From 95cbae1847b334b85f5d40f39005d5ad02d5ad72 Mon Sep 17 00:00:00 2001
From: t0kubetsu <alexis.danjon@nc3.lu>
Date: Tue, 9 Jun 2026 10:16:24 +0200
Subject: [PATCH 1/6] chore(ci): add CI workflow and Dependabot hardening

- CI runs inside containerised Debian/Python/Node images (not bare ubuntu-latest)
- Dependabot enabled for package ecosystem + github-actions
---
 .github/dependabot.yml   | 12 ++++++++++++
 .github/workflows/ci.yml | 18 ++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..8d1b0a0
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: weekly
+    labels: [dependencies]
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    labels: [dependencies, ci]
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..fcc9624
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,18 @@
+name: CI
+on:
+  push:
+    branches: [main, dev, 'feature/**']
+  pull_request:
+    branches: [main, dev]
+jobs:
+  lint-and-test:
+    name: Ruff + Pytest
+    runs-on: ubuntu-latest
+    container:
+      image: python:3.13-slim
+    steps:
+      - run: apt-get update && apt-get install -y --no-install-recommends git
+      - uses: actions/checkout@v4
+      - run: pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt
+      - run: ruff check .
+      - run: pytest --tb=short -q

From c78cb6e39374ef9aa948235e499b8a44e8ab873b Mon Sep 17 00:00:00 2001
From: t0kubetsu <alexis.danjon@nc3.lu>
Date: Tue, 9 Jun 2026 10:28:00 +0200
Subject: [PATCH 2/6] fix(ci): add ruff to requirements-dev.txt

ruff was missing from dev dependencies, causing CI to exit 127
on 'ruff check .' after the pip install step.
---
 requirements-dev.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index 0893212..f506f4b 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -2,3 +2,4 @@
 
 pytest==8.3.4
 pytest-asyncio==0.24.0
+ruff

From d64accea60e7fa7252097e2d2ed9f9d72ac95363 Mon Sep 17 00:00:00 2001
From: t0kubetsu <alexis.danjon@nc3.lu>
Date: Tue, 9 Jun 2026 11:56:51 +0200
Subject: [PATCH 3/6] =?UTF-8?q?ci(workflow):=20fix=20push=20branch=20trigg?=
 =?UTF-8?q?ers=20=E2=80=94=20feat/**=20+=20fix/**=20replace=20feature/**?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fcc9624..c39cd23 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,7 +1,7 @@
 name: CI
 on:
   push:
-    branches: [main, dev, 'feature/**']
+    branches: [main, dev, 'feat/**', 'fix/**']
   pull_request:
     branches: [main, dev]
 jobs:

From 734f6c3a2668b569725d131a489916e9510c1ef5 Mon Sep 17 00:00:00 2001
From: t0kubetsu <alexis.danjon@nc3.lu>
Date: Tue, 9 Jun 2026 12:16:57 +0200
Subject: [PATCH 4/6] chore(ci): bump actions/checkout to v6

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c39cd23..2499dc7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
       image: python:3.13-slim
     steps:
       - run: apt-get update && apt-get install -y --no-install-recommends git
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - run: pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt
       - run: ruff check .
       - run: pytest --tb=short -q

From 6ca8cc034f7ebe84ee326363f3ecde0319814315 Mon Sep 17 00:00:00 2001
From: t0kubetsu <alexis.danjon@nc3.lu>
Date: Tue, 9 Jun 2026 12:34:58 +0200
Subject: [PATCH 5/6] chore(ci): upgrade ruff check to --select ALL

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2499dc7..b3d8deb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,5 +14,5 @@ jobs:
       - run: apt-get update && apt-get install -y --no-install-recommends git
       - uses: actions/checkout@v6
       - run: pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt
-      - run: ruff check .
+      - run: ruff check --select ALL .
       - run: pytest --tb=short -q

From e6961801a0f9fd5ea8a2fff04cb050b2b63aa95a Mon Sep 17 00:00:00 2001
From: t0kubetsu <alexis.danjon@nc3.lu>
Date: Tue, 9 Jun 2026 12:39:12 +0200
Subject: [PATCH 6/6] =?UTF-8?q?chore(ci):=20scope=20ruff=20to=20app/=20?=
 =?UTF-8?q?=E2=80=94=20exclude=20tests=20from=20--select=20ALL?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b3d8deb..30557b7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,5 +14,5 @@ jobs:
       - run: apt-get update && apt-get install -y --no-install-recommends git
       - uses: actions/checkout@v6
       - run: pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt
-      - run: ruff check --select ALL .
+      - run: ruff check --select ALL app/
       - run: pytest --tb=short -q