github-workflow
GitHub Workflow
Automate the full GitHub development lifecycle: branches, commits, pushes, PRs, issues, and code review.
Quick Start
- User requests a git action (commit, PR, branch, push, issue)
- Check repo state:
git status,git branch,git log --oneline -5 - Execute the appropriate workflow below
- Confirm result to user
Workflows
1. Branching
# Create feature branch from main
git checkout main && git pull origin main
git checkout -b <type>/<name>
# Types: feature/, bugfix/, docs/, refactor/, test/, chore/
- Always branch from up-to-date
main - Use conventional naming:
feature/add-jwt-testing,bugfix/fix-port-detection
2. Committing
# Stage specific files (never git add -A blindly)
git add <file1> <file2>
# Commit with conventional format
git commit -m "type(scope): description"
- Types:
feat,fix,docs,refactor,test,chore - Message focuses on why, not what
- Never commit
.env, credentials, or secrets - See reference/commit-conventions.md
3. Pushing
# First push (set upstream)
git push -u origin <branch-name>
# Subsequent pushes
git push
- Never force-push to
main/masterwithout explicit user approval - If push is rejected,
git pull --rebasefirst
4. Pull Requests
# Create PR linking to issue
gh pr create --title "Short title < 70 chars" --body "$(cat <<'EOF'
## Summary
- What changed and why
## Test plan
- [ ] How to verify
Fixes #<issue-number>
EOF
)"
- Title < 70 chars, details in body
- Always link to issue:
Fixes #NorCloses #N - See reference/pr-workflow.md
5. Issues
gh issue create --title "type: description" --body "$(cat <<'EOF'
## Problem
What needs to change
## Proposed solution
How to fix it
## Acceptance criteria
- [ ] Criteria 1
EOF
)"
6. Code Review
# Review a PR
gh pr view <number>
gh pr diff <number>
gh pr checks <number>
# Comment or approve
gh pr review <number> --approve
gh pr review <number> --comment --body "feedback"
Reference
- commit-conventions.md — Commit message format and examples
- pr-workflow.md — PR creation, review, and merge workflow
- branch-strategy.md — Branching model and naming conventions
Critical Rules
- NEVER force-push to main/master without explicit user approval
- NEVER commit secrets,
.envfiles, or credentials - NEVER use
git add -Awithout reviewing what's staged - NEVER skip pre-commit hooks (
--no-verify) unless user explicitly asks - NEVER amend published commits — create new commits instead
- ALWAYS use conventional commit format:
type(scope): description - ALWAYS link PRs to issues
- ALWAYS check
git statusbefore committing - ALWAYS pull before pushing to avoid conflicts
- ALWAYS create branches from up-to-date main
More from transilienceai/communitytools
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
50reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
40ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
38osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
37social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
37source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
35