Use proof-pr v0.2.0 workflow#89
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Updates the advisory
proof-prdogfood workflow to consumeproof-prv0.2.0.Why
proof-prv0.2.0 models committed receipt SHA anchoring withsubject.head_sha_status, so the existing dogfood receipt needs the new metadata before the v0.2 reusable workflow can validate it.Review Of What Was Built
.github/workflows/proof-pr.ymlfromv0.1.3tov0.2.0.subject.head_sha_status: pending_committo the committedproof-pr.jsonreceipt.Cleanup Review
No application code, generated portfolio truth, release workflows, or private proof package content changed.
Verification Summary
Proof Bundle
Risk:
T3Receipt:
proof-pr.v1fordc78a6d1c5817359fbf4593c92dbbcb47e77afd2Decision:
ready_with_operator_awarenessEvidence:
ruby -e "require 'yaml'; YAML.load_file('.github/workflows/proof-pr.yml')"->passed(workflow YAML parses.)PYTHONDONTWRITEBYTECODE=1 python3 /Users/d/Projects/proof-pr/scripts/proof_pr.py validate proof-pr.json->passed(committed receipt validates with proof-pr v0.2.0 rules.)PYTHONDONTWRITEBYTECODE=1 python3 /Users/d/Projects/proof-pr/scripts/proof_pr.py render proof-pr.json --head-sha 3473e5bd6ff3bf206f27c76c6f1fa0e5a8712e13->passed(pending-commit anchor renders cleanly.)git diff --check->passed.gitleaks detect --source . --no-banner --redact --verbose->passed(no leaks found.)gh pr checks 89 -R saagpatel/GithubRepoAuditor --watch --interval 10->passed(CodeQL andtest (3.11)passed.)documented(revert this PR or restore workflow refs tov0.1.3and removehead_sha_statusif rolling back format compatibility.)Known gaps:
v0.2.0consumption onmain.Shipped Summary
If merged, GithubRepoAuditor will consume the released v0.2.0 proof-pr workflow and its committed receipt will validate under the new pending-commit SHA rule.
Next Phase
Run the manual
proof-prworkflow frommainafter merge and confirm it uploadsgithub-repo-auditor-proof-pr.Remaining Roadmap
head_sha_statuswhen they use placeholder heads.