From 75585a6b1fd1ed8e70b72bd8969a55ba99071586 Mon Sep 17 00:00:00 2001 From: Cheewye Date: Thu, 29 Jan 2026 23:51:54 -0300 Subject: [PATCH 1/4] fix(sap): split prod-verifier workflow + fix invalid steps --- .github/workflows/ci.yml | 81 ----------------------------- .github/workflows/prod-verifier.yml | 63 ++++++++++++++++++++++ 2 files changed, 63 insertions(+), 81 deletions(-) create mode 100644 .github/workflows/prod-verifier.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1ecb83124..33eec0319 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,6 @@ on: - chore/** - fix/** pull_request: - workflow_dispatch: jobs: backend-tests: @@ -100,83 +99,3 @@ jobs: if [ -f package.json ]; then npm test --if-present -- --watch=false --coverage --passWithNoTests fi - - # PROD Verifier - Verifica estado real de producción (no rompe CI) - prod-verifier: - name: PROD Verifier (no blocking) - runs-on: ubuntu-latest - # Ejecutar cada 10 minutos + manual - schedule: - - cron: '*/10 * * * *' # Cada 10 minutos - # Permitir ejecución manual - workflow_dispatch: - steps: - - uses: actions/checkout@v4 - - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: '3.10' - - - name: Install requests - run: pip install requests - - - name: Run PROD Verifier - id: prod_verify - run: npm --prefix .. run prod-verifier - continue-on-error: true # No rompe CI, solo informa - - - name: Generate Job Summary - if: always() - run: | - echo "## 🔍 PROD Verification Status" >> $GITHUB_STEP_SUMMARY - echo "**Run:** [${GITHUB_RUN_ID}](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID})" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - if [ -f docs/deploy/prod_evidence.json ]; then - STATUS=$(jq -r '.status' docs/deploy/prod_evidence.json) - CHECKED_AT=$(jq -r '.checked_at' docs/deploy/prod_evidence.json) - - echo "**Status:** $STATUS | **Checked:** $CHECKED_AT" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - # Listar todos los endpoints chequeados - echo "**Endpoints Checked:**" >> $GITHUB_STEP_SUMMARY - jq -r '.results[] | "- \(.name): \(.url) → HTTP \(.status_code)"' docs/deploy/prod_evidence.json >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - # Status final - if [ "$STATUS" = "FAIL" ]; then - echo "❌ **PRODUCCIÓN EN ERROR** - afirmaciones bloqueadas" >> $GITHUB_STEP_SUMMARY - else - echo "✅ **PRODUCCIÓN VERIFICADA** - afirmaciones permitidas" >> $GITHUB_STEP_SUMMARY - fi - - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Artifact:** \`prod-evidence-${GITHUB_RUN_ID}\`" >> $GITHUB_STEP_SUMMARY - else - echo "**Status:** ERROR - No evidence generated" >> $GITHUB_STEP_SUMMARY - echo "❌ **VERIFICATION FAILED** - Check prod-verifier logs" >> $GITHUB_STEP_SUMMARY - fi - - - name: Upload evidence artifacts - uses: actions/upload-artifact@v4 - if: always() - with: - name: prod-evidence-${{ github.run_id }} - path: | - docs/deploy/prod_evidence.json - docs/deploy/prod_evidence.md - retention-days: 7 - run: npm --prefix .. run prod-verifier - continue-on-error: true # No rompe CI, solo informa - - - name: Upload evidence - uses: actions/upload-artifact@v4 - if: always() - with: - name: prod-evidence-${{ github.run_id }} - path: | - docs/deploy/prod_evidence.json - docs/deploy/prod_evidence.md - retention-days: 7 diff --git a/.github/workflows/prod-verifier.yml b/.github/workflows/prod-verifier.yml new file mode 100644 index 000000000..85628cea3 --- /dev/null +++ b/.github/workflows/prod-verifier.yml @@ -0,0 +1,63 @@ +name: PROD Verifier (non-blocking) + +on: + schedule: + - cron: '*/10 * * * *' + workflow_dispatch: + +jobs: + prod-verifier: + name: PROD Verifier + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Install requests + run: pip install requests + + - name: Run PROD Verifier + id: prod_verify + run: python3 tools/prod_verifier.py + continue-on-error: true + + - name: Generate Job Summary + if: always() + run: | + echo "## PROD Verification" >> "$GITHUB_STEP_SUMMARY" + echo "Run: ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" >> "$GITHUB_STEP_SUMMARY" + if [ -f docs/deploy/prod_evidence.json ]; then + python3 - <<'PY' >> "$GITHUB_STEP_SUMMARY" + import json + with open("docs/deploy/prod_evidence.json", "r", encoding="utf-8") as f: + data = json.load(f) + status = data.get("status", "UNKNOWN") + checked_at = data.get("checked_at", "unknown") + print(f"Status: {status} | Checked: {checked_at}") + results = data.get("results", []) + if results: + print("Endpoints:") + for item in results: + name = item.get("name", "endpoint") + url = item.get("url", "") + code = item.get("status_code", "n/a") + print(f"- {name}: {url} -> HTTP {code}") + PY + echo "Artifact: prod-evidence-${GITHUB_RUN_ID}" >> "$GITHUB_STEP_SUMMARY" + else + echo "Status: ERROR - No evidence generated" >> "$GITHUB_STEP_SUMMARY" + fi + + - name: Upload evidence artifact + uses: actions/upload-artifact@v4 + if: always() + with: + name: prod-evidence-${{ github.run_id }} + path: | + docs/deploy/prod_evidence.json + docs/deploy/prod_evidence.md + retention-days: 7 From 9709a960d0c79d8e923209d0488180825815378d Mon Sep 17 00:00:00 2001 From: Cheewye Date: Fri, 30 Jan 2026 10:44:30 -0300 Subject: [PATCH 2/4] fix(sap): repair invalid workflow yaml --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 33eec0319..21041774c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,7 @@ on: - chore/** - fix/** pull_request: + workflow_dispatch: jobs: backend-tests: From 6461bdb60ac143022111beb79b247b77a2087ead Mon Sep 17 00:00:00 2001 From: Cheewye Date: Fri, 30 Jan 2026 10:45:13 -0300 Subject: [PATCH 3/4] fix(sap): repair invalid workflow yaml --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 21041774c..f6ee9325a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,8 @@ on: - fix/** pull_request: workflow_dispatch: + schedule: + - cron: '*/10 * * * *' jobs: backend-tests: From 64e7ac4c328459d2dd9b199c48286262a37564bd Mon Sep 17 00:00:00 2001 From: Cheewye Date: Fri, 30 Jan 2026 11:11:51 -0300 Subject: [PATCH 4/4] fix(sap): split prod-verifier into separate workflow + repair ci.yml --- .github/workflows/ci.yml | 20 ++++++++++++-------- .github/workflows/prod-verifier.yml | 4 ++++ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f6ee9325a..df73d2e45 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,8 +9,6 @@ on: - fix/** pull_request: workflow_dispatch: - schedule: - - cron: '*/10 * * * *' jobs: backend-tests: @@ -78,20 +76,26 @@ jobs: run: npm ci - name: Contract Validation - run: npm --prefix .. run contract-check + working-directory: .. + run: npm run contract-check - name: Claim Lint - Veracity Enforcement - run: npm --prefix .. run claim-lint + working-directory: .. + run: npm run claim-lint - name: REMOVE BY Deadline Check - run: npm --prefix .. run remove-by-deadline-check + working-directory: .. + run: npm run remove-by-deadline-check - name: Guardian Anti-Frankenstein - run: npm --prefix .. run anti-frankenstein + working-directory: .. + run: npm run anti-frankenstein - name: Golden Rule Check - run: npm --prefix .. run golden-rule-check + working-directory: .. + run: npm run golden-rule-check - name: Verificación Deploy - run: npm --prefix .. run verify-deploy + working-directory: .. + run: npm run verify-deploy - name: Build run: npm run build diff --git a/.github/workflows/prod-verifier.yml b/.github/workflows/prod-verifier.yml index 85628cea3..e7f5eded7 100644 --- a/.github/workflows/prod-verifier.yml +++ b/.github/workflows/prod-verifier.yml @@ -1,5 +1,9 @@ name: PROD Verifier (non-blocking) +permissions: + contents: read + actions: write + on: schedule: - cron: '*/10 * * * *'