Validate SQL index
Ensures docs/data/sql-index.json is regenerated and committed whenever SQL metadata changes.
Required CI Checks
Repository quality
Runs markdown lint, workflow lint, and link checks for README/docs reliability.
Secret scan
Scans commits and pull requests for credential and token leakage.
CodeQL
Performs static security analysis to detect high-risk patterns in repository automation/code.
PR size/risk label gate
Fails pull requests missing required size and risk labels; add as required check after first successful run appears in GitHub checks list.
Branch Protection Baseline (main)
- Require pull request before merging.
- Require at least 1 approval.
- Dismiss stale approvals when new commits are pushed.
- Require conversation resolution before merge.
- Require branches to be up to date before merging.
- Require status checks: Validate SQL index, Repository quality, Secret scan, CodeQL, PR size/risk label gate.
- Block force-push and deletion on main.