Enhance CI/CD pipeline with comprehensive testing, security, and automation workflows

[Copilot]

This PR addresses critical configuration errors in the proposed CI pipeline and significantly expands CI/CD capabilities by integrating comprehensive testing, security scanning, and PR automation workflows.

Critical Fixes

• Go version: '1.24' → '1.24.x' (correct semver syntax)
• Test path: ./pkg/... → ./... (project uses internal/ not pkg/)
• Actions: Verified latest stable versions (checkout@v6, setup-go@v6, github-script@v8)
• Permissions: Moved pull-requests: write from workflow-level to benchmark job only (least privilege)
• Error handling: Removed error-masking patterns (|| echo) that hid real failures

New Workflows Added

This PR integrates 4 production-ready workflows (393 lines total):

1. ci.yml (163 lines) - Enhanced Test & Quality

• Test job: Race detection, coverage reporting, Codecov integration
• Benchmark job: Base vs current comparison with explicit error handling
• Lint job: golangci-lint integration for code quality checks

2. codeql.yml (72 lines) - Security Scanning

• Automated Go security analysis
• Runs on push/PR + weekly schedule (Mondays)
• Manual trigger available

3. pr-automation.yml (84 lines) - PR Management

• Auto-labels PRs by size (XS/S/M/L/XL)
• Automatic conflict detection
• Auto-assigns PR author
• Welcome messages on new PRs

4. pr-status-check.yml (74 lines) - Weekly Dashboard

• Weekly PR status reports (Mondays 9 AM UTC)
• Tracks Dependabot, needs-review, and auto-merge PRs
• Creates maintenance issues for PRs needing attention
• Manual trigger available

Error Handling Philosophy

All workflows follow consistent error handling principles:

• No error-masking patterns (|| echo, || true)
• Explicit handling of empty results with friendly messages
• Real failures properly propagate with error details
• Benchmark steps: base branch is non-blocking, current branch fails on real errors only

Results

# Before: 236 lines, 3 OS matrix, complex error handling
# After: 393 lines across 4 workflows (+66%), single OS, comprehensive coverage

Workflows:
  ci.yml: Test + Benchmark + Lint
  codeql.yml: Security scanning
  pr-automation.yml: PR management
  pr-status-check.yml: Weekly dashboard

Features:
  ✅ Codecov integration
  ✅ golangci-lint checks
  ✅ CodeQL security scanning
  ✅ Automated PR labeling
  ✅ Weekly PR status reports

All workflows are adapted to repository structure (./..., Go 1.24.x, ubuntu-only), follow least privilege permissions, and are production-ready.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR updates the GitHub Actions CI workflow to better match the repository’s Go project layout and current testing/benchmark maturity, while simplifying execution and permissions.

Changes:

• Fixes Go toolchain version selection and updates test invocation to run across the whole module (./...).
• Simplifies CI by removing the OS matrix and running only on ubuntu-latest.
• Refactors benchmark reporting to a shorter inline comparison and posts results back to the PR.

Comments suppressed due to low confidence (1)

.github/workflows/ci.yml:106

• Posting a PR comment via actions/github-script will fail for pull requests coming from forks because GITHUB_TOKEN can’t be granted write permissions on the pull_request event in that scenario. Consider skipping this step when github.event.pull_request.head.repo.full_name != github.repository, or switching to a pull_request_target-based approach (with appropriate hardening).

      - name: Post benchmark results to PR
        uses: actions/github-script@v8
        with:
          script: |
            const fs = require('fs');
            const comment = fs.readFileSync('benchmark-comment.md', 'utf8');
            

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[adcondev]

@copilot Check the following files and try to adapt them to the repo

ci.yml
pr-status-check.yml
pr-automation.yml
codeql.yml

[Copilot]

@copilot Check the following files and try to adapt them to the repo

ci.yml
...

Done in 63b7d9b! I've adapted all 4 workflow files to the repository:

1. ci.yml - Enhanced with golangci-lint and codecov, fixed test paths to ./..., corrected Go version to 1.24.x
2. codeql.yml - Security scanning adapted with correct Go version and paths
3. pr-automation.yml - PR auto-labeling, conflict detection, and welcome messages
4. pr-status-check.yml - Weekly PR status dashboard

All workflows validated and ready to use. The files are adapted to the repository's structure (using internal/ not pkg/, ubuntu-only testing initially, and proper permissions).