GitHub Code Review

Developer pushes code.

GitHub Advanced Security (CodeQL) scans for vulnerabilities.

Dependabot checks for outdated dependencies.

Reviewers verify logic and security scan results.

Merge allowed only if high-severity alerts are resolved.

Define /docs/ as owned by technical writers and /src/ as owned by engineers in CODEOWNERS.

PR is opened.

GitHub automatically requests reviews from the specific group.

Junior devs can merge small docs updates without waiting for a CTO.

Open a 'Draft' Pull Request.

Tag a mentor for informal feedback on the approach.

Iterate on the code based on informal comments.

Change status to 'Ready for Review' to trigger formal CI/CD.

Developer clicks 'Summary' button in the PR description.

Copilot analyzes the 500+ line diff.

Copilot generates a 3-bullet point summary and a test plan.

Reviewer reads summary to prioritize review order.

Configure Prettier/ESLint in GitHub Actions.

PR triggers a check that fails if styling is incorrect.

Reviewer uses 'Suggested Changes' to fix edge cases.

Branch protection prevents merge until 'linter' check passes.

Reviewer uses 'Viewed' checkmark for each file processed.

Uses multi-line comments for cross-file logic explanation.

Author applies suggestions directly.

PR remains open until all conversations are 'Resolved'.

Enable 'Dismiss stale pull request approvals' when new commits are pushed.

Maintain PR history and comments indefinitely.

Export audit logs for external auditors to prove review rigor.