From 27ebfff95508c1a70e3578b8924db2edeb5dbf4d Mon Sep 17 00:00:00 2001 From: Phillip Moore Date: Fri, 8 May 2026 06:58:38 -0400 Subject: [PATCH] ci(workflows): adopt standard-actions v1.5 reusable workflows and remove st-validate-local Replace bespoke CI with v1.5 reusable workflows (ci-quality, ci-security, ci-release). Delete legacy validation scripts (lint.sh, test.sh, audit.sh). Bump publish workflow to v1.5. Fix yamllint violations in publish.yml and mkdocs.yml. Update CLAUDE.md to reference st-validate. Co-Authored-By: wphillipmoore-claude <255925739+wphillipmoore-claude@users.noreply.github.com> --- .github/workflows/ci.yml | 48 ++++++++++++++++++++--------------- .github/workflows/publish.yml | 3 ++- CLAUDE.md | 4 +-- docs/site/mkdocs.yml | 4 ++- scripts/dev/audit.sh | 5 ---- scripts/dev/lint.sh | 13 ---------- scripts/dev/test.sh | 5 ---- 7 files changed, 34 insertions(+), 48 deletions(-) delete mode 100755 scripts/dev/audit.sh delete mode 100755 scripts/dev/lint.sh delete mode 100755 scripts/dev/test.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 193604e..80ec921 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,38 +1,44 @@ -name: CI - Test and Validate +name: CI on: pull_request: + workflow_call: + inputs: + run-security: + type: boolean + default: true + run-release: + type: boolean + default: true permissions: contents: read - security-events: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - security-and-standards: - uses: wphillipmoore/standard-actions/.github/workflows/ci-security.yml@v1.4 + quality: + uses: wphillipmoore/standard-actions/.github/workflows/ci-quality.yml@v1.5 + with: + language: shell + versions: '["latest"]' + container-suffix: base + + security: + uses: wphillipmoore/standard-actions/.github/workflows/ci-security.yml@v1.5 + with: + language: shell + run-codeql: false + run-standards: ${{ inputs.run-release || true }} + run-security: ${{ inputs.run-security || true }} permissions: contents: read security-events: write + + release: + uses: wphillipmoore/standard-actions/.github/workflows/ci-release.yml@v1.5 with: language: shell - run-codeql: 'false' - - shellcheck: - name: "ci: shellcheck" - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Run shellcheck - run: | - files=$(find scripts -type f \( -name '*.sh' -o -path '*/git-hooks/*' \) | sort) - if [ -n "$files" ]; then - echo "$files" | xargs shellcheck - else - echo "No shell scripts found." - fi + run-release: ${{ inputs.run-release != false }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bd69158..200165f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,7 +11,8 @@ permissions: jobs: publish: - uses: wphillipmoore/standard-actions/.github/workflows/publish-release.yml@v1.4 + # yamllint disable-line rule:line-length + uses: wphillipmoore/standard-actions/.github/workflows/publish-release.yml@v1.5 permissions: contents: write pull-requests: write diff --git a/CLAUDE.md b/CLAUDE.md index 0af3533..952ff50 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -109,13 +109,13 @@ This is a documentation-only repository. There are no build or test commands. git config core.hooksPath ../standard-tooling/scripts/lib/git-hooks # Enable git hooks ``` -Standard-tooling CLI tools (`st-commit`, `st-validate-local`, etc.) are +Standard-tooling CLI tools (`st-commit`, `st-validate`, etc.) are pre-installed in the dev container images. No local setup required. ### Validation ```bash -markdownlint . # Lint all Markdown files +st-docker-run -- st-validate # Full validation (runs in dev container) ``` ## Architecture diff --git a/docs/site/mkdocs.yml b/docs/site/mkdocs.yml index 62963ff..9c6af9d 100644 --- a/docs/site/mkdocs.yml +++ b/docs/site/mkdocs.yml @@ -1,6 +1,8 @@ site_name: mq-rest-admin-common site_url: https://wphillipmoore.github.io/mq-rest-admin-common/ -site_description: Shared documentation fragments and canonical mapping data for the mq-rest-admin project family +site_description: >- + Shared documentation fragments and canonical mapping data + for the mq-rest-admin project family repo_url: https://github.com/wphillipmoore/mq-rest-admin-common repo_name: mq-rest-admin-common edit_uri: "" diff --git a/scripts/dev/audit.sh b/scripts/dev/audit.sh deleted file mode 100755 index 8afefc7..0000000 --- a/scripts/dev/audit.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -# Tier 1 — Dependency audit - -echo "No dependency audit checks for this repository." diff --git a/scripts/dev/lint.sh b/scripts/dev/lint.sh deleted file mode 100755 index 24ebb3b..0000000 --- a/scripts/dev/lint.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -# Tier 1 — Lint - -export DOCKER_DEV_IMAGE="${DOCKER_DEV_IMAGE:-dev-python:3.14}" -export DOCKER_TEST_CMD="${DOCKER_TEST_CMD:-files=\$(find scripts -type f \\( -name '*.sh' -o -path '*/git-hooks/*' \\) | sort) && if [ -n \"\$files\" ]; then echo \"\$files\" | xargs shellcheck; else echo 'No shell scripts found.'; fi}" - -if ! command -v st-docker-test >/dev/null 2>&1; then - echo "ERROR: st-docker-test not found on PATH." >&2 - echo "Set up standard-tooling: export PATH=../standard-tooling/.venv/bin:\$PATH" >&2 - exit 1 -fi -exec st-docker-test diff --git a/scripts/dev/test.sh b/scripts/dev/test.sh deleted file mode 100755 index 62246a2..0000000 --- a/scripts/dev/test.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -# Tier 1 — Test - -echo "No test suite for this repository."