Add validate-strict CI workflow

realmarcin · claude · realmarcin · commit 62e0a8c2c259 · 2026-05-25T19:36:05.000-07:00
Locks in the 0-error closed-schema baseline established across PRs #84-#88 so it can't silently regress on future merges. Mirrors the qc.yaml workflow shipped to TraitMech in PR #77 and adapted for the CommunityMech runner conventions. Runs `just validate-strict` + `just audit-writers` + `pytest tests/` on PRs touching kb/communities/, schema, source, scripts, justfile, or this workflow. Uploads the categorized TSV reports as workflow artifacts so reviewers can inspect failures without re-running locally. Deliberately scoped narrower than `just qc` — the existing network-quality.yml handles the network-integrity audit; this new workflow specifically gates closed-schema validation + writer audit + unit tests, which are fast and run on every PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/.github/workflows/validate-strict.yaml b/.github/workflows/validate-strict.yaml
@@ -0,0 +1,59 @@
+name: validate-strict
+
+on:
+  pull_request:
+    paths:
+      - "kb/communities/**"
+      - "src/communitymech/schema/**"
+      - "src/communitymech/**.py"
+      - "scripts/**.py"
+      - "justfile"
+      - "pyproject.toml"
+      - ".github/workflows/validate-strict.yaml"
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  validate-strict:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: extractions/setup-just@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: "latest"
+          enable-cache: true
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Run validate-strict (closed-schema LinkML validation)
+        run: just validate-strict
+
+      - name: Run audit-writers
+        run: just audit-writers
+
+      - name: Run tests
+        run: uv run pytest tests/ -q --no-cov
+
+      - name: Upload reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: validate-strict-reports-${{ github.run_id }}
+          path: |
+            reports/instance_validation_failures.tsv
+            reports/pipeline_writers_audit.tsv
+          if-no-files-found: warn
