Skip to content

revert(cicd_rules): drop duplicate scorecard rule (#390 dup of #403 WF018)#407

Merged
hyperpolymath merged 1 commit into
mainfrom
claude/gracious-mendel-WIXFG
May 30, 2026
Merged

revert(cicd_rules): drop duplicate scorecard rule (#390 dup of #403 WF018)#407
hyperpolymath merged 1 commit into
mainfrom
claude/gracious-mendel-WIXFG

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 30, 2026

Why

PR #404 (merged earlier this session) added scorecard_wrapper_missing_job_permissions to cicd_rules.ex for #390. But PR #403 had concurrently implemented the same #390 detection as WF018 (check_scorecard_wrapper_missing_job_permissions) in workflow_audit.ex — its canonical home alongside WF019/WF020. Both landed on main, so the scorecard-wrapper finding is now detected twice.

Per the owner's call, this removes the redundant cicd_rules copy, keeping WF018 as the single implementation.

What

Pure deletion of #404's additions:

  • lib/rules/cicd_rules.ex — the scorecard_wrapper_missing_job_permissions rule (scan_/check_ fns, module attrs, scorecard_wrapper_path?/1)
  • lib/rules/rules.ex — the facade defdelegate
  • test/rules/cicd_rules_scorecard_wrapper_test.exs — deleted
  • CHANGELOG.md / CHANGELOG.adoc — the Add cicd rule: scorecard_wrapper_missing_job_permissions #390 entries

The duplicate_cron_schedule rule (#362) and #405's :nodejs_detected carve-outs in the same file are untouched.

Verified at source (local Elixir 1.14)

  • isolated elixirc on cicd_rules.ex0 warnings / 0 errors
  • format-isolation (HEAD vs branch, both 1.14-formatted) → +0 / −96 on cicd_rules.ex = pure removal, no reflow
  • 0 residual references to the removed rule; WF018 intact in workflow_audit.ex

(#390 is already closed by #403, so no closing keyword here.)

Generated by Claude Code

@claude
revert(cicd_rules): drop duplicate scorecard rule (#390 already done by
2e0a617 
#403 WF018)

PR #404 added scorecard_wrapper_missing_job_permissions to cicd_rules.ex,
but PR #403 had concurrently implemented the same #390 detection as WF018
(check_scorecard_wrapper_missing_job_permissions) in workflow_audit.ex — its
canonical home alongside WF019/WF020. This removes the redundant cicd_rules
copy (rule, facade delegate, test, changelog entries); WF018 stays as the
single implementation.

Verified locally (Elixir 1.14): cicd_rules.ex compiles with zero warnings;
format-isolation confirms a pure deletion with no pre-existing reformat.

https://claude.ai/code/session_01J8oLNn6MjKDRRUF65e2jLf
@hyperpolymath hyperpolymath marked this pull request as ready for review May 30, 2026 23:18
@hyperpolymath hyperpolymath merged commit 64aa1a1 into main May 30, 2026
1 of 27 checks passed
@hyperpolymath hyperpolymath deleted the claude/gracious-mendel-WIXFG branch May 30, 2026 23:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hyperpolymath @claude