chore: Add Python linting workflow

[Adames4]

Summary by CodeRabbit

• Chores
  • Enhanced automated code quality checks to run on commits to the main development branch and pull requests.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow file was added that implements Python linting automation. The workflow triggers on pushes to the master branch, pull requests to master, and manual invocation, delegating all execution logic to a reusable workflow maintained centrally.

Changes

Cohort / File(s)	Summary
CI/CD Workflow Configuration .github/workflows/python-lint.yml	New workflow file that defines a Python linting trigger delegating to a reusable workflow located at RationAI/.github/.github/workflows/python-lint.yml@main. Triggers on master branch pushes, pull requests, and manual dispatch.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A linting workflow hops into place,
Master branch code now runs the race,
Pull requests checked with standards tight,
Python files gleaming, oh what a sight!
Automation magic, simple and clean. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and clearly describes the main change: adding a Python linting workflow via a new GitHub Actions configuration file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/workflow

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/python-lint.yml (2)

11-11: Pin the reusable workflow to a commit SHA or tag rather than @main.

Referencing a mutable branch means any force-push or unreviewed commit to RationAI/.github's main can silently alter what runs in this workflow. "Pinning an action to a full-length commit SHA is currently the only way to use an action as an immutable release." According to GitHub's own reusable workflow docs, "using the commit SHA is the safest option for stability and security."

🔒 Proposed fix — pin to a SHA with a tag comment for readability

-    uses: RationAI/.github/.github/workflows/python-lint.yml@main
+    uses: RationAI/.github/.github/workflows/python-lint.yml@<SHA> # `@main`

Replace <SHA> with the full commit SHA of the current main tip in RationAI/.github. You can retrieve it with:

gh api repos/RationAI/.github/git/ref/heads/main --jq '.object.sha'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/python-lint.yml at line 11, Replace the mutable branch ref
in the reusable workflow invocation "uses:
RationAI/.github/.github/workflows/python-lint.yml@main" with the full commit
SHA of the current RationAI/.github main tip (e.g., change the `@main` suffix to
@<FULL_COMMIT_SHA>); obtain the SHA with the suggested gh api command and update
the workflow to use that SHA (optionally add a short comment/tag for human
readability).

---

1-11: Consider declaring explicit permissions to follow least-privilege principles.

No permissions: block is present, so the workflow inherits the repository/org default (which may be write-all). You should make sure that GITHUB_TOKEN is granted the minimum required permissions; it's good security practice to set the default permission to read access only for repository contents. For a lint-only workflow, contents: read is sufficient.

🛡️ Proposed addition

 name: Python Lint (RationAI Standard)
+
+permissions:
+  contents: read
+
 on:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/python-lint.yml around lines 1 - 11, Add an explicit
permissions block to the workflow to follow least-privilege principles: set the
default GITHUB_TOKEN permission to only what's needed for a lint job (e.g.,
top-level or job-level permissions: contents: read), so update the workflow (the
job named "run" that uses the RationAI reusable workflow) to include a
permissions: contents: read entry instead of inheriting repository defaults.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/python-lint.yml:
- Line 11: Replace the mutable branch ref in the reusable workflow invocation
"uses: RationAI/.github/.github/workflows/python-lint.yml@main" with the full
commit SHA of the current RationAI/.github main tip (e.g., change the `@main`
suffix to @<FULL_COMMIT_SHA>); obtain the SHA with the suggested gh api command
and update the workflow to use that SHA (optionally add a short comment/tag for
human readability).
- Around line 1-11: Add an explicit permissions block to the workflow to follow
least-privilege principles: set the default GITHUB_TOKEN permission to only
what's needed for a lint job (e.g., top-level or job-level permissions:
contents: read), so update the workflow (the job named "run" that uses the
RationAI reusable workflow) to include a permissions: contents: read entry
instead of inheriting repository defaults.

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 28529cb and 53fb5bf.

📒 Files selected for processing (1)

• .github/workflows/python-lint.yml