diff --git a/.github/workflows/governance-reusable.yml b/.github/workflows/governance-reusable.yml index cd802085..87b99f3f 100644 --- a/.github/workflows/governance-reusable.yml +++ b/.github/workflows/governance-reusable.yml @@ -312,9 +312,7 @@ jobs: RES_FILES=$(git ls-files '*.res' || true) GO_FILES=$(git ls-files '*.go' || true) PY_FILES=$(git ls-files '*.py' \ - | grep -v salt | grep -v _states \ - | grep -v _modules | grep -v pillar | grep -v venv \ - | grep -v __pycache__ || true) + | grep -v venv | grep -v __pycache__ || true) MAKE_FILES=$(git ls-files 'Makefile' 'Makefile.*' '*.mk' \ | grep -v '\.github/' || true) JAVA_FILES=$(git ls-files '*.java' '*.kt' '*.kts' || true) @@ -328,7 +326,7 @@ jobs: enforce "ReScript files" "use AffineScript instead" "$RES_FILES" enforce "Go files" "use Rust/WASM instead" "$GO_FILES" - enforce "Python files" "only allowed for SaltStack" "$PY_FILES" + enforce "Python files" "Python is fully banned — use AffineScript/Rust/SPARK/Julia (SaltStack carveout removed 2026-01-03)" "$PY_FILES" enforce "Makefiles" "use Mustfile/justfile instead" "$MAKE_FILES" enforce "Java/Kotlin files" "use Rust/Tauri/Dioxus instead" "$JAVA_FILES" enforce "Swift files" "use Tauri/Dioxus instead" "$SWIFT_FILES" @@ -430,7 +428,7 @@ jobs: - name: Summary run: | echo "RSR language/package policy passed — allowed: AffineScript, Deno," - echo "WASM, Rust, OCaml, Haskell, Guile/Scheme, SaltStack (Python)." + echo "WASM, Rust, OCaml, Haskell, Guile/Scheme." package-policy: name: Guix primary / Nix fallback policy diff --git a/consent-aware-http/.github/workflows/language-policy.yml b/consent-aware-http/.github/workflows/language-policy.yml index 2811e465..a4fc56ec 100644 --- a/consent-aware-http/.github/workflows/language-policy.yml +++ b/consent-aware-http/.github/workflows/language-policy.yml @@ -8,8 +8,8 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Enforce language policies run: | - # Block new Python files (except SaltStack) - NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' | grep -v 'salt' || true) + # Block new Python files (Python fully banned 2026-01-03 — SaltStack carveout removed) + NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' || true) if [ -n "$NEW_PY" ]; then echo "❌ New Python files detected. Use Rust or AffineScript instead." echo "$NEW_PY" diff --git a/rhodium-standard-repositories/.github/workflows/language-policy.yml b/rhodium-standard-repositories/.github/workflows/language-policy.yml index da03b52d..aabcb9af 100644 --- a/rhodium-standard-repositories/.github/workflows/language-policy.yml +++ b/rhodium-standard-repositories/.github/workflows/language-policy.yml @@ -11,8 +11,8 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Enforce language policies run: | - # Block new Python files (except SaltStack) - NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' | grep -v 'salt' || true) + # Block new Python files (Python fully banned 2026-01-03 — SaltStack carveout removed) + NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' || true) if [ -n "$NEW_PY" ]; then echo "❌ New Python files detected. Use Rust or AffineScript instead." echo "$NEW_PY" diff --git a/rhodium-standard-repositories/satellites/consent-aware-http/.github/workflows/language-policy.yml b/rhodium-standard-repositories/satellites/consent-aware-http/.github/workflows/language-policy.yml index 1c12dccd..404f0723 100644 --- a/rhodium-standard-repositories/satellites/consent-aware-http/.github/workflows/language-policy.yml +++ b/rhodium-standard-repositories/satellites/consent-aware-http/.github/workflows/language-policy.yml @@ -7,8 +7,8 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Enforce language policies run: | - # Block new Python files (except SaltStack) - NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' | grep -v 'salt' || true) + # Block new Python files (Python fully banned 2026-01-03 — SaltStack carveout removed) + NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' || true) if [ -n "$NEW_PY" ]; then echo "❌ New Python files detected. Use Rust or AffineScript instead." echo "$NEW_PY" diff --git a/rhodium-standard-repositories/satellites/palimpsest-license/.github/workflows/language-policy.yml b/rhodium-standard-repositories/satellites/palimpsest-license/.github/workflows/language-policy.yml index 0220de5f..9d5d1fbc 100644 --- a/rhodium-standard-repositories/satellites/palimpsest-license/.github/workflows/language-policy.yml +++ b/rhodium-standard-repositories/satellites/palimpsest-license/.github/workflows/language-policy.yml @@ -7,8 +7,8 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Enforce language policies run: | - # Block new Python files (except SaltStack) - NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' | grep -v 'salt' || true) + # Block new Python files (Python fully banned 2026-01-03 — SaltStack carveout removed) + NEW_PY=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -E '\.py$' || true) if [ -n "$NEW_PY" ]; then echo "❌ New Python files detected. Use Rust or AffineScript instead." echo "$NEW_PY"