-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjustfile
More file actions
88 lines (77 loc) · 3.65 KB
/
Copy pathjustfile
File metadata and controls
88 lines (77 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# PolicyStack - tier-0 justfile
# Native task runner. Stack-aware: primary language is python (uv), with rust and node toolchains
# called out explicitly. Recipes: build, test, lint, fmt, audit, deny, grade, ci.
set shell := ["bash", "-uc"]
set dotenv-load
# Default recipe: print help
default: help
# List recipes
help:
@just --list
# ---------------------------------------------------------------------------
# Build
# ---------------------------------------------------------------------------
build:
@echo "[build] python compileall"
mkdir -p .pytest_cache/task-tmp
TMPDIR="$PWD/.pytest_cache/task-tmp" PYTHONPYCACHEPREFIX="$PWD/.pytest_cache/task-tmp/pycache" \
uv run --no-project python -m compileall -q cli policy_lib.py resolve.py scripts policy-config policies 2>/dev/null || true
@echo "[build] rust wrapper check"
cd wrappers/rust && cargo check --locked --offline 2>/dev/null || cargo check --locked
# ---------------------------------------------------------------------------
# Test
# ---------------------------------------------------------------------------
test:
@echo "[test] pytest"
mkdir -p .pytest_cache/task-tmp
TMPDIR="$PWD/.pytest_cache/task-tmp" PYTHONPYCACHEPREFIX="$PWD/.pytest_cache/task-tmp/pycache" \
PYTHONPATH="$PWD:$PWD/cli/src" \
uv run --no-project --with pytest --with pytest-asyncio --with pyyaml --with jsonschema \
pytest tests/ -q --tb=short
# ---------------------------------------------------------------------------
# Lint
# ---------------------------------------------------------------------------
lint:
@echo "[lint] ruff (syntax + import checks)"
uv run --no-project --with ruff ruff check --select E9,F --exclude scripts .
@echo "[lint] governance validator"
python validate_governance.py
# ---------------------------------------------------------------------------
# Format
# ---------------------------------------------------------------------------
fmt:
@echo "[fmt] ruff format"
uv run --no-project --with ruff ruff format .
@echo "[fmt] ruff lint autofix"
uv run --no-project --with ruff ruff check --fix --exclude scripts .
# ---------------------------------------------------------------------------
# Audit (dependencies + secrets + governance)
# ---------------------------------------------------------------------------
audit:
@echo "[audit] python dependency scan (pip-audit)"
uv run --no-project --with pip-audit pip-audit -r <(uv pip freeze 2>/dev/null || true) || true
@echo "[audit] gitleaks secrets scan (if installed)"
command -v gitleaks >/dev/null && gitleaks detect --no-banner --redact || echo "gitleaks not installed, skipping"
@echo "[audit] governance validator"
python validate_governance.py
# ---------------------------------------------------------------------------
# Deny (cargo-deny for the rust wrapper)
# ---------------------------------------------------------------------------
deny:
@echo "[deny] cargo-deny (rust wrapper)"
cd wrappers/rust && cargo deny check
# ---------------------------------------------------------------------------
# Grade (full project grading)
# ---------------------------------------------------------------------------
grade:
@echo "[grade] running grade.sh"
./grade.sh
# ---------------------------------------------------------------------------
# CI (mirror of .github/workflows/ci.yml)
# ---------------------------------------------------------------------------
ci: lint test
@echo "[ci] rust wrapper check"
cd wrappers/rust && cargo check --locked
@echo "[ci] governance validate"
python validate_governance.py
@echo "[ci] all gates green"