Add CI Checks and Automation for Vulnerabilities, Dependency Updates, and Code Quality #17
Description
Now that the repository contains code for two images, ipxe-builder and fakeIPA, it's essential to ensure ongoing code quality and security. Here are some suggestions:
- Add vulnerability scanning: Implement tools like
osv-scannerto detect and address vulnerabilities in dependencies. - Add bot for dependency updates: Integrate
DependabotorRenovateto automatically handle dependency bumps for Python and other relevant codebases. - Set up Python code linters: Introduce linters like
flake8orpylintto ensure code style consistency and best practices. - Create tests for fakeIPA: Add tests to validate fakeIPA functionality and ensure updates (such as dependency bumps) don't break the code. (might need a separate issue for this)
- Establish PR check jobs: Ensure that relevant PRs are automatically tested with the required checks. Since the repo contains heterogeneous image codebases, we need to ensure tests are required only if changes happen in the concerned folder.
This will help maintain a high standard of security, stability, and code quality for the repository.