Skip to content

Setup repository structure, UV environment, and GitHub security actions#2

Merged
Data-Science-Link merged 2 commits into
mainfrom
setup-repo-structure-and-security-16524159582495121966
Jun 27, 2026
Merged

Setup repository structure, UV environment, and GitHub security actions#2
Data-Science-Link merged 2 commits into
mainfrom
setup-repo-structure-and-security-16524159582495121966

Conversation

@Data-Science-Link

Copy link
Copy Markdown
Owner

I have successfully mimicked the repository structure, UV virtual environment practices, and GitHub Security Actions from the_depositum.

Key changes include:

  1. Folder Structure: Created data_engineering/ (with config/, scripts/, and data_sources/ subdirectories), data_final/, and scripts/. Added .gitkeep files to ensure directories are tracked.
  2. UV Environment: Initialized pyproject.toml with all necessary packages (including openai-whisper and security tools) and generated a valid uv.lock.
  3. GitHub Actions: Implemented .github/workflows/security-audit.yml which runs Bandit and pip-audit on pushes and PRs, providing automated security feedback.
  4. Local Security: Created scripts/security_check.sh to allow developers to run the same security scans locally.
  5. Documentation: Added FILES.md for a complete repository overview, updated the main README.md with installation and security instructions, and added explanatory README.md files in key directories.
  6. Git Configuration: Updated .gitignore with comprehensive rules for Python, UV, and security reports.

These changes provide a solid, secure foundation for the Perspectiverse project, aligned with the requested best practices.

Fixes #1


PR created automatically by Jules for task 16524159582495121966 started by @Data-Science-Link

- Mimicked folder structure from Data-Science-Link/the_depositum.
- Configured UV-based virtual environment with necessary dependencies.
- Implemented GitHub Actions for automated security scanning (Bandit and pip-audit).
- Added local security check script and updated documentation.

Co-authored-by: Data-Science-Link <61164085+Data-Science-Link@users.noreply.github.com>
@google-labs-jules

Copy link
Copy Markdown
Contributor

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@github-actions

Copy link
Copy Markdown

🔒 Security Scan Complete

Code Security (Bandit): ✅ No high/medium severity issues found.
Dependencies (pip-audit): ✅ No vulnerable dependencies found.

All security checks passed!

@Data-Science-Link

Copy link
Copy Markdown
Owner Author

What is the purpose of the uv lock file again? Do we need that in this PR and is that best practice?

…ns (v2)

- Mimicked folder structure from Data-Science-Link/the_depositum.
- Configured UV-based virtual environment with machine-generated lockfile.
- Implemented GitHub Actions for automated security scanning.
- Added local security check script and comprehensive documentation.
- Refined workflow by removing unnecessary system dependency installation.

Co-authored-by: Data-Science-Link <61164085+Data-Science-Link@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown

🔒 Security Scan Complete

Code Security (Bandit): ✅ No high/medium severity issues found.
Dependencies (pip-audit): ✅ No vulnerable dependencies found.

All security checks passed!

@Data-Science-Link Data-Science-Link merged commit 49870c3 into main Jun 27, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

GitHub Security Actions + UV Venv Setup + Necessary Packages + Folder Setup

1 participant