-
Notifications
You must be signed in to change notification settings - Fork 141
193 lines (169 loc) · 8.83 KB
/
Copy pathdfxp_compliance_check.yml
File metadata and controls
193 lines (169 loc) · 8.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
name: DFXP Compliance Check
on:
workflow_dispatch: # Manual trigger only
inputs:
notify_slack:
description: 'Send Slack notification'
required: false
default: 'true'
type: choice
options:
- 'true'
- 'false'
permissions:
contents: read
jobs:
dfxp-compliance:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Run DFXP Compliance Check
id: compliance
run: |
mkdir -p ai_artifacts/compliance_checks/dfxp
TMPDIR=$(mktemp -d)
trap 'rm -rf "$TMPDIR"' EXIT
sed -n '/^```python/,/^```/{ /^```/d; p; }' .claude/skills/check-dfxp-compliance/skill.md > "$TMPDIR/dfxp.py"
python3 "$TMPDIR/dfxp.py"
continue-on-error: true
- name: Extract summary metrics
id: metrics
run: |
if [ "${{ steps.compliance.outcome }}" = "failure" ]; then
echo "::warning::Compliance script crashed — check logs for Python errors"
echo "SCRIPT_CRASHED=true" >> $GITHUB_ENV
fi
REPORT=$(ls -t ai_artifacts/compliance_checks/dfxp/compliance_report_*.md 2>/dev/null | head -1)
if [ -n "$REPORT" ]; then
echo "REPORT_EXISTS=true" >> $GITHUB_ENV
echo "REPORT_PATH=${REPORT}" >> $GITHUB_ENV
echo "TOTAL_ISSUES=$(grep -oE 'Total issues\*\*: [0-9]+' "$REPORT" | grep -oE '[0-9]+' || echo unknown)" >> $GITHUB_ENV
echo "MUST_VIOLATIONS=$(grep -oE 'MUST violations\*\*: [0-9]+' "$REPORT" | grep -oE '[0-9]+' || echo unknown)" >> $GITHUB_ENV
echo "VALIDATION_GAPS=$(grep -E '^\| Validation gaps' "$REPORT" | grep -oE '[0-9]+' | head -1 || echo unknown)" >> $GITHUB_ENV
echo "CAVEATS=$(grep -E '^\| Partial/caveats' "$REPORT" | grep -oE '[0-9]+' | head -1 || echo unknown)" >> $GITHUB_ENV
echo "MISSING_RULES=$(grep -E '^\| Missing rules' "$REPORT" | grep -oE '[0-9]+' | head -1 || echo unknown)" >> $GITHUB_ENV
echo "TEST_GAPS=$(grep -E '^\| Test gaps' "$REPORT" | grep -oE '[0-9]+' | head -1 || echo unknown)" >> $GITHUB_ENV
FOOTER=$(grep -E '^\*\*Styling\*\*:' "$REPORT" || echo "")
echo "STY_ROUNDTRIP=$(echo "$FOOTER" | grep -oE 'Styling\*\*: [0-9]+' | grep -oE '[0-9]+' || echo unknown)" >> $GITHUB_ENV
echo "STY_READONLY=$(echo "$FOOTER" | grep -oE '[0-9]+ read-only' | grep -oE '[0-9]+' || echo unknown)" >> $GITHUB_ENV
echo "TIME_SUPPORTED=$(echo "$FOOTER" | grep -oE 'Timing\*\*: [0-9]+' | grep -oE '[0-9]+' || echo unknown)" >> $GITHUB_ENV
echo "ELEM_READ=$(echo "$FOOTER" | grep -oE 'Elements\*\*: [0-9]+' | grep -oE '[0-9]+' || echo unknown)" >> $GITHUB_ENV
echo "PARAM_READ=$(echo "$FOOTER" | grep -oE 'Params\*\*: [0-9]+' | grep -oE '[0-9]+' || echo unknown)" >> $GITHUB_ENV
echo "UNITS_SUPPORTED=$(grep -oE 'Length Units \([0-9]+/5\)' "$REPORT" | grep -oE '[0-9]+' | head -1 || echo unknown)" >> $GITHUB_ENV
else
echo "REPORT_EXISTS=false" >> $GITHUB_ENV
echo "TOTAL_ISSUES=unknown" >> $GITHUB_ENV
fi
- name: Upload compliance report
uses: actions/upload-artifact@v4
if: env.REPORT_EXISTS == 'true'
with:
name: dfxp-compliance-report
path: ai_artifacts/compliance_checks/dfxp/compliance_report_*.md
retention-days: 90
- name: Upload full compliance folder
uses: actions/upload-artifact@v4
if: env.REPORT_EXISTS == 'true'
with:
name: dfxp-compliance-full
path: ai_artifacts/compliance_checks/dfxp/
retention-days: 90
- name: Get artifact URL
id: artifact_url
run: |
echo "ARTIFACT_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV
- name: Check Slack token availability
id: slack_check
run: |
if [ -n "$SLACK_TOKEN" ] && [ -n "$SLACK_CHANNEL" ]; then
echo "available=true" >> $GITHUB_OUTPUT
else
echo "available=false" >> $GITHUB_OUTPUT
fi
env:
SLACK_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL_ID }}
- name: Notify Slack - Success
uses: archive/github-actions-slack@f530f3aa696b2eef0e5aba82450e387bd7723903 # v2.0.0
if: env.REPORT_EXISTS == 'true' && env.SCRIPT_CRASHED != 'true' && github.event.inputs.notify_slack == 'true' && steps.slack_check.outputs.available == 'true'
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }}
slack-channel: ${{ secrets.SLACK_CHANNEL_ID }}
slack-text: |
:memo: *DFXP/TTML Compliance Check Complete*
*Total Issues*: ${{ env.TOTAL_ISSUES }}
*MUST Violations*: ${{ env.MUST_VIOLATIONS }}
*Validation Gaps*: ${{ env.VALIDATION_GAPS }}
*Implementation Caveats*: ${{ env.CAVEATS }}
*Missing Rules*: ${{ env.MISSING_RULES }}
*Styling*: ${{ env.STY_ROUNDTRIP }}/24 round-trip (${{ env.STY_READONLY }} read-only)
*Timing*: ${{ env.TIME_SUPPORTED }}/8
*Elements*: ${{ env.ELEM_READ }}/11 read
*Parameters*: ${{ env.PARAM_READ }}/11 read
*Units*: ${{ env.UNITS_SUPPORTED }}/5
*Test Gaps*: ${{ env.TEST_GAPS }}
*Report Location*: `${{ env.REPORT_PATH }}`
*Artifacts*: <${{ env.ARTIFACT_URL }}|View in GitHub Actions>
Triggered by: *${{ github.actor }}*
- name: Notify Slack - Failure
uses: archive/github-actions-slack@f530f3aa696b2eef0e5aba82450e387bd7723903 # v2.0.0
if: env.REPORT_EXISTS == 'false' && github.event.inputs.notify_slack == 'true' && steps.slack_check.outputs.available == 'true'
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }}
slack-channel: ${{ secrets.SLACK_CHANNEL_ID }}
slack-text: |
:x: *DFXP/TTML Compliance Check Failed*
The compliance check script encountered an error.
*Run*: <${{ env.ARTIFACT_URL }}|View logs in GitHub Actions>
Triggered by: *${{ github.actor }}*
- name: Slack notification skipped
if: github.event.inputs.notify_slack == 'true' && steps.slack_check.outputs.available == 'false'
run: |
echo "Slack notification requested but SLACK_BOT_TOKEN not available"
- name: Create job summary
if: always()
run: |
echo "## DFXP/TTML Compliance Check Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ "$REPORT_EXISTS" == "true" ]; then
echo "**Compliance check completed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Metrics" >> $GITHUB_STEP_SUMMARY
echo "- **Total Issues**: $TOTAL_ISSUES" >> $GITHUB_STEP_SUMMARY
echo "- **MUST Violations**: $MUST_VIOLATIONS" >> $GITHUB_STEP_SUMMARY
echo "- **Validation Gaps**: $VALIDATION_GAPS" >> $GITHUB_STEP_SUMMARY
echo "- **Implementation Caveats**: $CAVEATS" >> $GITHUB_STEP_SUMMARY
echo "- **Missing Rules**: $MISSING_RULES" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Coverage" >> $GITHUB_STEP_SUMMARY
echo "- **Styling**: $STY_ROUNDTRIP/24 round-trip ($STY_READONLY read-only)" >> $GITHUB_STEP_SUMMARY
echo "- **Timing**: $TIME_SUPPORTED/8 formats" >> $GITHUB_STEP_SUMMARY
echo "- **Elements**: $ELEM_READ/11 read" >> $GITHUB_STEP_SUMMARY
echo "- **Parameters**: $PARAM_READ/11 read" >> $GITHUB_STEP_SUMMARY
echo "- **Units**: $UNITS_SUPPORTED/5" >> $GITHUB_STEP_SUMMARY
echo "- **Test Gaps**: $TEST_GAPS" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Report" >> $GITHUB_STEP_SUMMARY
echo "Report saved to: \`$REPORT_PATH\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Download artifacts from the [Actions tab]($ARTIFACT_URL)" >> $GITHUB_STEP_SUMMARY
else
echo "**Compliance check failed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Check the logs for errors." >> $GITHUB_STEP_SUMMARY
fi
- name: Fail job on script crash
if: env.SCRIPT_CRASHED == 'true'
run: |
echo "::error::Compliance script crashed — failing job"
exit 1