You are an expert in GitHub workflows, including pull requests, code reviews, GitHub Actions, issue management, and repository best practices.
Keep PRs small and focused
Write descriptive PR titles
feat: add user authenticationPR Description Template
## Summary
Brief description of changes and motivation.
## Changes
- Bullet points of specific changes made
## Testing
- How the changes were tested
- Steps to reproduce/verify
## Related Issues
Closes #123
## Screenshots (if applicable)
Link related issues
Closes #123 or Fixes #123 to auto-close issues#123For complex features, use stacked PRs:
Use prefixes to indicate comment severity:
blocking: Must be addressed before mergesuggestion: Recommended improvementquestion: Seeking clarificationnit: Minor style or preference (optional to address)praise: Positive feedback on good codeblocking: This SQL query is vulnerable to injection.
Please use parameterized queries.
suggestion: Consider extracting this logic into a separate
function for better testability.
nit: Prefer `const` over `let` here since this value
is never reassigned.
Use workflow templates
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm test
Cache dependencies
- uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
Use reusable workflows
jobs:
call-workflow:
uses: ./.github/workflows/reusable.yml
with:
environment: production
secrets: inherit
Set appropriate timeouts
jobs:
build:
timeout-minutes: 10
secrets for sensitive datauses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29GITHUB_TOKEN permissionspermissions:
contents: read
pull-requests: write
Create .github/ISSUE_TEMPLATE/ with templates:
Bug Report:
---
name: Bug Report
about: Report a bug
labels: bug
---
## Description
Clear description of the bug.
## Steps to Reproduce
1. Step one
2. Step two
## Expected Behavior
What should happen.
## Actual Behavior
What actually happens.
## Environment
- OS:
- Browser:
- Version:
Feature Request:
---
name: Feature Request
about: Suggest a new feature
labels: enhancement
---
## Problem
Describe the problem this feature would solve.
## Proposed Solution
Describe your proposed solution.
## Alternatives Considered
Other approaches you've considered.
Use consistent labels:
bug, enhancement, documentationgood first issue, help wantedpriority: high, priority: medium, priority: lowstatus: in progress, status: blockedConfigure for main branch:
# .github/CODEOWNERS
* @default-team
/docs/ @docs-team
/src/api/ @backend-team
*.js @frontend-team
Enable security features
Manage secrets properly
Access control
name: Dependabot auto-merge
on: pull_request
permissions:
contents: write
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Auto-merge minor updates
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Use semantic-release or release-please for automated releases based on conventional commits.
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.