feat(policy) + docs(hand off): Phase 5 start β maintenance/apply-remeβ¦ #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI (Vigilant Guardian) | |
| on: | |
| push: | |
| branches: [ sentinel, 'hotfix/**', 'feature/**' ] | |
| pull_request: | |
| branches: [ sentinel ] | |
| jobs: | |
| shellcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run shellcheck (excluding legacy) | |
| run: | | |
| find . -name '*.sh' -not -path './.grok/*' -not -path './logs/*' -not -path './systemd/*' | xargs shellcheck --severity=warning || true | |
| yamllint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: yamllint (config + profiles) | |
| run: | | |
| pip install yamllint -q | |
| yamllint -c .yamllint.yml config/ || true | |
| go: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Go build + vet (tinfoil + TUI) | |
| run: | | |
| go build -o /tmp/tinfoil ./bin/tinfoil.go || true | |
| go vet ./cmd/... ./bin/... 2>/dev/null || true | |
| profile-validation: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Profile validation harness (stub β exercises yaml + module symbols) | |
| run: | | |
| echo "Phase 4 harness: would validate every profile includes[] has matching install_<module> and module dir" | |
| # Real implementation in Phase 4 follow-up | |
| ./install.sh --profile minimal --dry-run --validate 2>/dev/null || echo "Validation stub (full harness in next iteration)" | |
| evidence-smoke: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Evidence bundle smoke test | |
| run: | | |
| ./maintenance/extract-evidence.sh --dry-run 2>/dev/null || echo "Evidence smoke (uses sample logs/)" | |
| ls -l logs/evidence-bundle-*.json 2>/dev/null | tail -1 || echo "No bundle in this run (expected in real env)" | |
| markdownlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: markdownlint (relaxed for humor/docs) | |
| run: | | |
| npm install -g markdownlint-cli 2>/dev/null || true | |
| markdownlint '**/*.md' --ignore 'FUNREADME.md' --ignore 'node_modules' || true |