A minimal .opencodereview/rule.json was added so OpenCodeReview runs on PRs (see the org-wide Code Review workflow from dataplanelabs/workflows).
Current rules cover shell scripts and Dockerfiles. As the codebase grows (noVNC/remote-desktop container, start.sh, any added app code), tailor the rules accordingly.
Todo:
- harden
start.sh rules (signal handling, process supervision, no secrets in env/logs)
- if app code is added, add language-specific rules
- review
Dockerfile for least-privilege user and pinned base image/digest
Rule format/docs: https://github.com/dataplanelabs/workflows#review-rules
A minimal
.opencodereview/rule.jsonwas added so OpenCodeReview runs on PRs (see the org-wideCode Reviewworkflow from dataplanelabs/workflows).Current rules cover shell scripts and Dockerfiles. As the codebase grows (noVNC/remote-desktop container, start.sh, any added app code), tailor the rules accordingly.
Todo:
start.shrules (signal handling, process supervision, no secrets in env/logs)Dockerfilefor least-privilege user and pinned base image/digestRule format/docs: https://github.com/dataplanelabs/workflows#review-rules