Skip to content

chore: Update pr-title.yml#294

Closed
rachelauryn wants to merge 1 commit into
developfrom
feature/commitlint
Closed

chore: Update pr-title.yml#294
rachelauryn wants to merge 1 commit into
developfrom
feature/commitlint

Conversation

@rachelauryn

Copy link
Copy Markdown
Contributor

Description

added 3 missing types from DK's change management list to pr title validation job

Deployment Readiness*

ready

Testing

just changed names on list - not needed

Describe or check:

  • Created or updated unit, feature, and/or integration tests
  • Typical manual testing in the local env browser, dev pipeline, etc.

Deployment Notes

Describe or check:

  • No special deployment steps required

Rollback Plan

Describe or check:

  • Standard revert is sufficient (git revert)

Reviewer Guidance / Questions*

Screenshots / Testing Evidence*

SOC 2 Change Management Checklist

  • None of the below are true in this code
  • New roles/permissions are introduced without review and approval by the product manager
  • Hardcoded credentials, secrets, or API keys are present in this code
  • Secrets are being managed outside of the approved secrets management process (e.g., GitHub Secrets, environment variables)
  • PII or sensitive data handling is introduced or changed without being reviewed against our data classification policy
  • Sensitive data is written to logs
  • Input validation and sanitization is missing
  • An unnecessary attack surface has been introduced (e.g., unused endpoints, open ports, debug modes left enabled)
  • Common vulnerabilities have been introduced in the code (inc. any dependencies added or updated)
  • No review for common vulnerabilities has been conducted
  • Not tested in a non-production environment
  • Breaking changes to existing APIs or integrations with downstream consumers being notified
  • Performance impact has not been considered or acceptable
  • Appropriate audit logging is missing for any security-relevant actions introduced by this change
  • Log entries contain sensitive or PII data
  • All existing tests do not pass locally (./vendor/bin/pest)

Provide justification if you are submitting a PR with any boxes checked other than the first.


Reminder for Reviewers: By approving this PR you are confirming that you have reviewed the code for correctness, security, and compliance with our engineering and SOC 2 standards. Do not approve PRs where SOC 2 checklist items are checked without documented justification.

*Optional

added 3 missing types from DK's change management list to pr title validation job
@rachelauryn rachelauryn changed the title Update pr-title.yml chore: Update pr-title.yml May 29, 2026
@rachelauryn rachelauryn requested a review from mrmaloof May 29, 2026 17:50
@mrmaloof

Copy link
Copy Markdown
Collaborator

@rachelauryn I'm hoping to get rid of this file in favor of centralizing this in datakind/.github. I made a PR for your review. Then we can be DRY and have SSoT for things like this.

security - I think this is good

I'm less convinced with infra and enhance.

  • infra - I think ci, build, and chore can cover these change types.
  • enhance - I think feat, refactor, fix, and perf would cover these changes.

What problems are we trying to solve with these change types? I could be convinced.

@rachelauryn

Copy link
Copy Markdown
Contributor Author

closing as we discussed & Bill's idea above is by far the better solution!

@rachelauryn rachelauryn closed this Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants