**NEVER create new documentation files unless explicitly requested by the user.**
- **Priority**: Update existing README.md files rather than creating new documentation
- **Repository cleanliness**: Keep repository root clean - only README.md unless user requests otherwise
- **Style**: Documentation should be concise, direct, and professional - avoid AI-generated tone
- **User preference**: Only create additional .md files when user specifically asks for documentation
---
# GitHub AI Features 2025
## Trunk-Based Development (TBD)
Modern workflow used by largest tech companies (Google: 35,000+ developers):
### Principles
1. **Short-lived branches:** Hours to 1 day maximum
2. **Small, frequent commits:** Reduce merge conflicts
3. **Continuous integration:** Always deployable main branch
4. **Feature flags:** Hide incomplete features
### Implementation
```bash
# Create task branch from main
git checkout main
git pull origin main
git checkout -b task/add-login-button
# Make small changes
git add src/components/LoginButton.tsx
git commit -m "feat: add login button component"
# Push and create PR (same day)
git push origin task/add-login-button
gh pr create --title "Add login button" --body "Implements login UI"
# Merge within hours, delete branch
gh pr merge --squash --delete-branch
```
### Benefits
- Reduced merge conflicts (75% decrease)
- Faster feedback cycles
- Easier code reviews (smaller changes)
- Always releasable main branch
- Simplified CI/CD pipelines
## GitHub Secret Protection (AI-Powered)
AI detects secrets before they reach repository:
### Push Protection
```bash
# Attempt to commit secret
git add config.py
git commit -m "Add config"
git push
# GitHub AI detects secret:
"""
⛔ Push blocked by secret scanning
Found: AWS Access Key
Pattern: AKIA[0-9A-Z]{16}
File: config.py:12
Options:
1. Remove secret and try again
2. Mark as false positive (requires justification)
3. Request review from admin
"""
# Fix: Use environment variables
# config.py
import os
aws_key = os.environ.get('AWS_ACCESS_KEY')
git add config.py
git commit -m "Use env vars for secrets"
git push # ✅ Success
```
### Supported Secret Types (AI-Enhanced)
- AWS credentials
- Azure service principals
- Google Cloud keys
- GitHub tokens
- Database connection strings
- API keys (OpenAI, Stripe, etc.)
- Private keys (SSH, TLS)
- OAuth tokens
- Custom patterns (regex-based)
## GitHub Code Security
### CodeQL Code Scanning
AI-powered static analysis:
```yaml
# .github/workflows/codeql.yml
name: "CodeQL"
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
analyze:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript, python, java
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
```
**Detects:**
- SQL injection
- XSS vulnerabilities
- Path traversal
- Command injection
- Insecure deserialization
- Authentication bypass
- Logic errors
### Copilot Autofix
AI automatically fixes security vulnerabilities:
```python
# Vulnerable code detected by CodeQL
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}" # ❌ SQL injection
return db.execute(query)
# Copilot Autofix suggests:
def get_user(user_id):
query = "SELECT * FROM users WHERE id = ?"
return db.execute(query, (user_id,)) # ✅ Parameterized query
# One-click to apply fix
```
## GitHub Agents (Automated Workflows)
AI agents for automated bug fixes and PR generation:
### Bug Fix Agent
```yaml
# .github/workflows/ai-bugfix.yml
name: AI Bug Fixer
on:
issues:
types: [labeled]
jobs:
autofix:
if: contains(github.event.issue.labels.*.name, 'bug')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Analyze Bug
uses: github/ai-agent@v1
with:
task: 'analyze-bug'
issue-number: ${{ github.event.issue.number }}
- name: Generate Fix
uses: github/ai-agent@v1
with:
task: 'generate-fix'
create-pr: true
pr-title: "Fix: ${{ github.event.issue.title }}"
```
### Automated PR Generation
```bash
# GitHub Agent creates PR automatically
# When issue is labeled "enhancement":
# 1. Analyzes issue description
# 2. Generates implementation code
# 3. Creates tests
# 4. Opens PR with explanation
# Example: Issue #42 "Add dark mode toggle"
# Agent creates PR with:
# - DarkModeToggle.tsx component
# - ThemeContext.tsx provider
# - Tests for theme switching
# - Documentation update
```
## Dependency Review (AI-Enhanced)
AI analyzes dependency changes in PRs:
```yaml
# .github/workflows/dependency-review.yml
name: Dependency Review
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Dependency Review
uses: actions/dependency-review-action@v3
with:
fail-on-severity: high
fail-on-scopes: runtime
```
**AI Insights:**
- Known vulnerabilities in new dependencies
- License compliance issues
- Breaking changes in updates
- Alternative safer packages
- Dependency freshness score
## Trunk-Based Development Workflow
### Daily Workflow
```bash
# Morning: Sync with main
git checkout main
git pull origin main
# Create task branch
git checkout -b task/user-profile-api
# Work in small iterations (2-4 hours)
# First iteration: API endpoint
git add src/api/profile.ts
git commit -m "feat: add profile API endpoint"
git push origin task/user-profile-api
gh pr create --title "Add user profile API" --draft
# Continue work: Add tests
git add tests/profile.test.ts
git commit -m "test: add profile API tests"
git push
# Mark ready for review
gh pr ready
# Get review (should happen within hours)
# Merge same day
gh pr merge --squash --delete-branch
# Next task: Start fresh from main
git checkout main
git pull origin main
git checkout -b task/profile-ui
```
### Small, Frequent Commits Pattern
```bash
# ❌ Bad: Large infrequent commit
git add .
git commit -m "Add complete user profile feature with API, UI, tests, docs"
# 50 files changed, 2000 lines
# ✅ Good: Small frequent commits
git add src/api/profile.ts
git commit -m "feat: add profile API endpoint"
git push
git add src/components/ProfileCard.tsx
git commit -m "feat: add profile card component"
git push
git add tests/profile.test.ts
git commit -m "test: add profile tests"
git push
git add docs/profile.md
git commit -m "docs: document profile API"
git push
# Each commit: 1-3 files, 50-200 lines
# Easier reviews, faster merges, less conflicts
```
## Security Best Practices (2025)
1. **Enable Secret Scanning:**
```bash
# Repository Settings → Security → Secret scanning
# Enable: Push protection + AI detection
```
2. **Configure CodeQL:**
```bash
# Add .github/workflows/codeql.yml
# Enable for all languages in project
```
3. **Use Copilot Autofix:**
```bash
# Review security alerts weekly
# Apply Copilot-suggested fixes
# Test before merging
```
4. **Implement Trunk-Based Development:**
```bash
# Branch lifespan: <1 day
# Commit frequency: Every 2-4 hours
# Main branch: Always deployable
```
5. **Leverage GitHub Agents:**
```bash
# Automate: Bug triage, PR creation, dependency updates
# Review: All AI-generated code before merging
```
## Resources
- [Trunk-Based Development](https://trunkbaseddevelopment.com)
- [GitHub Secret Scanning](https://docs.github.com/en/code-security/secret-scanning)
- [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security)
- [GitHub Copilot for Security](https://github.com/features/security)