Skip to content

Enforce skill.oms.sig and skill-card.md in sync pipeline#83

Merged
sayalinvidia merged 2 commits into
mainfrom
add-skill-signature-check
May 26, 2026
Merged

Enforce skill.oms.sig and skill-card.md in sync pipeline#83
sayalinvidia merged 2 commits into
mainfrom
add-skill-signature-check

Conversation

@sayalinvidia
Copy link
Copy Markdown
Collaborator

@sayalinvidia sayalinvidia commented May 23, 2026

Summary

  • Skills missing either skill.oms.sig or skill-card.md are now dropped from the catalog before the sync PR is opened — compliance is no longer informational/opt-in.
  • The check runs per-skill, not per-component: e.g. if cuopt has 5 skills and only 1 is compliant, that one syncs and the other 4 are dropped.
  • Dropped skills surface in two places: a "Skills dropped" section in every sync PR body, and a single aggregated tracking issue labeled missing-compliance (auto-updates each sync, auto-closes when everything is compliant).

What changed

  • Replaced the previous informational "Scan for missing skill signatures" step with a mandatory "Enforce skill compliance (signature + card)" step that rm -rfs non-compliant skill directories (sync-skills.yml:141-178).
  • Split issue tracking into its own step under a new missing-compliance label, replacing the older missing-signatures label (sync-skills.yml:180-237).
  • Updated the PR summary so a dropped skill alone is enough to trigger a sync PR (catches the case where a previously-synced skill goes non-compliant upstream).

Test plan

  • Manually trigger the workflow via workflow_dispatch and confirm:
    • Compliant skills (e.g. cuopt/cuopt-numerical-optimization-api-cli — has both files) sync through normally
    • Non-compliant skills are removed from the catalog and listed in the PR body
    • Tracking issue is created/updated with the dropped skills grouped by product
    • Tracking issue auto-closes if all skills become compliant
  • Confirm the workflow YAML parses cleanly (already verified locally)

🤖 Generated with Claude Code

@sayalinvidia sayalinvidia requested a review from mosheabr as a code owner May 23, 2026 21:49
@sayalinvidia sayalinvidia force-pushed the add-skill-signature-check branch from f347283 to b5f5881 Compare May 23, 2026 21:56
@sayalinvidia @claude
Enforce skill.oms.sig and skill-card.md in sync pipeline
b4b9580 
Skills missing either file are now dropped from the catalog before the
sync PR is opened, replacing the prior informational-only signature
scan. Dropped skills are listed in the PR body and tracked under a
new missing-compliance issue label.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: Sayali Kandarkar <skandarkar@nvidia.com>
@sayalinvidia sayalinvidia force-pushed the add-skill-signature-check branch from b5f5881 to b4b9580 Compare May 23, 2026 21:58
@sayalinvidia
Copy link
Copy Markdown
Collaborator Author

sayalinvidia commented May 23, 2026

Note: with this change, any skill missing either skill.oms.sig or skill-card.md will be dropped from the catalog before the sync PR is opened
Verified changes on the test repo!
image

@sayalinvidia @claude
Drop orphan product directories during sync enforcement
88e5e03 
After per-skill compliance enforcement, also remove any top-level
product directory under skills/ that contains no SKILL.md anywhere
inside. Avoids leaving misleading empty/helper-only folders in the
catalog (e.g. a placeholder with only a README, or a product whose
every skill was dropped for non-compliance).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: Sayali Kandarkar <skandarkar@nvidia.com>
@sayalinvidia
Copy link
Copy Markdown
Collaborator Author

sayalinvidia commented May 23, 2026

Verified in the test repo! Currently, only cu-opt has (some) not all skills signed along with a skill card!
Unverified skills from cu-opt will also be dropped!
image

mosheabr
mosheabr approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@mosheabr mosheabr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved per catalog-pr-reviewer checklist.

Scope is correct: one workflow file (+79/-29), per-skill compliance enforcement, orphan-product cleanup, tracking issue under missing-compliance label. DCO + verify-authors both green. The diff also auto-marks products with dropped skills as 'changed' so the sync PR opens even when the only diff is a removal — good catch on the previously-compliant-now-non-compliant case.

Aligns with the 2026-05-27 signing-baseline cutover we communicated to product teams.

LGTM — over to you on when to merge.

@sayalinvidia sayalinvidia merged commit ea0c55f into main May 26, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mosheabr mosheabr mosheabr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sayalinvidia @mosheabr