diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1ecb83124..df73d2e45 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,20 +76,26 @@ jobs: run: npm ci - name: Contract Validation - run: npm --prefix .. run contract-check + working-directory: .. + run: npm run contract-check - name: Claim Lint - Veracity Enforcement - run: npm --prefix .. run claim-lint + working-directory: .. + run: npm run claim-lint - name: REMOVE BY Deadline Check - run: npm --prefix .. run remove-by-deadline-check + working-directory: .. + run: npm run remove-by-deadline-check - name: Guardian Anti-Frankenstein - run: npm --prefix .. run anti-frankenstein + working-directory: .. + run: npm run anti-frankenstein - name: Golden Rule Check - run: npm --prefix .. run golden-rule-check + working-directory: .. + run: npm run golden-rule-check - name: Verificación Deploy - run: npm --prefix .. run verify-deploy + working-directory: .. + run: npm run verify-deploy - name: Build run: npm run build @@ -100,83 +106,3 @@ jobs: if [ -f package.json ]; then npm test --if-present -- --watch=false --coverage --passWithNoTests fi - - # PROD Verifier - Verifica estado real de producción (no rompe CI) - prod-verifier: - name: PROD Verifier (no blocking) - runs-on: ubuntu-latest - # Ejecutar cada 10 minutos + manual - schedule: - - cron: '*/10 * * * *' # Cada 10 minutos - # Permitir ejecución manual - workflow_dispatch: - steps: - - uses: actions/checkout@v4 - - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: '3.10' - - - name: Install requests - run: pip install requests - - - name: Run PROD Verifier - id: prod_verify - run: npm --prefix .. run prod-verifier - continue-on-error: true # No rompe CI, solo informa - - - name: Generate Job Summary - if: always() - run: | - echo "## 🔍 PROD Verification Status" >> $GITHUB_STEP_SUMMARY - echo "**Run:** [${GITHUB_RUN_ID}](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID})" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - if [ -f docs/deploy/prod_evidence.json ]; then - STATUS=$(jq -r '.status' docs/deploy/prod_evidence.json) - CHECKED_AT=$(jq -r '.checked_at' docs/deploy/prod_evidence.json) - - echo "**Status:** $STATUS | **Checked:** $CHECKED_AT" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - # Listar todos los endpoints chequeados - echo "**Endpoints Checked:**" >> $GITHUB_STEP_SUMMARY - jq -r '.results[] | "- \(.name): \(.url) → HTTP \(.status_code)"' docs/deploy/prod_evidence.json >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - # Status final - if [ "$STATUS" = "FAIL" ]; then - echo "❌ **PRODUCCIÓN EN ERROR** - afirmaciones bloqueadas" >> $GITHUB_STEP_SUMMARY - else - echo "✅ **PRODUCCIÓN VERIFICADA** - afirmaciones permitidas" >> $GITHUB_STEP_SUMMARY - fi - - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Artifact:** \`prod-evidence-${GITHUB_RUN_ID}\`" >> $GITHUB_STEP_SUMMARY - else - echo "**Status:** ERROR - No evidence generated" >> $GITHUB_STEP_SUMMARY - echo "❌ **VERIFICATION FAILED** - Check prod-verifier logs" >> $GITHUB_STEP_SUMMARY - fi - - - name: Upload evidence artifacts - uses: actions/upload-artifact@v4 - if: always() - with: - name: prod-evidence-${{ github.run_id }} - path: | - docs/deploy/prod_evidence.json - docs/deploy/prod_evidence.md - retention-days: 7 - run: npm --prefix .. run prod-verifier - continue-on-error: true # No rompe CI, solo informa - - - name: Upload evidence - uses: actions/upload-artifact@v4 - if: always() - with: - name: prod-evidence-${{ github.run_id }} - path: | - docs/deploy/prod_evidence.json - docs/deploy/prod_evidence.md - retention-days: 7 diff --git a/.github/workflows/prod-verifier.yml b/.github/workflows/prod-verifier.yml new file mode 100644 index 000000000..e7f5eded7 --- /dev/null +++ b/.github/workflows/prod-verifier.yml @@ -0,0 +1,67 @@ +name: PROD Verifier (non-blocking) + +permissions: + contents: read + actions: write + +on: + schedule: + - cron: '*/10 * * * *' + workflow_dispatch: + +jobs: + prod-verifier: + name: PROD Verifier + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Install requests + run: pip install requests + + - name: Run PROD Verifier + id: prod_verify + run: python3 tools/prod_verifier.py + continue-on-error: true + + - name: Generate Job Summary + if: always() + run: | + echo "## PROD Verification" >> "$GITHUB_STEP_SUMMARY" + echo "Run: ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" >> "$GITHUB_STEP_SUMMARY" + if [ -f docs/deploy/prod_evidence.json ]; then + python3 - <<'PY' >> "$GITHUB_STEP_SUMMARY" + import json + with open("docs/deploy/prod_evidence.json", "r", encoding="utf-8") as f: + data = json.load(f) + status = data.get("status", "UNKNOWN") + checked_at = data.get("checked_at", "unknown") + print(f"Status: {status} | Checked: {checked_at}") + results = data.get("results", []) + if results: + print("Endpoints:") + for item in results: + name = item.get("name", "endpoint") + url = item.get("url", "") + code = item.get("status_code", "n/a") + print(f"- {name}: {url} -> HTTP {code}") + PY + echo "Artifact: prod-evidence-${GITHUB_RUN_ID}" >> "$GITHUB_STEP_SUMMARY" + else + echo "Status: ERROR - No evidence generated" >> "$GITHUB_STEP_SUMMARY" + fi + + - name: Upload evidence artifact + uses: actions/upload-artifact@v4 + if: always() + with: + name: prod-evidence-${{ github.run_id }} + path: | + docs/deploy/prod_evidence.json + docs/deploy/prod_evidence.md + retention-days: 7