polymech/zeroclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c14e097fe7
zeroclaw/docs/operations/required-check-mapping.md

51 lines
2.4 KiB
Markdown
Raw Blame History

# Required Check Mapping
This document maps merge-critical workflows to expected check names.
## Merge to `dev` / `main`
| Required check name | Source workflow | Scope |
| --- | --- | --- |
| `CI Required Gate` | `.github/workflows/ci-run.yml` | core Rust/doc merge gate |
| `Security Required Gate` | `.github/workflows/sec-audit.yml` | aggregated security merge gate |
Supplemental monitors (non-blocking unless added to branch protection contexts):
- `CI Change Audit` (`.github/workflows/ci-change-audit.yml`)
- `CodeQL Analysis` (`.github/workflows/sec-codeql.yml`)
- `Workflow Sanity` (`.github/workflows/workflow-sanity.yml`)
- `Feature Matrix Summary` (`.github/workflows/feature-matrix.yml`)
Feature matrix lane check names (informational, non-required):
- `Matrix Lane (default)`
- `Matrix Lane (whatsapp-web)`
- `Matrix Lane (browser-native)`
- `Matrix Lane (nightly-all-features)`
## Release / Pre-release
| Required check name | Source workflow | Scope |
| --- | --- | --- |
| `Verify Artifact Set` | `.github/workflows/pub-release.yml` | release completeness |
| `Pre-release Guard` | `.github/workflows/pub-prerelease.yml` | stage progression + tag integrity |
| `Nightly Summary & Routing` | `.github/workflows/feature-matrix.yml` (`profile=nightly`) | overnight integration signal |
## Verification Procedure
1. Check active branch protection required contexts:
- `gh api repos/zeroclaw-labs/zeroclaw/branches/main/protection --jq '.required_status_checks.contexts[]'`
2. Resolve latest workflow run IDs:
- `gh run list --repo zeroclaw-labs/zeroclaw --workflow feature-matrix.yml --limit 1`
- `gh run list --repo zeroclaw-labs/zeroclaw --workflow ci-run.yml --limit 1`
3. Enumerate check/job names and compare to this mapping:
- `gh run view <run_id> --repo zeroclaw-labs/zeroclaw --json jobs --jq '.jobs[].name'`
4. If any merge-critical check name changed, update this file before changing branch protection policy.
## Notes
- Use pinned `uses:` references for all workflow actions.
- Keep check names stable; renaming check jobs can break branch protection rules.
- GitHub scheduled/manual discovery for workflows is default-branch driven. If a release/nightly workflow only exists on a non-default branch, merge it into the default branch before expecting schedule visibility.
- Update this mapping whenever merge-critical workflows/jobs are added or renamed.
Reference in New Issue View Git Blame Copy Permalink