Skip to content

Init qlty#13

Closed
f19ps wants to merge 2 commits intomainfrom
qlty-init
Closed

Init qlty#13
f19ps wants to merge 2 commits intomainfrom
qlty-init

Conversation

@f19ps
Copy link

@f19ps f19ps commented Feb 3, 2026

No description provided.

Copilot AI review requested due to automatic review settings February 3, 2026 17:07
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Initializes Qlty configuration for the repository to enable automated code-quality, security, and hygiene checks.

Changes:

  • Adds a generated .qlty/qlty.toml with default excludes/test patterns and a set of Qlty plugins (incl. RuboCop).
  • Adds .qlty/.gitignore to keep only the intended Qlty configuration files tracked.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
.qlty/qlty.toml Introduces Qlty configuration, patterns, and plugin setup for code-quality/security scanning.
.qlty/.gitignore Ensures only Qlty config and relevant directories under .qlty/ are committed.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +65 to +69
name = "actionlint"

[[plugin]]
name = "osv-scanner"

Copy link

Copilot AI Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plugins like actionlint/osv-scanner are configured without explicit versions. If Qlty resolves these to the latest release, results can drift over time; consider pinning versions for reproducible linting/security scanning.

Copilot uses AI. Check for mistakes.
Comment on lines +79 to +83
name = "trivy"
drivers = [
"config",
"fs-vuln",
]
Copy link

Copilot AI Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The trivy plugin is not pinned to a specific version. To avoid behavior changes over time (scanner rules/db handling), consider specifying an explicit version here as well.

Copilot uses AI. Check for mistakes.
Comment on lines +85 to +86
[[plugin]]
name = "trufflehog"
Copy link

Copilot AI Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The trufflehog plugin is configured without a version. Consider pinning a version to keep secret-scanning results stable across runs and avoid unexpected changes when new releases land.

Copilot uses AI. Check for mistakes.
@@ -0,0 +1,86 @@
# This file was automatically generated by `qlty init`.
# You can modify it to suit your needs.
# We recommend you to commit this file to your repository.
Copy link

Copilot AI Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The header comment has a grammatical issue: "We recommend you to commit this file" reads awkwardly. Consider rephrasing to "We recommend committing this file to your repository" (or similar) for clarity.

Suggested change
# We recommend you to commit this file to your repository.
# We recommend committing this file to your repository.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants