eval: add validator-only refusal metric for source-required prompts #1236
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 🧹 Cleanup Audit | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| score_threshold: | |
| description: 'Highlight high-risk files with score ≥ this value' | |
| required: false | |
| default: '70' | |
| schedule: | |
| - cron: '0 3 * * 1' # mỗi thứ 2 03:00 UTC (tùy chọn) | |
| pull_request: | |
| branches: [ main, develop ] | |
| push: | |
| branches: [ main, develop ] | |
| permissions: | |
| contents: read # đủ để checkout & đọc repo | |
| jobs: | |
| cleanup-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| - name: Make artifacts dir | |
| run: mkdir -p artifacts | |
| - name: Install deps | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install grimp networkx scikit-learn pytest pytest-cov coverage pyyaml | |
| # ---- Các bước phân tích: không chặn pipeline nếu lỗi ---- | |
| - name: Import graph (non-blocking) | |
| run: | | |
| python tools/inventory/import_graph.py \ | |
| || echo '{}' > artifacts/import_inbound.json | |
| - name: Coverage (non-blocking) | |
| run: | | |
| python -m coverage run --source=stillme_core,stillme_ethical_core tools/inventory/feature_smoke.py || true | |
| coverage json -o artifacts/coverage.json || echo '{}' > artifacts/coverage.json | |
| - name: Near-duplicate detection (non-blocking) | |
| run: | | |
| python tools/inventory/near_dupe_detector.py || true | |
| test -f artifacts/near_dupes.json || echo '{"near_dupe_clusters":{}}' > artifacts/near_dupes.json | |
| - name: Redundant score (non-blocking) | |
| run: | | |
| python tools/inventory/redundant_score.py || \ | |
| printf 'path,inbound_imports,executed_lines,git_touches,days_since_last_change,looks_backup,in_registry,is_whitelisted,dupe_bucket,is_near_dupe,redundant_score\n' \ | |
| > artifacts/redundancy_report.csv | |
| # ---- Gate "backup-like names": CHỈ cảnh báo để job vẫn xanh ---- | |
| - name: Backup-name gate (warning only) | |
| continue-on-error: true | |
| run: | | |
| echo "🔍 Checking for backup-like files…" | |
| BACKUP_FILES=$(find . \ | |
| -name "*_backup.py" -o -name "*_old.py" -o -name "*_copy.py" -o -name "*_tmp.py" \ | |
| -o -name "*.py~" -o -name "*.py.save" | grep -v "_attic/" | grep -v ".git/" || true) | |
| if [ -n "$BACKUP_FILES" ]; then | |
| echo "::warning::Found backup-like files outside _attic/" | |
| echo "$BACKUP_FILES" | |
| else | |
| echo "✅ No backup-like files" | |
| fi | |
| - name: Upload artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v6 # << v3 → v4 để không bị chặn | |
| with: | |
| name: cleanup-audit-artifacts | |
| path: artifacts/ | |
| retention-days: 30 | |
| - name: Generate summary | |
| if: always() | |
| run: | | |
| echo "## 🧹 Cleanup Audit Summary" >> $GITHUB_STEP_SUMMARY | |
| if [ -f artifacts/redundancy_report.csv ]; then | |
| TOT=$(($(wc -l < artifacts/redundancy_report.csv)-1)) | |
| THRESH=${{ github.event.inputs.score_threshold || '70' }} | |
| HIGH=$(awk -F',' -v T="$THRESH" 'NR>1 && $11+0>=T {c++} END{print c+0}' artifacts/redundancy_report.csv) | |
| echo "- **Files analyzed:** $TOT" >> $GITHUB_STEP_SUMMARY | |
| echo "- **High-risk files (score ≥ $THRESH):** $HIGH" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Artifacts: import_inbound.json, coverage.json, near_dupes.json, redundancy_report.csv" >> $GITHUB_STEP_SUMMARY |