Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,9 @@ jobs:
- name: govulncheck
run: make govulncheck
- name: doc-check
# Includes cut-criteria-check transitively (see Makefile doc-check
# target). Kept single-call here to avoid running the render twice
# per PR; the doc-check failure message names the offending gate.
run: make doc-check
- name: deprecation-check
run: make deprecation-check
Expand Down
26 changes: 24 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
.PHONY: coverage coverage-check

# Policy gates (each enforces a specific RFC-bound invariant)
.PHONY: license-check license-fix govulncheck dco-check ci-fuzz-nccl-fr nccl-fr-rce-gate register-lint actionlint zizmor doc-check doc-check-release no-autoupdate-check base-digest-check build-tags attribute-namespace-check deprecation-check rfc-status-check
.PHONY: license-check license-fix govulncheck dco-check ci-fuzz-nccl-fr nccl-fr-rce-gate register-lint actionlint zizmor doc-check doc-check-release no-autoupdate-check base-digest-check build-tags attribute-namespace-check deprecation-check rfc-status-check cut-criteria-status cut-criteria-render cut-criteria-check

# Aggregate gates: pre-commit / pre-push / fast-CI / full-CI
.PHONY: check verify ci ci-fast ci-full
Expand Down Expand Up @@ -222,6 +222,27 @@ attribute-namespace-check: ## Advisory drift gate for the customer-stable attri
deprecation-check: ## Enforce the deprecation policy at docs/DEPRECATION.md (v1.0-rc1 cut criterion 4). Scans Go + YAML + Markdown for deprecation markers; fails on missing tracking refs or audit-table orphans.
@bash scripts/deprecation-check.sh

cut-criteria-status: ## Compute the live status of every v1.0-rc1 cut criterion from docs/cut-criteria.yaml. Prints `id\tstatus\ttitle` per row; read-only, never gates.
@bash scripts/cut-criteria-status.sh

cut-criteria-render: ## Regenerate docs/v1-rc1-cut-criteria.md from docs/cut-criteria.yaml. Source of truth is the YAML; the markdown is rendered.
@bash scripts/cut-criteria-render.sh

cut-criteria-check: ## Drift gate: rendered docs/v1-rc1-cut-criteria.md must match what `make cut-criteria-render` would produce against the current docs/cut-criteria.yaml. Catches PRs that ship a criterion's artifact without re-rendering.
@# Render to a tempfile and diff against the on-disk copy. Both
@# the YAML source and the live repo state feed the render: a PR
@# that updates either without re-rendering trips this gate.
@tmp=$$(mktemp); \
bash scripts/cut-criteria-render.sh docs/cut-criteria.yaml "$$tmp" >/dev/null; \
if ! diff -u docs/v1-rc1-cut-criteria.md "$$tmp"; then \
rm -f "$$tmp"; \
echo ""; \
echo "cut-criteria-check: docs/v1-rc1-cut-criteria.md is out of sync with docs/cut-criteria.yaml."; \
echo "Run \`make cut-criteria-render\` and commit the result."; \
exit 1; \
fi; \
rm -f "$$tmp"

verify: check license-check generate-fixtures-check build-tags nccl-fr-rce-gate register-lint actionlint zizmor doc-check deprecation-check no-autoupdate-check ## Pre-push gate. Medium (<30s); CI handles heavy gates (test, coverage, govulncheck, fuzz, build).

test-extras-sustained: ## (sub-target) sustained-load (5 min); see `make test-extras`.
Expand Down Expand Up @@ -280,11 +301,12 @@ test-extras: ## Run all test-suite extras NOT in `make ci`. Independent sub-tar
done; \
exit $$status

doc-check: ## Verify test identifiers referenced in rot-prone docs exist in the source tree, AND alert names in component RUNBOOKs match the alerts.yaml, AND Chart.yaml appVersion tracks builder-config.yaml dist.version, AND every RFC carries a valid Status field. Release-pipeline parity gates run via `make doc-check-release`.
doc-check: ## Verify test identifiers referenced in rot-prone docs exist in the source tree, AND alert names in component RUNBOOKs match the alerts.yaml, AND Chart.yaml appVersion tracks builder-config.yaml dist.version, AND every RFC carries a valid Status field, AND v1-rc1 cut-criteria.md is rendered from cut-criteria.yaml (no manual drift). Release-pipeline parity gates run via `make doc-check-release`.
scripts/doc-check.sh
scripts/alert-check.sh
scripts/chart-appversion-check.sh
scripts/rfc-status-check.sh
@$(MAKE) --no-print-directory cut-criteria-check

rfc-status-check: ## Issue #325: assert every docs/rfcs/*.md carries a `**Status:**` field whose value is one of the enumerated prefixes (draft|accepted|rejected|superseded by RFC-NNNN|revised by RFC-NNNN|ratified retrospectively). Standalone hook for fast iteration; also wired into `make doc-check` for the full doc gate.
scripts/rfc-status-check.sh
Expand Down
Loading
Loading