Skip to content

Commit cd503bf

Browse files
ab-ghoshtekton-robot
authored andcommitted
docs: add agentic workflow context files
Add AGENTS.md, skills, and supporting configuration to prepare the catalog repository for AI-assisted development workflows. - AGENTS.md (50 lines) with build/test commands, critical rules, and skill pointers - CLAUDE.md symlink to AGENTS.md - Skills: commit-message, code-review, running-tests, task-authoring, debugging-e2e-failures - .agents/skills symlink for cross-client interoperability - .claude/rules/ with path-scoped rules for tasks and tests - .pre-commit-config.yaml with gitlint and conventional commits - .gitlint for conventional commit validation - Makefile with lint, test, and setup targets - CI check enforcing 60-line limit on AGENTS.md - Quick Start section in README.md - Fix trailing whitespace in openshift-client task (pre-existing CI failure) AgentReady score: 69.3/100 Signed-off-by: Abhishek Ghosh <abghosh@redhat.com> Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent f914437 commit cd503bf

18 files changed

Lines changed: 1181 additions & 3 deletions

File tree

.agents/skills

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
../.claude/skills

.claude/.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
*.local.json

.claude/rules/task-yaml.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
paths:
3+
- "task/**/*.yaml"
4+
- "stepaction/**/*.yaml"
5+
- "pipeline/**/*.yaml"
6+
---
7+
8+
# Task YAML Rules
9+
10+
- Never use `$(params.*)` inside `script` blocks — pass via `env` or `args`
11+
- Reference images by digest (`@sha256:...`), not by tag
12+
- Run steps as non-root unless explicitly required
13+
- Include `app.kubernetes.io/version` label matching the directory version
14+
- Include `tekton.dev/pipelines.minVersion` annotation
15+
- Include `spec.description` with one-line summary + detailed paragraph
16+
- Provide default values for parameters wherever reasonable
17+
- Use `set -e` (or `set -euo pipefail`) in bash scripts

.claude/rules/test-infra.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
---
2+
paths:
3+
- "test/**"
4+
- "hack/**"
5+
- "task/**/tests/**"
6+
---
7+
8+
# Test Infrastructure Rules
9+
10+
- Hook scripts (`pre-apply-task-hook.sh`, `pre-apply-taskrun-hook.sh`) are
11+
sourced via `source`, so they can export environment variables
12+
- Use helper functions: `add_sidecar_registry`, `add_sidecar_secure_registry`,
13+
`add_task`
14+
- For external API mocking, place fixture rules in `tests/fixtures/` and
15+
override the API URL parameter to `http://localhost:8080`
16+
- Test YAMLs in `tests/` are applied in a random namespace — do not hardcode
17+
namespace names
18+
- CI only tests tasks modified in the PR unless `TEST_RUN_ALL_TESTS` is set
Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
---
2+
name: code-review
3+
description: >-
4+
Review a pull request or code change in tektoncd/catalog. Use when asked to
5+
review a PR, evaluate a diff, or assess code quality. Applies Tekton community
6+
standards, TEP-0003 catalog organization, task authoring recommendations, and
7+
catalog-specific conventions (directory structure, metadata, tests).
8+
license: Apache-2.0
9+
metadata:
10+
project: tekton-catalog
11+
allowed-tools: Read Grep Glob Bash(git diff:*) Bash(git log:*) Bash(yamllint:*)
12+
---
13+
14+
# Code Review
15+
16+
tektoncd/catalog follows [Tekton community review standards](https://github.com/tektoncd/community/blob/main/standards.md)
17+
and [TEP-0003 Catalog Organization](https://github.com/tektoncd/community/blob/master/teps/0003-tekton-catalog-organization.md).
18+
19+
## Review Checklist
20+
21+
### Catalog Organization (TEP-0003)
22+
23+
- [ ] File path follows `<kind>/<name>/<version>/name.yaml` (kind = task, stepaction, or pipeline)
24+
- [ ] Resource YAML file name matches the resource name
25+
- [ ] `README.md` exists at `<kind>/<name>/<version>/README.md`
26+
- [ ] `OWNERS` file exists at `<kind>/<name>/OWNERS` (or version-level)
27+
- [ ] Version directory name is a valid semver-like format (e.g. `0.1`, `0.2`)
28+
29+
### Mandatory Metadata
30+
31+
- [ ] Label `app.kubernetes.io/version` matches the directory version
32+
- [ ] Annotation `tekton.dev/pipelines.minVersion` is present and accurate
33+
- [ ] Annotation `tekton.dev/categories` is present (e.g. Git, Build, Deploy, CLI)
34+
- [ ] Annotation `tekton.dev/tags` is present with comma-separated tags
35+
- [ ] Annotation `tekton.dev/displayName` is present (optional but recommended)
36+
- [ ] Annotation `tekton.dev/platforms` lists supported platforms (optional)
37+
- [ ] `spec.description` follows the convention: one-line summary followed by
38+
detailed paragraph(s)
39+
40+
### Task Authoring Quality
41+
42+
- [ ] **No `$(params.*)` interpolation inside `script` blocks** — this is a
43+
security vulnerability (code injection) and reliability issue. Parameters
44+
must be passed via `env` or `args` and referenced as `$ENV_VAR` or `$1`.
45+
See [recommendations.md](../../../recommendations.md)
46+
- [ ] Images are referenced by digest (`image@sha256:...`) where possible,
47+
not by mutable tags (`:latest`)
48+
- [ ] Steps run as non-root and non-privileged unless explicitly required.
49+
If root is needed, use `securityContext.runAsUser: 0` explicitly
50+
- [ ] Parameters have default values where reasonable
51+
- [ ] Workspaces have clear descriptions. Tasks should use **at most one
52+
writeable workspace** (Tekton recommendation)
53+
- [ ] Script steps use `#!/usr/bin/env bash` (or appropriate shebang)
54+
with `set -e` for error handling
55+
- [ ] No hardcoded values that should be parameters
56+
- [ ] Results are documented and used only for small data (commit SHAs,
57+
branch names). Large data should use a Workspace instead
58+
- [ ] Tasks are idempotent — safe to re-execute
59+
- [ ] `tekton.dev/pipelines.minVersion` is set to the lowest version that
60+
supports the features used (portability across Pipeline versions)
61+
62+
### YAML Quality
63+
64+
- [ ] `yamllint` passes with the project's `.yamllint` config
65+
- [ ] No trailing whitespace
66+
- [ ] Consistent indentation (2 spaces)
67+
- [ ] Proper quoting of strings where needed
68+
69+
### Testing
70+
71+
- [ ] New tasks or changed functionality include tests in `tests/` directory
72+
- [ ] Test directory contains `run.yaml` (TaskRun or PipelineRun)
73+
- [ ] Pre-apply hook scripts (`pre-apply-task-hook.sh`,
74+
`pre-apply-taskrun-hook.sh`) are used where setup is needed
75+
- [ ] For tasks calling external APIs, fixtures are provided in
76+
`tests/fixtures/` for go-rest-api-test
77+
- [ ] Tests do not depend on external services without fixture mocking
78+
79+
### New Version Workflow
80+
81+
- [ ] If bumping a version (e.g. 0.1 to 0.2), the old version was
82+
copied first in a separate commit, then modified in a subsequent commit
83+
- [ ] Changes from the previous version are clearly visible in the diff
84+
(not buried in a full copy)
85+
86+
### Documentation
87+
88+
- [ ] `README.md` documents all parameters with types and defaults
89+
- [ ] `README.md` documents all workspaces
90+
- [ ] `README.md` documents all results (if any)
91+
- [ ] `README.md` includes usage example(s)
92+
- [ ] `samples/` directory contains example TaskRun/PipelineRun YAMLs
93+
94+
### Security
95+
96+
- [ ] **No `$(params.*)` interpolation in scripts** — critical injection risk
97+
(repeat check — this is the most common security issue in catalog tasks)
98+
- [ ] No secrets or credentials hardcoded in YAML
99+
- [ ] Sensitive data passed via Kubernetes Secrets or workspaces
100+
- [ ] Container images come from trusted registries
101+
- [ ] No use of `privileged: true` without justification
102+
103+
## What to Approve
104+
105+
Approve when:
106+
- All checklist items pass
107+
- Tests cover the changed behavior
108+
- The change is focused (one concern per PR)
109+
- Commit messages follow [Tekton commit conventions](https://github.com/tektoncd/community/blob/main/standards.md#commit-messages)
110+
- New version workflow is followed (copy + modify in separate commits)
111+
112+
## What to Block
113+
114+
Block (request changes) when:
115+
- `$(params.*)` is used inside `script` blocks (injection vulnerability)
116+
- TEP-0003 structure is not followed
117+
- Mandatory metadata labels/annotations are missing
118+
- Images use mutable tags without justification
119+
- Tests are missing for new or changed tasks
120+
- Security issues (hardcoded secrets, unnecessary privileges)
121+
- `yamllint` fails
122+
- Version copy and modifications are squashed into a single commit
Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
---
2+
name: commit-message
3+
description: This skill should be used when the user asks to "create a commit", "generate commit message", "commit changes", "make a commit", mentions "conventional commits", or discusses commit message formatting. Provides guided workflow for creating properly formatted commit messages with line length validation and required trailers.
4+
version: 0.3.0
5+
---
6+
7+
# Commit Messages for tektoncd/catalog
8+
9+
This skill covers only catalog-specific commit conventions. Standard
10+
conventional commits format is assumed as prior knowledge.
11+
12+
## Scope Rules (Catalog-Specific)
13+
14+
Derive scope from staged file paths:
15+
16+
| File pattern | Scope | Example |
17+
|---|---|---|
18+
| `task/<name>/*` | task name | `feat(git-clone): add depth param` |
19+
| `stepaction/<name>/*` | stepaction name | `feat(git-clone): add stepaction` |
20+
| `pipeline/<name>/*` | pipeline name | `fix(buildpacks): fix workspace` |
21+
| `test/*` | `test` or resource name | `test(git-clone): add SSH e2e` |
22+
| `hack/*` | `hack` or script name | `fix(setup-kind): update K8s ver` |
23+
| `.github/workflows/*` | `ci` | `ci(github): add matrix version` |
24+
| Root files | filename | `docs(CONTRIBUTING): update` |
25+
26+
If files span multiple resources, ask the user.
27+
28+
## Required Trailer
29+
30+
Every commit **must** include this trailer (tektoncd upstream requirement):
31+
32+
```text
33+
Signed-off-by: Full Name <email@example.com>
34+
```
35+
36+
**Signed-off-by** certifies the Developer Certificate of Origin (DCO).
37+
Detect from `$GIT_AUTHOR_NAME`/`$GIT_AUTHOR_EMAIL` first, then
38+
`git config user.name`/`git config user.email`. Ask user if neither is set.
39+
40+
## Optional Trailer (AI-Assisted Work)
41+
42+
When a commit is authored with AI assistance, add:
43+
44+
```text
45+
Assisted-by: Claude Sonnet 4 (via Claude Code)
46+
```
47+
48+
Use the actual model name. This is not a Tekton requirement — it is
49+
optional attribution for AI-assisted contributions.
50+
51+
## Version Copy Convention
52+
53+
When a task is copied from version X to Y, commit the copy separately:
54+
55+
```text
56+
chore(git-clone): copy task from 0.9 to 0.10
57+
58+
Signed-off-by: ...
59+
```
60+
61+
Then make changes in a follow-up commit with `feat`/`fix`/etc. type.
62+
This is critical for clean diffs during review.
63+
64+
## Gitlint Enforcement
65+
66+
The project uses `.gitlint` with these rules:
67+
- Subject hard limit: 72 chars (target 50)
68+
- Body wrap: 72 chars per line
69+
- No `WIP`/`TODO` in subject
70+
- `body-is-missing` is ignored (body optional)
71+
72+
## Workflow
73+
74+
1. `git diff --cached --name-only` to determine scope
75+
2. Generate message with proper type and scope
76+
3. Add required Signed-off-by; add Assisted-by when AI-assisted
77+
4. **Display to user and wait for confirmation before committing**
78+
5. Use heredoc format: `git commit -m "$(cat <<'EOF' ... EOF)"`

0 commit comments

Comments
 (0)