Files
wehub-resource-sync e011bb26cd
Lint skills / Validate catalog structure (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:36:55 +08:00

57 lines
1.9 KiB
YAML

name: Workflows manifest
on:
pull_request:
paths:
- "workflows/**"
- "SKILLS.lock"
- "tools/gen_workflows_lock.py"
- "tools/check_workflow_drift.py"
- ".github/workflows/workflows-manifest.yml"
jobs:
verify-lock:
name: WORKFLOWS.lock is current
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Verify WORKFLOWS.lock
run: python tools/gen_workflows_lock.py --check
drift-check:
name: Bound skills exist in SKILLS.lock
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Check workflow-to-catalog drift
run: python tools/check_workflow_drift.py
fence-test:
name: SKILLS.lock untouched by the workflows tier
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
with:
fetch-depth: 0
- name: Assert the fence
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
run: |
touches_workflows=$(git diff --name-only "$BASE_SHA" HEAD -- \
workflows/ tools/gen_workflows_lock.py tools/check_workflow_drift.py)
skills_lock_changed=$(git diff --name-only "$BASE_SHA" HEAD -- SKILLS.lock)
if [ -n "$touches_workflows" ] && [ -n "$skills_lock_changed" ]; then
echo "FENCE BREACH: this PR changes both the workflows tier and SKILLS.lock."
echo "The workflows tier lives outside the skills source tree and must not"
echo "perturb the skills manifest. Split the skill change into its own PR."
git diff --stat "$BASE_SHA" HEAD -- SKILLS.lock
exit 1
fi
echo "Fence holds: SKILLS.lock is byte-identical to base for this workflows-tier PR."