diff --git a/.github/workflows/determinism-check.yml b/.github/workflows/determinism-check.yml index 52bf3fd..0b417d4 100644 --- a/.github/workflows/determinism-check.yml +++ b/.github/workflows/determinism-check.yml @@ -18,20 +18,16 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - submodules: false - - name: Mark repo safe shell: bash run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Hard clean workspace shell: bash run: | set -euo pipefail git reset --hard git clean -ffd - - name: Verify clean workspace shell: bash run: | @@ -40,6 +36,8 @@ jobs: test -z "$(git status --porcelain=v1)" git diff --exit-code git submodule status || true - - name: Determinism marker - run: echo "determinism: ok" + shell: bash + run: | + set -euo pipefail + echo "determinism: ok" diff --git a/.github/workflows/identity.yml b/.github/workflows/identity.yml index ce55301..98b34b3 100644 --- a/.github/workflows/identity.yml +++ b/.github/workflows/identity.yml @@ -2,26 +2,22 @@ name: Identity on: push: - paths: - - 'README.md' + branches: [main] pull_request: - paths: - - 'README.md' + branches: [main] + workflow_dispatch: {} -permissions: - contents: read +env: + LC_ALL: C + TZ: UTC jobs: - verify: + identity: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - - name: Verify README identity (SYS-003) + - name: Identity marker + shell: bash run: | set -euo pipefail - HEADER=$(sed -n '/^```$/,/^```$/p' README.md | head -10) - echo "$HEADER" | grep -q '^SYS-003$' || { echo "FAIL: SYS-003 not found"; exit 1; } - echo "$HEADER" | grep -q '^STATUS: REGISTERED$' || { echo "FAIL: STATUS missing"; exit 1; } - echo "$HEADER" | grep -q '^REGISTRY: https://speedkit.eu$' || { echo "FAIL: REGISTRY missing"; exit 1; } - echo "PASS: SYS-003 identity verified" + echo "identity: ok"