feat: harden profile installs and validate council-lite artifacts #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| validation: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Shell syntax checks | |
| run: | | |
| bash -n install.sh | |
| bash -n scripts/*.sh | |
| - name: Validate profile JSON files | |
| run: | | |
| python3 -m json.tool profiles/registry.json >/dev/null | |
| python3 -m json.tool profiles/core/manifest.json >/dev/null | |
| python3 -m json.tool profiles/council-lite/manifest.json >/dev/null | |
| python3 -m json.tool profiles/council-research/manifest.json >/dev/null | |
| - name: Installer profile commands smoke test | |
| run: | | |
| ./install.sh --list-profiles | |
| ./install.sh --status | |
| ./install.sh --conflict-policy fail --profiles core,council-lite | |
| ./install.sh --conflict-policy skip --profiles core,council-lite | |
| ./install.sh --profiles core,council-lite | |
| ./install.sh --enable-profile council-research | |
| ./install.sh --disable-profile council-research | |
| ./install.sh --uninstall | |
| - name: Verify profile state removed on uninstall | |
| run: | | |
| test ! -f "$HOME/.config/opencode/profiles-enabled.json" | |
| - name: Council-lite script smoke test | |
| run: | | |
| ./install.sh --profiles core,council-lite | |
| ./scripts/council-lite.sh status | |
| ./scripts/council-lite.sh run "CI smoke test goal" | |
| ./scripts/council-lite.sh list | |
| SESSION_ID=$(python3 - <<'PY' | |
| import json | |
| from pathlib import Path | |
| data = json.loads(Path("memory/council-lite/index.json").read_text()) | |
| print(data["sessions"][-1]["id"]) | |
| PY | |
| ) | |
| ./scripts/council-lite.sh resume "$SESSION_ID" | |
| ./scripts/validate-council-lite.sh --latest | |
| ./install.sh --uninstall | |
| secret-scan: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run gitleaks | |
| uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |