-
Notifications
You must be signed in to change notification settings - Fork 0
55 lines (52 loc) · 1.95 KB
/
ci.yml
File metadata and controls
55 lines (52 loc) · 1.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: ci
on:
pull_request:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v5
with:
enable-cache: true
- name: Install dependencies
run: uv sync --dev
- name: Run lint
run: uv run ruff check src
- name: Run test suite
run: uv run pytest --cov=legis --cov-report=term-missing --cov-report=json --cov-fail-under=88
- name: Enforce per-package coverage floors
run: uv run python scripts/check_coverage_floors.py
- name: Run SEI conformance oracle
run: uv run pytest tests/conformance/test_sei_oracle.py
- name: Run live Loomweave oracle
if: ${{ vars.LOOMWEAVE_URL != '' }}
env:
LOOMWEAVE_URL: ${{ vars.LOOMWEAVE_URL }}
LOOMWEAVE_LIVE_ORACLE_LOCATOR: ${{ vars.LOOMWEAVE_LIVE_ORACLE_LOCATOR }}
LEGIS_LOOMWEAVE_HMAC_KEY: ${{ secrets.LEGIS_LOOMWEAVE_HMAC_KEY }}
run: uv run pytest tests/conformance/test_live_loomweave_oracle.py
- name: Run type check
run: uv run mypy src/legis
- name: Run policy-boundary honesty gate
run: uv run legis policy-boundary-check --root src --repo-root .
override-rate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v5
with:
enable-cache: true
- name: Install dependencies
run: uv sync --dev
- name: Enforce override-rate gate
# No governance DB is tracked in the repo yet, so a missing DB here is
# expected → PASS_WITH_NOTICE rather than the CI fail-closed default.
# Remove this once a real governance DB is wired into CI.
env:
LEGIS_ALLOW_MISSING_GOVERNANCE_DB: "1"
# No --db: use the resolved default store (.weft/legis/legis-governance.db),
# the same location the server/MCP write to.
run: uv run legis governance-gate