Chore/rust ci reusable wrapper#19
Merged
Merged
Conversation
Replaces the per-repo `rust-ci.yml` copy with a 5-line wrapper invoking the shared reusable workflow in `hyperpolymath/standards` (PR #174). Pinned to PR #174's HEAD SHA `4fdf4314b4ab54269adbaff10e30e483b5e86845`; will resolve to standards/main once #174 merges. Estate audit found ~87 rust-ci.yml copies across the estate; this is one of them. The reusable provides identical cargo check/clippy/fmt/test behaviour with opt-in `enable_audit` + `enable_coverage` inputs. Pattern precedent: standards#168 (governance-reusable) + downstream wrappers absolute-zero#41 + tma-mark2#41. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ript example Resolves the three persistent red checks on this PR: 1. **CodeQL Security Analysis** (was: `analyze (javascript-typescript, none)`) The default scaffolded matrix scanned `javascript-typescript`, but this repo has zero JS/TS source — every run exited with `Only found JavaScript or TypeScript files that were empty or contained syntax errors`. Switched the matrix to `actions` (per hypatia rule `codeql_language_matrix_mismatch`), which scans workflow files and succeeds on every repo. 2. **Governance / Workflow security linter** `k9-svc-validation.yml` was missing the SPDX header and top-level `permissions:` declaration that the standards governance bundle requires of every workflow. Added SPDX, `permissions: contents: read`, pinned `actions/checkout` to its v6.0.2 SHA, fixed the broken `set -euo` (was missing `pipefail`), removed non-ASCII glyphs. 3. **Governance / Language / package anti-pattern policy** `examples/SafeDOMExample.res` was the last ReScript file in the repo and tripped the estate-wide ReScript ban (banned in favour of AffineScript). Replaced with the canonical `SafeDOMExample.affine` (byte-identical to the one landed in `burble#92`, `gitbot-fleet#210`, `claude-gecko#30`, which were sweep-migrated under `gitbot-fleet#208`). This repo was missed by the original sweep — see the project-memory remediation for the recurrence rules being filed to prevent this. Refs hyperpolymath/gitbot-fleet#208, #210; hyperpolymath/burble#92.
🔍 Hypatia Security ScanFindings: 82 issues detected
View findings[
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "unknown",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "unknown",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "unknown",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in codeql.yml",
"type": "unknown",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "unknown",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "unknown",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "unknown",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "unknown",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "unknown",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
RSR Quality Checklist
Required
just testor equivalent)just fmtor equivalent)unsafeblocks without// SAFETY:commentsbelieve_me,unsafeCoerce,Obj.magic,Admitted,sorry).envfiles includedAs Applicable
.machine_readable/STATE.a2mlupdated (if project state changed).machine_readable/ECOSYSTEM.a2mlupdated (if integrations changed).machine_readable/META.a2mlupdated (if architectural decisions changed)TOPOLOGY.mdupdated (if architecture changed)CHANGELOGor release notes updatedsrc/interface/abi/andsrc/interface/ffi/consistent)Testing
Screenshots