55 lines
1.6 KiB
YAML
55 lines
1.6 KiB
YAML
name: Fix-Marker Regression Guard
|
|
|
|
# Asserts that previously-shipped fixes are still present in the tree.
|
|
# Manifest: scripts/fix-markers.json Checker: scripts/check_fix_markers.py
|
|
# Run locally: python scripts/check_fix_markers.py (also --list / --json)
|
|
#
|
|
# This complements the heavyweight checks (firmware build, deterministic
|
|
# pipeline proof, witness bundle) with a fast per-PR "did someone revert a
|
|
# known fix?" gate — the CI analogue of the ruflo witness fix-marker system.
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
fix-markers:
|
|
name: Verify fix markers
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-python@v6
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Validate the manifest is well-formed JSON
|
|
run: python -c "import json; json.load(open('scripts/fix-markers.json')); print('manifest OK')"
|
|
|
|
- name: Check fix markers
|
|
run: python scripts/check_fix_markers.py
|
|
|
|
- name: Emit machine-readable result (for the run summary)
|
|
if: always()
|
|
run: |
|
|
python scripts/check_fix_markers.py --json > fix-markers-result.json || true
|
|
{
|
|
echo '### Fix-marker regression guard'
|
|
echo ''
|
|
echo '```'
|
|
python scripts/check_fix_markers.py || true
|
|
echo '```'
|
|
} >> "$GITHUB_STEP_SUMMARY"
|
|
|
|
- name: Upload result artifact
|
|
if: always()
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: fix-markers-result
|
|
path: fix-markers-result.json
|
|
retention-days: 30
|