feat(ci): add qlty gate and weekly health scan

[williaby]

Summary

• Adds qlty-gate job: PR diff gate with fail-level: medium, blocks merges that introduce medium+ severity issues
• Adds qlty-health job: weekly Monday 07:00 UTC full-codebase scan, informational only (no-fail: true until existing qlty debt is resolved)
• Uses pinned SHA of reusable workflow from public ByronWilliamsCPA/.github repo (040026ab)

Dependencies

Depends on ByronWilliamsCPA/.github#188 merging first (the python-qlty-gate.yml reusable workflow must exist at the pinned SHA before this workflow can run successfully).

Test plan

• Verify feat(workflows): add python-qlty-gate reusable workflow ByronWilliamsCPA/.github#188 is merged before merging this PR
• Open a test PR against main and confirm qlty-gate / Qlty Gate check appears and runs
• Trigger workflow_dispatch manually to confirm qlty-health job runs without error
• Confirm the check name qlty-gate / Qlty Gate matches the name required by org docs-tier ruleset

Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Established automated code quality checks that run on pull requests, execute weekly, and support manual triggers to maintain code standards across the project.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a23cba0c-263d-4911-8337-a463b25859cd

📥 Commits

Reviewing files that changed from the base of the PR and between a007239 and da6324f.

📒 Files selected for processing (1)

• .github/workflows/qlty.yml

---

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow qlty.yml is introduced to enable automated code quality checks. The workflow runs on pull requests to main, on a weekly schedule (Monday 07:00 UTC), and via manual dispatch. It establishes two jobs with distinct purposes: a PR gating job that blocks merges on medium-severity issues, and a scheduled health check job that scans at high severity but does not block.

Changes

Code Quality Gating Workflow

Layer / File(s)

Summary

Qlty workflow with dual-mode gating .github/workflows/qlty.yml

Workflow triggers on PR (to main), weekly schedule (Monday 07:00 UTC), and manual dispatch. Concurrency control serializes runs per ref with cancel-in-progress enabled. Two jobs invoke a shared upstream workflow via pinned commit: qlty-gate runs for PRs only with fail-level: medium (blocking); qlty-health runs for schedule/manual with check-all: true, fail-level: high, and non-blocking no-fail: true. Both jobs restrict permissions to contents: read.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A guardian workflow hops into place,
Two modes of checking, a measured pace—
PR gates tight when issues arise,
Health scans broad with non-blocking eyes,
Quality keeps this codebase bright! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat(ci): add qlty gate and weekly health scan' directly summarizes the main change: adding two CI quality check jobs (qlty-gate and qlty-health) to the GitHub Actions workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/qlty-gate

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/qlty.yml

Package	Version	License	Issue Type
ByronWilliamsCPA/.github/.github/workflows/python-qlty-gate.yml	040026ab682aa4b9ef491750d62cdd1592cdb659	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
actions/ByronWilliamsCPA/.github/.github/workflows/python-qlty-gate.yml	040026ab682aa4b9ef491750d62cdd1592cdb659	Unknown	Unknown

Scanned Files

• .github/workflows/qlty.yml

[Copilot]

Pull request overview

Adds a dedicated GitHub Actions workflow to integrate Qlty checks into the repo’s CI posture: a PR “diff gate” to block new medium+ findings and a scheduled “health scan” to monitor the full codebase on a weekly cadence.

Changes:

• Introduces a qlty-gate reusable-workflow job for PRs with fail-level: medium.
• Introduces a qlty-health reusable-workflow job for scheduled/manual runs with check-all: true and no-fail: true.
• Adds workflow-level concurrency to cancel in-progress runs per ref.