Skip to content

fix(#94): align required status checks ruleset with _required.yml jobs#166

Open
mvillmow wants to merge 2 commits into
mainfrom
94-auto-impl
Open

fix(#94): align required status checks ruleset with _required.yml jobs#166
mvillmow wants to merge 2 commits into
mainfrom
94-auto-impl

Conversation

@mvillmow

@mvillmow mvillmow commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Align the homeric-main-baseline repository ruleset's required-status-checks with the actual job inventory in .github/workflows/_required.yml. This fixes the audit finding that PRs could merge despite breaking TypeScript types, security scans, markdownlint, pixi-check, or justfile validation.

Changes

Test plan

  • Regression test passes locally (checks a/b/c)
  • TypeScript type checking works
  • verify-issue-92-invariants.sh passes
  • YAML is valid
  • All changes staged and committed with GPG signature

Closes #94

Co-Authored-By: Claude Haiku 4.5 noreply@anthropic.com

mvillmow and others added 2 commits June 28, 2026 10:12
Add 5 missing required status checks to the homeric-main-baseline ruleset
(forbid-suppressions, markdownlint, pixi-check, justfile-check, symlink-check)
and consolidate TypeScript type-checking into the lint job instead of a
separate typecheck job. This addresses the issue where PRs could merge despite
breaking TypeScript types, security scans, markdownlint, pixi-check, or
justfile validation.

Changes:
- Fold TypeScript (tsc --noEmit) into _required.yml/lint as a step
- Move verify-issue-92-invariants.sh regression guard into lint job
- Add 5 missing contexts to the branch protection ruleset
- Create regression test (test-required-checks-ruleset.sh) to prevent drift
- Delete ci.yml (now-redundant jobs merged into _required.yml)
- Update docs/branch-protection.md with complete list of 13 required contexts
- Create auxiliary JSON files for classic branch protection update
- Update dagger/src/index.ts to fix #92 invariants (npm cache, scoping, JSON output)

Closes #94

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
Analysis of issue #94 implementation identified no in-scope follow-ups.
Rejected items (regression test robustness, remediation-plan update) are
either non-critical or addressed by guard conditions / non-existent files.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
@mvillmow mvillmow enabled auto-merge (squash) June 28, 2026 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

1 participant