Loading...
Loading...
GitHub AI-powered security and automation features for 2025
npx skill4agent add josiahsiegel/claude-plugin-marketplace github-ai-features-2025\/D:/repos/project/file.tsxD:\repos\project\file.tsx# Create task branch from main
git checkout main
git pull origin main
git checkout -b task/add-login-button
# Make small changes
git add src/components/LoginButton.tsx
git commit -m "feat: add login button component"
# Push and create PR (same day)
git push origin task/add-login-button
gh pr create --title "Add login button" --body "Implements login UI"
# Merge within hours, delete branch
gh pr merge --squash --delete-branch# Attempt to commit secret
git add config.py
git commit -m "Add config"
git push
# GitHub AI detects secret:
"""
⛔ Push blocked by secret scanning
Found: AWS Access Key
Pattern: AKIA[0-9A-Z]{16}
File: config.py:12
Options:
1. Remove secret and try again
2. Mark as false positive (requires justification)
3. Request review from admin
"""
# Fix: Use environment variables
# config.py
import os
aws_key = os.environ.get('AWS_ACCESS_KEY')
git add config.py
git commit -m "Use env vars for secrets"
git push # ✅ Success# .github/workflows/codeql.yml
name: "CodeQL"
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
analyze:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript, python, java
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2# Vulnerable code detected by CodeQL
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}" # ❌ SQL injection
return db.execute(query)
# Copilot Autofix suggests:
def get_user(user_id):
query = "SELECT * FROM users WHERE id = ?"
return db.execute(query, (user_id,)) # ✅ Parameterized query
# One-click to apply fix# .github/workflows/ai-bugfix.yml
name: AI Bug Fixer
on:
issues:
types: [labeled]
jobs:
autofix:
if: contains(github.event.issue.labels.*.name, 'bug')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Analyze Bug
uses: github/ai-agent@v1
with:
task: 'analyze-bug'
issue-number: ${{ github.event.issue.number }}
- name: Generate Fix
uses: github/ai-agent@v1
with:
task: 'generate-fix'
create-pr: true
pr-title: "Fix: ${{ github.event.issue.title }}"# GitHub Agent creates PR automatically
# When issue is labeled "enhancement":
# 1. Analyzes issue description
# 2. Generates implementation code
# 3. Creates tests
# 4. Opens PR with explanation
# Example: Issue #42 "Add dark mode toggle"
# Agent creates PR with:
# - DarkModeToggle.tsx component
# - ThemeContext.tsx provider
# - Tests for theme switching
# - Documentation update# .github/workflows/dependency-review.yml
name: Dependency Review
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Dependency Review
uses: actions/dependency-review-action@v3
with:
fail-on-severity: high
fail-on-scopes: runtime# Morning: Sync with main
git checkout main
git pull origin main
# Create task branch
git checkout -b task/user-profile-api
# Work in small iterations (2-4 hours)
# First iteration: API endpoint
git add src/api/profile.ts
git commit -m "feat: add profile API endpoint"
git push origin task/user-profile-api
gh pr create --title "Add user profile API" --draft
# Continue work: Add tests
git add tests/profile.test.ts
git commit -m "test: add profile API tests"
git push
# Mark ready for review
gh pr ready
# Get review (should happen within hours)
# Merge same day
gh pr merge --squash --delete-branch
# Next task: Start fresh from main
git checkout main
git pull origin main
git checkout -b task/profile-ui# ❌ Bad: Large infrequent commit
git add .
git commit -m "Add complete user profile feature with API, UI, tests, docs"
# 50 files changed, 2000 lines
# ✅ Good: Small frequent commits
git add src/api/profile.ts
git commit -m "feat: add profile API endpoint"
git push
git add src/components/ProfileCard.tsx
git commit -m "feat: add profile card component"
git push
git add tests/profile.test.ts
git commit -m "test: add profile tests"
git push
git add docs/profile.md
git commit -m "docs: document profile API"
git push
# Each commit: 1-3 files, 50-200 lines
# Easier reviews, faster merges, less conflicts# Repository Settings → Security → Secret scanning
# Enable: Push protection + AI detection# Add .github/workflows/codeql.yml
# Enable for all languages in project# Review security alerts weekly
# Apply Copilot-suggested fixes
# Test before merging# Branch lifespan: <1 day
# Commit frequency: Every 2-4 hours
# Main branch: Always deployable# Automate: Bug triage, PR creation, dependency updates
# Review: All AI-generated code before merging