From 4fd83700528502f3035bf2a789d3ef28740ead44 Mon Sep 17 00:00:00 2001
From: "rE-Bo0t.bx1" <54429050+r3bo0tbx1@users.noreply.github.com>
Date: Sat, 15 Nov 2025 02:05:25 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20docs(v1.1.1):=20Clean=20up=20Git?=
 =?UTF-8?q?Hub=20config=20and=20workflow=20comments?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 🧹 Removed verbose and redundant comments from Dependabot config, pull request template, and workflow YAML files
- 📦 Improved readability and maintainability without altering functionality
- 🔧 No behavioral changes introduced, documentation and comment cleanup only
---
 .github/dependabot.yml           | 36 --------------------------------
 .github/pull_request_template.md | 16 +++++---------
 .github/workflows/release.yml    | 11 ++++------
 .github/workflows/validate.yml   | 17 +--------------
 4 files changed, 10 insertions(+), 70 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0cb7ecf..d9ffaef 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,11 +1,5 @@
-# Dependabot configuration for Tor Guard Relay
-# Automated dependency management for secure and stable builds
-
 version: 2
 updates:
-  # ────────────────────────────────
-  # 🔧 GitHub Actions (CI/CD)
-  # ────────────────────────────────
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -26,14 +20,9 @@ updates:
       - "r3bo0tbx1"
     assignees:
       - "r3bo0tbx1"
-    # Security: Allow both patch and minor updates for GitHub Actions
     ignore:
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
-
-  # ────────────────────────────────
-  # 🐳 Docker (Base Image Updates)
-  # ────────────────────────────────
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
@@ -53,31 +42,6 @@ updates:
       - "r3bo0tbx1"
     assignees:
       - "r3bo0tbx1"
-    # Security: Allow patch updates for Alpine base image
     ignore:
       - dependency-name: "alpine"
         update-types: ["version-update:semver-major"]
-
-# ────────────────────────────────
-# Strategy Notes
-# ────────────────────────────────
-# ✅ Weekly GitHub Actions updates to avoid CI noise
-# ✅ Daily Docker checks for timely base image security patches
-# ✅ Automatic PR rebasing to prevent stale dependency branches
-# ✅ Manual merge approval required (no auto-merge)
-# ✅ Security-focused: Block major version updates, allow patch/minor
-#
-# Monitored ecosystems:
-# 1. GitHub Actions (workflow dependencies)
-# 2. Docker (Alpine base image - tracks 3.22.x → 3.23.x updates)
-#
-# NOT monitored (by design):
-# - Alpine packages (tor, tini, lyrebird) - No pinned versions
-#   → Updated automatically via weekly rebuilds (Sundays 18:30 UTC)
-#   → Strategy: apk add --no-cache always pulls latest available
-#
-# Security strategy:
-# - Base image updates: Dependabot tracks Alpine version changes
-# - Package updates: Weekly rebuilds pull latest tor/tini/lyrebird from Alpine repos
-# - CI/CD updates: Dependabot tracks GitHub Actions version changes
-# - Manual review required for all PRs (no auto-merge)
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 405066c..cd9ae43 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,8 +1,3 @@
-<!--
-🧅 Tor Guard Relay - Pull Request
-v1.1.1 Configuration Enhancements & Documentation Updates
--->
-
 ## 📋 PR Type
 
 - [x] 📚 **Documentation** (changes to documentation only)
@@ -195,16 +190,15 @@ docker run -d \
 
 **relay-exit.conf & relay-guard.conf:**
 ```conf
-# Option 1: Relay-specific bandwidth (recommended for exit relays)
+Option 1: Relay-specific bandwidth (recommended for exit relays)
 RelayBandwidthRate 50 MBytes
 RelayBandwidthBurst 100 MBytes
 
-# Option 2: Global bandwidth limits (applies to all Tor traffic)
-# BandwidthRate 50 MBytes
-# BandwidthBurst 100 MBytes
+Option 2: Global bandwidth limits (applies to all Tor traffic)
+BandwidthRate 50 MBytes
+BandwidthBurst 100 MBytes
 
-# Note: Use RelayBandwidthRate/Burst for exit relays to avoid limiting
-# directory and other non-relay traffic.
+Note: Use RelayBandwidthRate/Burst for exit relays to avoid limiting directory and other non-relay traffic.
 ```
 
 </details>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9d7b70d..7bf9baa 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,8 +18,6 @@ on:
     tags:
       - 'v*.*.*'
 
-# SECURITY: Global permissions set to read-only (principle of least privilege)
-# Individual jobs grant additional permissions as needed
 permissions:
   contents: read
 
@@ -33,7 +31,7 @@ jobs:
     name: 🏷️ Determine Version and Build Type
     runs-on: ubuntu-latest
     permissions:
-      contents: read  # Only needs to read repo for version detection
+      contents: read
     outputs:
       version: ${{ steps.version.outputs.version }}
       build_type: ${{ steps.version.outputs.build_type }}
@@ -94,8 +92,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: determine-version
     permissions:
-      contents: read      # Read repository code
-      packages: write     # Push to GHCR
+      contents: read
+      packages: write
     if: |
       github.event_name != 'workflow_run' ||
       github.event.workflow_run.conclusion == 'success'
@@ -244,7 +242,6 @@ jobs:
             org.opencontainers.image.created=${{ needs.determine-version.outputs.build_date }}
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
-          # Generate SBOM (Software Bill of Materials)
           sbom: true
           provenance: true
 
@@ -313,7 +310,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [determine-version, build-and-push]
     permissions:
-      contents: write     # Create GitHub releases
+      contents: write
     if: needs.determine-version.outputs.is_release == 'true'
 
     steps:
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 64ac73b..99f7edc 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -11,27 +11,16 @@ on:
       - main
       - develop
     paths:
-      # 🐳 Core build and runtime logic
       - 'Dockerfile'
       - 'docker-entrypoint.sh'
-
-      # 🧩 Tools and validation scripts (no .sh extension)
       - 'tools/*'
-
-      # ⚙️ CI/CD workflows
       - '.github/workflows/release.yml'
       - '.github/workflows/validate.yml'
-
-      # 🧱 Template and config files
       - 'templates/**'
       - 'compose*.yml'
       - 'docker-compose*.yml'
-
-      # 🔒 Security or metadata configs
       - '.github/dependabot.yml'
       - '.github/renovate.json'
-
-      # 🧹 Excluded documentation or text files
       - '!**/*.md'
       - '!**/*.txt'
       - '!docs/**'
@@ -421,7 +410,7 @@ jobs:
     permissions:
       contents: read
       security-events: write
-      actions: read  # Required for workflow run information
+      actions: read
 
     steps:
       - name: 📥 Checkout Repository
@@ -453,10 +442,6 @@ jobs:
         with:
           sarif_file: 'trivy-results.sarif'
         continue-on-error: true
-        # Note: SARIF upload requires GitHub Advanced Security for private repos
-        # If upload fails, security results are still available in:
-        # - Human-readable table output (next step)
-        # - JSON artifact (uploaded at end of job)
 
       - name: 📝 SARIF Upload Status
         if: always()