-
Notifications
You must be signed in to change notification settings - Fork 0
110 lines (91 loc) · 3.27 KB
/
Copy pathgovernance-artifacts-ci.yml
File metadata and controls
110 lines (91 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: governance-artifacts-ci
on:
push:
paths:
- 'docs/schemas/**'
- 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
- '.github/workflows/governance-artifacts-ci.yml'
- 'Makefile'
- '.yamllint'
pull_request:
paths:
- 'docs/schemas/**'
- 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
- '.github/workflows/governance-artifacts-ci.yml'
- 'Makefile'
- '.yamllint'
name: Governance Artifacts CI
on:
pull_request:
paths:
- 'ENTERPRISE_AGI_ASI_GOVERNANCE_BLUEPRINT_2026_2030.md'
- 'governance_blueprint/**'
- '.github/workflows/governance-artifacts-ci.yml'
push:
branches: [ main, master ]
paths:
- 'ENTERPRISE_AGI_ASI_GOVERNANCE_BLUEPRINT_2026_2030.md'
- 'governance_blueprint/**'
- '.github/workflows/governance-artifacts-ci.yml'
jobs:
validate-governance-artifacts:
runs-on: ubuntu-latest
permissions:
contents: read
env:
PYTHONUNBUFFERED: '1'
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
cache-dependency-path: docs/schemas/requirements-governance.txt
- name: Install Python deps (pinned)
run: |
python -m pip install --upgrade pip
pip install -r docs/schemas/requirements-governance.txt
- name: Validate governance YAML/JSON artifacts
run: make governance-validate
- name: Setup OPA (pinned)
uses: open-policy-agent/setup-opa@v2
with:
version: v1.15.2
- name: Rego format and tests
run: make governance-policy-test
- name: Validator and evidence bundle unit tests
run: make governance-validator-test
- name: Build evidence manifest
run: make governance-evidence-manifest
- name: Verify evidence manifest integrity
run: make governance-evidence-verify
- name: Validate evidence manifest schema
run: make governance-evidence-schema
- name: Generate machine-readable validation report
run: make governance-report
- name: Validate run report schema
run: make governance-report-schema
- name: Check generated artifacts are up to date
run: make governance-check-generated
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Run governance validation suite
run: python3 governance_blueprint/validation/run_validation_suite.py --quiet --json-report governance-artifact-validation-report.json --suite-report governance-validation-suite-report.json
- name: Show validation report
run: |
cat governance-artifact-validation-report.json
cat governance-validation-suite-report.json
- name: Upload validation report
uses: actions/upload-artifact@v4
with:
name: governance-validation-report
path: docs/schemas/validation_run_report.json
name: governance-validation-reports
path: |
governance-artifact-validation-report.json
governance-validation-suite-report.json