[plan] add branch protection configuration file

[github-actions]

Objective

Create a .github/settings.yml file to codify branch protection rules for the main branch, making required status checks version controlled.

Context

Currently, branch protection rules are configured manually in the GitHub UI. This creates risks:

• Settings can drift over time
• Configuration is lost during repository transfers
• No audit trail for changes to protection rules

Approach

1. Create .github/settings.yml file
2. Define protection rules for main branch:
   • Require status checks: Build and Lint (Node 18, 20, 22), Test Coverage, TypeScript Type Check, Test Examples, CodeQL, Trivy Container Scan
   • Require 1 approving review
   • Enforce up-to-date branches before merge
3. Document the configuration in README or CONTRIBUTING.md

Files to Create/Modify

• Create: .github/settings.yml
• Update: README.md or CONTRIBUTING.md (document the settings file)

Acceptance Criteria

• .github/settings.yml exists with comprehensive branch protection rules
• All currently required status checks are included
• PR review requirements are specified
• Configuration is documented for maintainers

References

• Probot Settings App: https://github.com/probot/settings
• Current workflows: .github/workflows/*.yml (for status check names)
  Related to [plan] improve ci/cd pipeline and quality gates #348

AI generated by Plan Command for discussion #345

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

This is the first sub-issue under parent issue #348 (improve ci/cd pipeline). Sub-issues will be processed sequentially to avoid conflicts.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

Note: This is the first sibling sub-issue of parent #348 (CI/CD improvements). Other siblings (#350, #351, #352, #353) will be processed sequentially after this PR is completed.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

Note: This is a sub-issue of #348. I'm processing it first since it's the oldest sub-issue, ensuring orderly sequential progress.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster