ci: reduce non-blocking workflow load

2026-02-27 20:38:35 +00:00 · 2026-02-27 20:38:35 +00:00 · a5cd875f1b
commit a5cd875f1b
parent 6da4a321b8
3 changed files with 2 additions and 90 deletions
--- a/.github/workflows/ci-connectivity-probes.yml
+++ b/.github/workflows/ci-connectivity-probes.yml
@ -1,74 +0,0 @@
-name: Connectivity Probes (Legacy Wrapper)
-
-on:
-    workflow_dispatch:
-        inputs:
-            enforcement_mode:
-                description: "enforce = fail when critical endpoints are unreachable; report-only = never fail run"
-                type: choice
-                required: false
-                default: enforce
-                options:
-                    - enforce
-                    - report-only
-
-concurrency:
-    group: connectivity-probes-${{ github.ref_name }}
-    cancel-in-progress: true
-
-permissions:
-    contents: read
-
-env:
-    GIT_CONFIG_COUNT: "1"
-    GIT_CONFIG_KEY_0: core.hooksPath
-    GIT_CONFIG_VALUE_0: /dev/null
-
-
-jobs:
-    probes:
-        name: Provider Connectivity Probes
-        runs-on: [self-hosted, aws-india]
-        timeout-minutes: 20
-        steps:
-            - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
-
-            - name: Legacy wrapper note
-              shell: bash
-              run: |
-                  set -euo pipefail
-                  {
-                    echo "### Connectivity Probes (Legacy Wrapper)"
-                    echo "- Preferred workflow: \`CI Provider Connectivity\`"
-                    echo "- This run uses the shared endpoint-config probe engine."
-                  } >> "$GITHUB_STEP_SUMMARY"
-
-            - name: Run provider connectivity matrix
-              shell: bash
-              env:
-                  ENFORCEMENT_MODE: ${{ github.event.inputs.enforcement_mode || 'enforce' }}
-              run: |
-                  set -euo pipefail
-                  fail_on_critical="true"
-                  if [ "${ENFORCEMENT_MODE}" = "report-only" ]; then
-                    fail_on_critical="false"
-                  fi
-
-                  cmd=(python3 scripts/ci/provider_connectivity_matrix.py
-                    --config .github/connectivity/providers.json
-                    --output-json connectivity-report.json
-                    --output-md connectivity-summary.md)
-                  if [ "$fail_on_critical" = "true" ]; then
-                    cmd+=(--fail-on-critical)
-                  fi
-                  "${cmd[@]}"
-
-            - name: Upload connectivity artifacts
-              if: always()
-              uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-              with:
-                  name: connectivity-probes-${{ github.run_id }}
-                  if-no-files-found: error
-                  path: |
-                      connectivity-report.json
-                      connectivity-summary.md
--- a/docs/ci-map.md
+++ b/docs/ci-map.md
@ -47,10 +47,6 @@ Merge-blocking checks should stay small and deterministic. Optional checks are u
    - Purpose: dependency advisories (`rustsec/audit-check`, pinned SHA), policy/license checks (`cargo deny`), gitleaks-based secrets governance (allowlist policy metadata + expiry guard), and SBOM snapshot artifacts (`CycloneDX` + `SPDX`)
 - `.github/workflows/sec-codeql.yml` (`CodeQL Analysis`)
    - Purpose: static analysis for security findings on PR/push (Rust/codeql paths) plus scheduled/manual runs
- `.github/workflows/ci-connectivity-probes.yml` (`Connectivity Probes`)
-    - Purpose: legacy manual wrapper for provider endpoint probe diagnostics (delegates to config-driven probe engine)
-    - Output: uploads `connectivity-report.json` and `connectivity-summary.md`
-    - Usage: prefer `CI Provider Connectivity` for scheduled + PR/push coverage
 - `.github/workflows/ci-change-audit.yml` (`CI/CD Change Audit`)
    - Purpose: machine-auditable diff report for CI/security workflow changes (line churn, new `uses:` references, unpinned action-policy violations, pipe-to-shell policy violations, broad `permissions: write-all` grants, new `pull_request_target` trigger introductions, new secret references)
 - `.github/workflows/ci-provider-connectivity.yml` (`CI Provider Connectivity`)
--- a/docs/operations/connectivity-probes-runbook.md
+++ b/docs/operations/connectivity-probes-runbook.md
@ -10,10 +10,6 @@ Primary workflow:

 - `.github/workflows/ci-provider-connectivity.yml`

-Legacy compatibility wrapper (manual only):
-
- `.github/workflows/ci-connectivity-probes.yml`
-
 Probe engine and config:

 - `scripts/ci/provider_connectivity_matrix.py`
@ -47,18 +43,12 @@ Enforcement policy:
 - critical endpoint unreachable + `fail_on_critical=true` -> workflow fails
 - non-critical endpoint unreachable -> reported but non-blocking

-`Connectivity Probes (Legacy Wrapper)` behavior:
-
- manual dispatch only
- accepts `enforcement_mode=enforce|report-only`
- delegates to the same `providers.json` probe engine
-
 ## CI Artifacts

 Per run artifacts include:

- `provider-connectivity-matrix.json` or `connectivity-report.json`
- `provider-connectivity-matrix.md` or `connectivity-summary.md`
+- `provider-connectivity-matrix.json`
+- `provider-connectivity-matrix.md`
 - normalized audit event JSON when emitted by workflow

 Markdown summary is appended to `GITHUB_STEP_SUMMARY`.