Align spellcheck action with SoftwareDevLabs/SDLC_core (#35)

* Potential fix for code scanning alert no. 644: Shell command built from environment values

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 678: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 667: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 655: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 649: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 643: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 641: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix: Align spellcheck action with SoftwareDevLabs/SDLC_core

This commit updates the spellcheck GitHub action to align with the configuration from `SoftwareDevLabs/SDLC_core`.

Key changes:
- Replaced the hardcoded `microsoft/terminal@main` with `${{ github.repository }}@${{ github.ref }}` to check the current repository.
- Updated the `if` and `with` conditions to use the correct repository owner (`SoftwareDevLabs`).
- Kept the `ssh_key` commented out as requested.

* Potential fix for code scanning alert no. 5728: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update scripts/evaluate-prompt.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/agents/deepagent.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/agents/deepagent.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/agents/deepagent.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Vinod <vinod@softwaredevlabs.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 4 people

.env.template

@@ -0,0 +1,4 @@
+# API Keys for LLM Providers
+# Copy this file to .env and fill in the values.
+GOOGLE_GEMINI_API_KEY=your_api_key_here
+OPENAI_API_KEY=your_api_key_here

.github/actions/setup-python-env/action.yml

@@ -0,0 +1,45 @@
+name: 'Setup Python Environment'
+description: 'Checks out code, sets up Python, caches dependencies, and installs them.'
+inputs:
+  python-version:
+    description: 'The Python version to use.'
+    required: true
+    default: '3.11'
+  install-dev-reqs:
+    description: 'Whether to install requirements-dev.txt'
+    required: false
+    default: 'true'
+  install-docs-reqs:
+    description: 'Whether to install requirements-docs.txt'
+    required: false
+    default: 'false'
+runs:
+  using: 'composite'
+  steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ inputs.python-version }}
+    - name: Cache pip
+      uses: actions/cache@v4
+      with:
+        path: ~/.cache/pip
+        # Include all requirements files in the cache key
+        key: ${{ runner.os }}-pip-${{ inputs.python-version }}-${{ hashFiles('**/requirements*.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-${{ inputs.python-version }}-
+          ${{ runner.os }}-pip-
+    - name: Install dependencies
+      shell: bash
+      run: |
+        python -m pip install --upgrade pip
+        if [ -f requirements.txt ]; then
+          pip install -r requirements.txt
+        fi
+        if [ "${{ inputs.install-dev-reqs }}" == "true" ] && [ -f requirements-dev.txt ]; then
+          pip install -r requirements-dev.txt
+        fi
+        if [ "${{ inputs.install-docs-reqs }}" == "true" ] && [ -f requirements-docs.txt ]; then
+          pip install -r requirements-docs.txt
+        fi

.github/copilot-instructions.md

@@ -197,8 +197,10 @@ setup.py              → Python package setup (currently empty)
 1. **Install dependencies**: `pip install pytest pytest-cov mypy pylint`
 2. **Set Python path**: `export PYTHONPATH=.` or prefix commands with `PYTHONPATH=.`
 3. **Test before changing**: `PYTHONPATH=. python -m pytest test/ -v` to validate current state
-4. **Check module imports**: Ensure new Python modules have proper `__init__.py` files
-5. **Follow branch naming**: Use `dev/<alias>/<feature>` pattern for feature branches
+4. **Configure the agent**: Edit `config/model_config.yaml` to configure the agent before running it.
+5. **Check module imports**: Ensure new Python modules have proper `__init__.py` files
+6. **Follow branch naming**: Use `dev/<alias>/<feature>` pattern for feature branches
+7. **Fill out the PR template**: Ensure the PR template at `.github/PULL_REQUEST_TEMPLATE.md` is filled out before submitting a new PR.
 
 **NEVER do the following:**
 - Run tests without setting PYTHONPATH

.github/workflows/codeql.yml

@@ -46,7 +46,7 @@ jobs:
         - language: actions
           build-mode: none
         - language: c-cpp
-          build-mode: manual
+          build-mode: none
         - language: javascript-typescript
           build-mode: none
         - language: python

.github/workflows/dependency-review.yml

@@ -0,0 +1,14 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4

.github/workflows/docker-scan.yml

@@ -0,0 +1,30 @@
+name: 'Docker Image Scan'
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build an image from Dockerfile
+        id: build-image
+        run: |
+          docker build -t ${{ github.repository }}:latest .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ github.repository }}:latest'
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'

.github/workflows/gosec.yml

@@ -1,16 +1,12 @@
 # GoSec Security Checker
 # This workflow runs gosec to check Go code for security issues
+# It is currently disabled from running automatically.
 name: GoSec Security Checker
 permissions:
   contents: read
 
 on:
-  push:
-    paths:
-      - '**.go'
-  pull_request:
-    paths:
-      - '**.go'
+  workflow_dispatch:
 
 jobs:
   gosec:

.github/workflows/prompt-evaluation.yml

@@ -0,0 +1,45 @@
+permissions:
+  contents: read
+name: 'Prompt Evaluation'
+
+on:
+  workflow_dispatch:
+    inputs:
+      prompt_file:
+        description: 'Path to the prompt file (e.g., data/prompts/default.yaml)'
+        required: true
+        default: 'data/prompts/default.yaml'
+      provider:
+        description: 'LLM provider to use (gemini, openai, ollama)'
+        required: true
+        default: 'gemini'
+      model:
+        description: 'Model name to use'
+        required: false
+
+jobs:
+  evaluate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Python Environment
+        uses: ./.github/actions/setup-python-env
+        with:
+          python-version: '3.11'
+
+      - name: Run prompt evaluation
+        env:
+          GOOGLE_GEMINI_API_KEY: ${{ secrets.GOOGLE_GEMINI_API_KEY }}
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          PYTHONPATH: .
+        run: |
+          python scripts/evaluate-prompt.py \
+            --prompt-file ${{ github.event.inputs.prompt_file }} \
+            --provider ${{ github.event.inputs.provider }} \
+            --model ${{ github.event.inputs.model }} \
+            --output-file prompt-output.txt
+
+      - name: Upload prompt output
+        uses: actions/upload-artifact@v4
+        with:
+          name: prompt-output-${{ github.event.inputs.provider }}-${{ github.event.inputs.model || 'default' }}
+          path: prompt-output.txt

.github/workflows/pylint.yml

@@ -2,7 +2,8 @@ permissions:
   contents: read
 name: Pylint
 
-on: [push]
+on:
+  pull_request:
 
 jobs:
   build:
@@ -11,15 +12,10 @@ jobs:
       matrix:
         python-version: ["3.10", "3.11", "3.12" ]
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v3
+    - name: Setup Python Environment
+      uses: ./.github/actions/setup-python-env
       with:
         python-version: ${{ matrix.python-version }}
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install pylint
     - name: Analysing the code with pylint
       run: |
         pylint $(git ls-files '*.py')

.github/workflows/python-docs.yml

@@ -16,15 +16,12 @@ jobs:
   build-docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up Python
-        uses: actions/setup-python@v5
+      - name: Setup Python Environment
+        uses: ./.github/actions/setup-python-env
         with:
           python-version: '3.11'
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install sphinx sphinx-autodoc-typehints
+          install-dev-reqs: 'false'
+          install-docs-reqs: 'true'
       - name: Generate Sphinx docs
         run: |
           sphinx-apidoc -o docs/ src/