Skip to content

feat: add required-workflows drift check (VERSION 1.9.5 -> 1.10.0)#62

Merged
TMHSDigital merged 1 commit into
mainfrom
feat/required-workflows-check
May 23, 2026
Merged

feat: add required-workflows drift check (VERSION 1.9.5 -> 1.10.0)#62
TMHSDigital merged 1 commit into
mainfrom
feat/required-workflows-check

Conversation

@TMHSDigital
Copy link
Copy Markdown
Owner

@TMHSDigital TMHSDigital commented May 23, 2026

Summary

  • Adds RequiredWorkflowsCheck to the drift checker. For each repo type, the check reads the required_workflows list from standards/drift-checker.config.json and emits an error finding for every absent workflow.
  • Policy is additive across config tiers (globals union type union repo); extra workflows are never flagged; skip_checks suppresses the check entirely.
  • Bumps VERSION 1.9.5 -> 1.10.0 (MINOR: new enforced check expands the standards surface).

New files

File Purpose
scripts/drift_check/checks/required_workflows.py The check implementation
tests/test_required_workflows.py 9 standalone tests (all pass)

Changed files

File Change
scripts/drift_check/types.py required_workflows on RepoConfig; present_workflows on RepoSnapshot; tier-union in DriftConfig.resolve()
scripts/drift_check/snapshot.py Discovers .github/workflows/ filenames into present_workflows
scripts/drift_check/cli.py Wires RequiredWorkflowsCheck into the check pipeline
scripts/drift_check/checks/__init__.py Exports RequiredWorkflowsCheck
standards/drift-checker.config.json Adds required_workflows arrays for cursor-plugin and mcp-server types

Known findings on first run

The check is shipped live (no suppression). On first run against the local fleet it correctly flags two real gaps:

Repo Missing Status
steam-mcp stale.yml Known from prior manual audit; follow-up fix: PR in TMHSDigital/steam-mcp
Mobile-App-Developer-Tools stale.yml Newly caught; missed by the manual audit; follow-up fix: PR in TMHSDigital/Mobile-App-Developer-Tools

These are not suppressed. The check is working as designed; the findings are correct. The two fix: PRs (one per repo, each adding stale.yml from the scaffold template) will land after this PR merges so the detector ships before the fixes.

Pre-merge checklist

  • 9/9 unit tests pass (python tests/test_required_workflows.py)
  • python scripts/sync_from_registry.py --check exits 0
  • drift-checker.config.json diff shows only the new required_workflows keys, no line-ending churn
  • file=None findings render cleanly in markdown ("-") and gh-summary ("-") renderers
  • DCO sign-off on commit
  • No standards/ci-cd.md changes leaked into this branch (that is PR docs: clarify core vs optional workflows and add MCP-server variations to ci-cd.md #61)

Test plan

  • CI passes all 7 required status checks
  • After merge: run the drift checker against the fleet and confirm it flags exactly steam-mcp and Mobile-App-Developer-Tools for stale.yml

@TMHSDigital
feat: add required-workflows drift check and bump VERSION to 1.10.0
abc286e 
Adds RequiredWorkflowsCheck to the drift checker. The check reads
required_workflows lists from drift-checker.config.json per repo type
(cursor-plugin, mcp-server) and emits an error finding for each absent
workflow. Policy is additive across config tiers (globals -> type ->
repo); extra workflows are never flagged; skip_checks suppresses the
check entirely.

New files:
- scripts/drift_check/checks/required_workflows.py
- tests/test_required_workflows.py (9 tests, all pass)

Changed files:
- types.py: adds required_workflows to RepoConfig, present_workflows to
  RepoSnapshot, and tier-union logic in DriftConfig.resolve()
- snapshot.py: discovers .github/workflows/ filenames into present_workflows
- cli.py: wires RequiredWorkflowsCheck into the check pipeline
- checks/__init__.py: exports RequiredWorkflowsCheck
- standards/drift-checker.config.json: adds required_workflows arrays for
  cursor-plugin and mcp-server types

On first run the check correctly flags two real gaps:
- steam-mcp: missing stale.yml (known from the prior manual audit)
- Mobile-App-Developer-Tools: missing stale.yml (caught by the check;
  missed by the manual audit)

Both are follow-up fix: PRs in their respective repos. They are not
suppressed here; the check is working as intended.

file=None findings render cleanly in both markdown and gh-summary
renderers (both use `if f.file else "-"`).

Signed-off-by: fOuttaMyPaint <tmhospitalitystrategies@gmail.com>
Signed-off-by: fOuttaMyPaint <154358121+TMHSDigital@users.noreply.github.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@TMHSDigital TMHSDigital merged commit 063ae7a into main May 23, 2026
13 of 14 checks passed
@TMHSDigital TMHSDigital deleted the feat/required-workflows-check branch May 23, 2026 23:35
This was referenced May 23, 2026
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

standards

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TMHSDigital