Commit 33fddc0
committed
chore: defer engine-specific policy-matrix workflow to GA
Removes .github/workflows/policy-matrix.yml. Engine-specific admission
validation (PSA-restricted × Kyverno × Gatekeeper × default+production)
delivered negative ROI at rc1: 4 PRs blocked on flaky CRD-bootstrap +
upstream-version races (#475, #481, #498, #501). Caught zero real
regressions; only its own infra bugs.
Coverage retained via conftest (offline policy), helm lint, kubeconform,
and kubectl apply --dry-run=server in chart.yml. policy-matrix-smoke.sh
+ bundles stay in tree for cheap reactivation at GA.
Triggers for re-enabling:
- GA criterion #1 (third-party audit) requests engine-specific compat
- First operator running under Kyverno/Gatekeeper reports admission rot
- CRD-bootstrap pattern stabilised across other workflows
Tracking: #502 (filed alongside).
Signed-off-by: Tri Lam <tree@lumalabs.ai>1 parent 51c1921 commit 33fddc0
2 files changed
Lines changed: 3 additions & 233 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
4 | | - | |
| 3 | + | |
| 4 | + | |
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | | - | |
| 14 | + | |
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
| |||
This file was deleted.
0 commit comments