refactor(quality-gate): manifest + self-ci only; consumers own their drift-gate workflow#6
Merged
Merged
Conversation
…e action
The drift-detection logic now lives in its own SHA-pinned composite
action at NWarila/drift-gate. This repo keeps only the source-of-truth
inputs:
- baseline-manifest.json: which org files must be byte-identical
in every consumer
- .github/workflows/org-baseline.yml: thin wrapper that delegates
to drift-gate@<sha>; org ruleset injects this into every PR
- .github/workflows/self-ci.yml: validates the manifest on this
repo's own PRs (parses against schema, every source resolves)
Removed: pyproject.toml, tools/org_baseline/, tests/, .gitignore.
All of that lives in NWarila/drift-gate now and is independently
tested + linted there. Single source of truth, single supply-chain
pin, one place to bump.
The org ruleset reference (workflow file path) is unchanged, so any
existing or pending repository ruleset configuration keeps working.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Picks up the rendering upgrade (banner + linked source pin + per-DRIFT unified diff in `<details>` and `raw_details`, first-diff-line annotations, footer with source-repo@source-ref + engine link) and the stdlib-only refactor (no setup-python, no pip install on the consumer hot path, ~15s saved per PR). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Originally org-baseline.yml lived here so an org-level repository
ruleset could inject it into every consumer's PRs (the
"consumers add nothing" architecture). That mechanism is no longer
the chosen wiring model — each consumer now owns a thin
drift-gate.yaml that calls NWarila/drift-gate directly.
With injection off the table, this file has no purpose: it doesn't
run on consumers (no injection), and on the canonical itself the
self-skip check turns it into a no-op anyway. Deleting it.
What stays:
- baseline-manifest.json: org-level source of truth for which
files must mirror byte-for-byte in every consumer.
- .github/workflows/self-ci.yml: validates the manifest schema
+ every source path resolves on disk, on every PR into this
repo. Catches manifest bugs before consumers see them.
Reference wiring for consumers lives at
nwarila-platform/github-terraform-framework/.github/workflows/drift-gate.yaml
(PR #42).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adopts a three-tier ADR model — org / template / repo — and enforces
the full /docs layout skeleton via .gitkeep placeholders mirrored to
every adopting child repository.
Why three tiers
---------------
Two tiers (org + repo) leaves type-specific decisions homeless. A
"Terraform repos require Terraform 1.15" decision is too narrow for
the org baseline (it only matters to Terraform consumers) and too
broad for any single repo (it recurs across every Terraform consumer).
The new template tier — sourced from per-stack template repositories
like NWarila/terraform-runner-template or NWarila/secure-packer-bootstrapper —
is the right home for those.
The three tiers use independent four-digit numbering namespaces. The
same number can appear in org/, template/, and repo/ without conflict
because each namespace is governed by a different source.
Why a layout skeleton
---------------------
Every adopting repo carries `docs/decision-records/{org,template,repo}/`
plus the four Diátaxis quadrants `docs/{tutorials,how-to,reference,
explanation}/`, even when individual scopes are empty. The presence
of the directories (via .gitkeep placeholders) gives every repo the
same predictable shape so a reader can navigate any consumer with
the same mental model. Content in each scope remains opt-in — the
skeleton enforces *layout*, not population.
What changes
------------
- ADR-0001: rewritten Decision Outcome to define three scopes;
Confirmation gains a "Type-template mirror check" and a
"Layout-skeleton check"; HTML comment header and "How to author"
block extended with template-tier authoring steps; Consequences
updated to reflect the dual-source duplication and the
three-directory layout.
- ADR-0002: existing references to {org,repo}/ updated to
{org,template,repo}/ throughout; Confirmation gains a
"Layout-skeleton check" for the four Diátaxis quadrants.
- docs/decision-records/README.md: rewritten "How to Contribute"
scope decision to include the type-template option; Conventions
updated to describe the full three-tier directory layout.
- New .gitkeep placeholders (zero bytes each):
* docs/decision-records/org/.gitkeep
* docs/decision-records/template/.gitkeep
* docs/decision-records/repo/.gitkeep
* docs/tutorials/.gitkeep
* docs/how-to/.gitkeep
* docs/reference/.gitkeep
* docs/explanation/.gitkeep
- baseline-manifest.json: 3 → 10 entries. The 7 new entries pin
every .gitkeep at 1:1 source/target paths (no /org/ transformation
for layout placeholders — they're not org-baseline content).
Verified locally: drift-gate's stdlib-only manifest loader parses
the new manifest cleanly and all 10 sources resolve on disk.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR turns `nwarila-platform/.github` into a lean source-of-truth repo for the org baseline:
The old plan (org repository ruleset injects `org-baseline.yml` into every consumer's PRs) is dropped. Each consumer now owns a thin `drift-gate.yaml` that calls NWarila/drift-gate directly. Reference wiring is live in nwarila-platform/github-terraform-framework PR #42.
Net diff
Commits
Test plan
🤖 Generated with Claude Code