Skip to content
Validate skills (PII + structure)

Merge pull request #180 from Aperivue/feat/v46-update-notify-hook #377

Sign in to view logs

Merge pull request #180 from Aperivue/feat/v46-update-notify-hook

Merge pull request #180 from Aperivue/feat/v46-update-notify-hook #377

Workflow file for this run

.github/workflows/validate.yml at 4ea3f94
name: Validate skills (PII + structure)
# Server-side enforcement of validate_skills.sh.
# This catches commits that bypassed the local pre-commit hook
# (--no-verify, different machine, different user) before they reach main.
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install Python test dependencies
run: pip install pyyaml pandas numpy python-pptx python-docx
- name: Install exiftool + poppler (EXIF scan + check_asset_anonymization PDF text/metadata)
run: sudo apt-get update && sudo apt-get install -y libimage-exiftool-perl poppler-utils
- name: Run validate_skills.sh (PII + structure)
run: bash scripts/validate_skills.sh
# --- self-update foundation (PR-1a): manifests, version drift, transactional installer ---
- name: Distribution manifests in sync (gen_distribution_manifest.py --check)
run: python3 scripts/gen_distribution_manifest.py --check
- name: Version consistency (CITATION == package.json == distribution_manifest)
run: python3 scripts/check_version_consistency.py
- name: Distribution manifest + scope-pinning test
run: python3 installers/tests/test_distribution_manifest.py
- name: Transactional installer crash-recovery + legacy-migration test
run: python3 installers/tests/test_txn.py
- name: Updater verify / safe-extract / check-update test (offline)
run: python3 installers/tests/test_update.py
- name: install.py transactional self-test (no host/state dir touched)
run: python3 installers/install.py --self-test
- name: Opt-in SessionStart update-notify hook test (settings merge + hook logic, offline)
run: python3 installers/tests/test_session_hook.py
- name: Release-ZIP provenance + updater-consumability round-trip (build -> safe-extract)
run: bash installers/tests/test_release_zip.sh
- name: Run validate_routing_assets.py (SKILL.md asset references must exist)
run: python3 scripts/validate_routing_assets.py --strict
- name: Run validate_routing_assets.py self-test (dangling references/ pointer fails)
run: bash tests/test_routing_assets.sh
- name: Run check_domain_probe_sync.py (vendored domain probes must be byte-identical)
run: python3 scripts/check_domain_probe_sync.py --strict
- name: Run check_locale_inventory.py (Korean-bearing files must be inventory-justified)
run: python3 scripts/check_locale_inventory.py
- name: Run check_locale_inventory.py self-test
run: bash tests/test_locale_inventory.sh
- name: Run self-review panel-mode structural + PII test
run: bash skills/self-review/tests/test_panel_mode.sh
- name: Run self-review reference-adequacy gate test
run: bash skills/self-review/tests/test_reference_adequacy.sh
- name: Run validate_catalog_consistency.py (doc counts must match disk SSOT)
run: python3 scripts/validate_catalog_consistency.py
- name: Run gen_skill_docs.py --check (per-skill docs must match SKILL.md)
run: python3 scripts/gen_skill_docs.py --check
- name: Run gen_skill_docs _ignorable regression test (worktree dotted-ancestor counts)
run: bash tests/test_gen_skill_docs_ignorable.sh
- name: Run gen_skills_catalog_json.py --check (storefront catalog SSOT)
run: python3 scripts/gen_skills_catalog_json.py --check
- name: Run skills_catalog generator self-test
run: bash tests/test_skills_catalog_json.sh
- name: Run gen_marketplace_json.py --check (plugin marketplace SSOT)
run: python3 scripts/gen_marketplace_json.py --check
- name: Run marketplace generator self-test
run: bash tests/test_marketplace_json.sh
- name: Run gen_detectors_catalog_json.py --check (MedSci-Audit detector SSOT)
run: python3 scripts/gen_detectors_catalog_json.py --check
- name: Run detectors_catalog generator self-test
run: bash tests/test_detectors_catalog_json.sh
- name: Run sync_hero_skill.py generator self-test (standalone mirror build)
run: bash tests/test_sync_hero_skill.sh
- name: Run analyze-stats survival template test (A1)
run: bash skills/analyze-stats/tests/test_survival_template.sh
- name: Run sync-submission asset-anonymization gate test (A2)
run: bash skills/sync-submission/tests/test_asset_anonymization.sh
- name: Run sync-submission disclosure/availability detector test
run: bash skills/sync-submission/tests/test_disclosure_availability.sh
- name: Run academic-aio summary-box detector test
run: bash skills/academic-aio/tests/test_summary_box.sh
- name: Run write-paper title-page affiliation-order test
run: bash skills/write-paper/tests/test_title_page_affiliations.sh
- name: Run sync-submission cross-artifact staleness gate test (A3)
run: bash skills/sync-submission/tests/test_cross_artifact_stale.sh
- name: Run check-reporting checklist-version gate test (A4)
run: bash skills/check-reporting/tests/test_checklist_version.sh
- name: Run write-paper placeholder gate test (A5)
run: bash skills/write-paper/tests/test_placeholders.sh
- name: Run sync-submission preflight gate test (A6)
run: bash skills/sync-submission/tests/test_preflight_gate.sh
- name: Run sync-submission word-count-cap gate test (A7)
run: bash skills/sync-submission/tests/test_wordcount_cap.sh
- name: Run verify-refs corporate-author gate test (A8)
run: bash skills/verify-refs/tests/test_corporate_author.sh
- name: Run verify-refs OpenAlex tertiary-index test (A8b)
run: bash skills/verify-refs/tests/test_openalex_tier.sh
- name: Run self-review parenthesis-span corruption gate test (A9)
run: bash skills/self-review/tests/test_paren_spans.sh
- name: Run self-review classical-style gate test (A10)
run: bash skills/self-review/tests/test_classical_style.sh
- name: Run self-review confounding-completeness gate test (A11)
run: bash skills/self-review/tests/test_confounding_completeness.sh
- name: Run sync-submission supplement-assembler test (A12)
run: bash skills/sync-submission/tests/test_assemble_supplement.sh
- name: Run render-pdf-doc glyph-coverage scan test (A13)
run: bash skills/render-pdf-doc/tests/test_glyph_coverage.sh
- name: Run author-strategy archetype-classifier test (A14)
run: bash skills/author-strategy/tests/test_archetype_classifier.sh
# --- Tier 0/1 skill regression tests (existing + new, now CI-wired) ---
- name: Run make-figures legend-reconcile test
run: bash skills/make-figures/tests/test_legend_reconcile.sh
- name: Run clean-data structural-zero test
run: bash skills/clean-data/tests/test_structural_zero.sh
- name: Run clean-data reverse-coding test
run: bash skills/clean-data/tests/test_reverse_coding.sh
- name: Run lit-sync poll-logic test
run: bash skills/lit-sync/tests/test_poll_logic.sh
- name: Run meta-analysis pool-consistency test
run: bash skills/meta-analysis/tests/test_pool_consistency.sh
- name: Run generate-codebook test
run: bash skills/generate-codebook/tests/test_generate_codebook.sh
- name: Run present-paper speaker-notes markdown test
run: python3 skills/present-paper/tests/test_speaker_notes_markdown.py
- name: Run version-dataset manifest/verify test
run: bash skills/version-dataset/tests/test_version_dataset.sh
- name: Run manage-refs vN-docx cross-reference test
run: bash skills/manage-refs/tests/test_vN_docx_check.sh
- name: Run polish-language consistency-linter challenge
run: bash skills/polish-language/scripts/lint_challenge/verify.sh
- name: Run deidentify PHI-scan contract test
run: bash skills/deidentify/tests/test_deidentify_scan.sh
- name: Run fill-icmje-coi form-clone contract test
run: bash skills/fill-icmje-coi/tests/test_fill_icmje_coi.sh
- name: Run academic-aio schema-validator test
run: bash skills/academic-aio/tests/test_validate_schema.sh
- name: Run academic-aio metadata-audit test
run: bash skills/academic-aio/tests/test_batch_metadata_audit.sh
- name: Run fill-protocol form-fill test
run: bash skills/fill-protocol/tests/test_fill_form.sh
- name: Run fulltext-retrieval pdf_to_md helper test
run: python3 skills/fulltext-retrieval/tests/test_pdf_to_md.py
- name: Verify demo manifest.lock files (reproducibility lock)
run: |
for d in demo/01_wisconsin_bc demo/02_metafor_bcg demo/03_nhanes_obesity; do
python3 skills/version-dataset/scripts/version_dataset.py verify \
--manifest "$d/manifest.lock.json" --base "$d" --strict
done
# --- npm/npx distribution baseline (runs last so packaging failures are easy to isolate) ---
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: "20"
- name: npm package self-test (CLI shim + exec bit + version sync + pack audit)
run: bash tests/test_npm_package.sh
- name: npm pack content audit (real pack, package/ prefix normalized)
run: python3 scripts/check_npm_package_contents.py --real
# Cross-platform safety for the transactional installer + updater (PR-1a/PR-1b). Ubuntu-only CI
# cannot assert macOS/Windows path/journal/os.replace/extraction behavior; this matrix runs the
# crash-recovery + legacy-migration tests, the updater verify/safe-extract tests, and the
# transactional self-test on macOS + Windows (Ubuntu is covered by the `validate` job). Hash-based
# manifest --check stays Ubuntu-only — it is sensitive to checkout line endings, not OS behavior.
foundation-os:
strategy:
fail-fast: false
matrix:
os: [macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Transactional installer crash-recovery + legacy-migration test
run: python installers/tests/test_txn.py
- name: Updater verify / safe-extract / check-update test (offline)
run: python installers/tests/test_update.py
- name: Opt-in SessionStart update-notify hook test (settings merge + hook logic)
run: python installers/tests/test_session_hook.py
- name: install.py transactional self-test
run: python installers/install.py --self-test