Skip to content

Commit fc3e955

Browse files
AmedeoPellicciaAmedeoPelliccia
authored
Merge pull request #13 from AmedeoPelliccia/copilot/define-governance-ssot
K06-Governance-SSOT-v01
2 parents 4050b34 + 45cbb04 commit fc3e955

9 files changed

+3380
-0
lines changed

.github/workflows/governance-gates.yml

Lines changed: 210 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,210 @@
1+
name: Governance Gates (Comprehensive)
2+
3+
on:
4+
pull_request:
5+
branches: ['main', 'develop']
6+
workflow_dispatch:
7+
8+
jobs:
9+
governance-checks:
10+
runs-on: ubuntu-latest
11+
name: CI Governance Gates
12+
13+
permissions:
14+
contents: read
15+
issues: write
16+
pull-requests: write
17+
18+
steps:
19+
- name: Checkout repository
20+
uses: actions/checkout@v4
21+
with:
22+
fetch-depth: 0
23+
24+
- name: Set up Python
25+
uses: actions/setup-python@v5
26+
with:
27+
python-version: '3.x'
28+
29+
# GATE-001: Nomenclature Validation (BLOCKING)
30+
- name: GATE-001 - Nomenclature Validation
31+
id: nomenclature
32+
run: |
33+
echo "🔍 Running nomenclature validation..."
34+
python validate_nomenclature.py --check-all --strict --verbose
35+
continue-on-error: false
36+
37+
# GATE-005: Identifier Grammar Check (BLOCKING - when script exists)
38+
- name: GATE-005 - Identifier Grammar Check
39+
id: identifier
40+
run: |
41+
echo "🔍 Checking identifier grammar..."
42+
if [ -f "scripts/validate_identifiers.py" ]; then
43+
python scripts/validate_identifiers.py --all
44+
else
45+
echo "⚠️ Script not yet implemented (planned)"
46+
fi
47+
continue-on-error: true
48+
49+
# GATE-002: Schema Registration Check (BLOCKING - when script exists)
50+
- name: GATE-002 - Schema Registration Check
51+
id: schema_registration
52+
run: |
53+
echo "🔍 Checking schema registration..."
54+
if [ -f "scripts/check_schema_registration.py" ]; then
55+
python scripts/check_schema_registration.py --registry ATA91
56+
else
57+
echo "⚠️ Script not yet implemented (planned)"
58+
fi
59+
continue-on-error: true
60+
61+
# GATE-003: Trace Link Integrity Check (BLOCKING - when script exists)
62+
- name: GATE-003 - Trace Link Integrity Check
63+
id: trace_integrity
64+
run: |
65+
echo "🔍 Validating trace link integrity..."
66+
if [ -f "scripts/check_trace_integrity.py" ]; then
67+
python scripts/check_trace_integrity.py --registry ATA93
68+
else
69+
echo "⚠️ Script not yet implemented (planned)"
70+
fi
71+
continue-on-error: true
72+
73+
# GATE-004: Namespace Deduplication Check (BLOCKING - when script exists)
74+
- name: GATE-004 - Namespace Deduplication Check
75+
id: namespace_dedup
76+
run: |
77+
echo "🔍 Checking for duplicate namespace IDs..."
78+
if [ -f "scripts/check_ata99_registry.py" ]; then
79+
python scripts/check_ata99_registry.py --deduplicate
80+
else
81+
echo "⚠️ Script not yet implemented (planned)"
82+
fi
83+
continue-on-error: true
84+
85+
# GATE-006: Detect Governance Changes (LABELING)
86+
- name: GATE-006 - Detect Governance Changes
87+
id: governance_changes
88+
if: github.event_name == 'pull_request'
89+
run: |
90+
echo "🔍 Detecting governance-impacting changes..."
91+
CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...${{ github.sha }})
92+
echo "Changed files:"
93+
echo "$CHANGED_FILES"
94+
95+
# Check for governance-impacting patterns
96+
GOVERNANCE_CHANGE=false
97+
98+
# Pattern 1: Standards (STD files in ATA 00)
99+
if echo "$CHANGED_FILES" | grep -E "00_00_STD_.*\.md$"; then
100+
echo "✓ Governance standard change detected"
101+
GOVERNANCE_CHANGE=true
102+
fi
103+
104+
# Pattern 2: CI workflows
105+
if echo "$CHANGED_FILES" | grep -E "\.github/workflows/.*\.yml$"; then
106+
echo "✓ CI workflow change detected"
107+
GOVERNANCE_CHANGE=true
108+
fi
109+
110+
# Pattern 3: Validation scripts
111+
if echo "$CHANGED_FILES" | grep -E "validate_.*\.py$|scripts/(check|validate|detect).*\.py$"; then
112+
echo "✓ Validation script change detected"
113+
GOVERNANCE_CHANGE=true
114+
fi
115+
116+
# Output result
117+
if [ "$GOVERNANCE_CHANGE" = true ]; then
118+
echo "governance_change=true" >> $GITHUB_OUTPUT
119+
echo "⚠️ Governance change detected - CM WG approval required"
120+
exit 0
121+
else
122+
echo "governance_change=false" >> $GITHUB_OUTPUT
123+
echo "✅ No governance changes detected"
124+
fi
125+
126+
# GATE-006: Label PR for Governance Review
127+
- name: Label PR as Governance Review Required
128+
if: github.event_name == 'pull_request' && steps.governance_changes.outputs.governance_change == 'true'
129+
uses: actions/github-script@v7
130+
with:
131+
script: |
132+
// Add label
133+
await github.rest.issues.addLabels({
134+
owner: context.repo.owner,
135+
repo: context.repo.repo,
136+
issue_number: context.issue.number,
137+
labels: ['governance-review-required']
138+
});
139+
140+
// Add comment
141+
await github.rest.issues.createComment({
142+
owner: context.repo.owner,
143+
repo: context.repo.repo,
144+
issue_number: context.issue.number,
145+
body: `## ⚠️ Governance Change Detected (GATE-006)
146+
147+
This PR modifies governance-impacting files and requires **CM WG approval** before merge.
148+
149+
### Detected Changes
150+
- Governance standards (STD files)
151+
- CI/CD workflows
152+
- Validation scripts
153+
154+
### Required Actions
155+
1. **Request review** from a CM WG member
156+
2. **Address feedback** from CM WG review
157+
3. **Await approval** before merging
158+
159+
### Reference
160+
- **Policy**: 00_00_STD_LC01_SPACET_governance-reference-policy_v01.md §6.3
161+
- **Gate**: GATE-006 (Governance Change Detection)
162+
- **Index**: 00_00_IDX_LC01_SPACET_ci-governance-gates_v01.md
163+
`
164+
});
165+
166+
# GATE-007: Breaking Schema Changes (BLOCKING - when script exists)
167+
- name: GATE-007 - Breaking Schema Change Detection
168+
id: schema_breaking
169+
run: |
170+
echo "🔍 Detecting breaking schema changes..."
171+
if [ -f "scripts/detect_schema_breaking_changes.py" ]; then
172+
python scripts/detect_schema_breaking_changes.py --registry ATA91
173+
else
174+
echo "⚠️ Script not yet implemented (planned)"
175+
fi
176+
continue-on-error: true
177+
178+
# GATE-008: Evidence Link Validation (WARNING)
179+
- name: GATE-008 - Evidence Link Validation
180+
id: evidence_links
181+
run: |
182+
echo "🔍 Validating evidence links..."
183+
if [ -f "scripts/validate_evidence_links.py" ]; then
184+
python scripts/validate_evidence_links.py --all
185+
else
186+
echo "⚠️ Script not yet implemented (planned)"
187+
fi
188+
continue-on-error: true
189+
190+
# Summary Report
191+
- name: Generate Gate Summary
192+
if: always()
193+
run: |
194+
echo "## 📊 Governance Gates Summary"
195+
echo ""
196+
echo "| Gate | Status | Description |"
197+
echo "|------|--------|-------------|"
198+
echo "| GATE-001 | ${{ steps.nomenclature.outcome == 'success' && '✅ PASS' || '❌ FAIL' }} | Nomenclature Validation |"
199+
echo "| GATE-005 | ⏭️ PLANNED | Identifier Grammar Check |"
200+
echo "| GATE-002 | ⏭️ PLANNED | Schema Registration Check |"
201+
echo "| GATE-003 | ⏭️ PLANNED | Trace Link Integrity |"
202+
echo "| GATE-004 | ⏭️ PLANNED | Namespace Deduplication |"
203+
echo "| GATE-006 | ${{ steps.governance_changes.outputs.governance_change == 'true' && '⚠️ REVIEW' || '✅ PASS' }} | Governance Change Detection |"
204+
echo "| GATE-007 | ⏭️ PLANNED | Breaking Schema Detection |"
205+
echo "| GATE-008 | ⏭️ PLANNED | Evidence Link Validation |"
206+
echo ""
207+
echo "✅ PASS: Gate passed"
208+
echo "❌ FAIL: Gate failed (blocking)"
209+
echo "⚠️ REVIEW: Manual review required"
210+
echo "⏭️ PLANNED: Gate not yet implemented"

0 commit comments

Comments
 (0)