Add process provenance tuple schema #143
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install package and test tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install -e . pytest | |
| - name: Parse schema files | |
| run: | | |
| python - <<'PY' | |
| import json | |
| from pathlib import Path | |
| for path in sorted(Path('schemas').glob('*.schema.json')): | |
| data = json.loads(path.read_text()) | |
| assert data['$schema'] == 'https://json-schema.org/draft/2020-12/schema' | |
| assert data['title'] | |
| print(f'validated {path}') | |
| PY | |
| - name: Validate control-plane examples | |
| run: python3 tools/validate_control_plane_examples.py | |
| - name: Validate orchestration examples | |
| run: python3 tools/validate_orchestration_examples.py | |
| - name: Run tests | |
| run: pytest -q | |
| - name: Exercise CLI snapshot | |
| run: sourceos-syncd health snapshot --compact > /tmp/sourceos-syncd.snapshot.json | |
| - name: Exercise CLI explain | |
| run: sourceos-syncd health explain --file examples/health/healthy.snapshot.json --compact | |
| - name: Exercise CLI verify healthy example | |
| run: sourceos-syncd health verify --file examples/health/healthy.snapshot.json --compact | |
| - name: Exercise CLI verify degraded example | |
| run: sourceos-syncd health verify --file examples/health/degraded.snapshot.json --compact || test $? -eq 2 | |
| - name: Exercise repair plan preview | |
| run: sourceos-syncd repair plan --file examples/health/degraded.snapshot.json --compact > /tmp/sourceos-syncd.repair-plan.json | |
| - name: Exercise local store prototype | |
| run: | | |
| STORE_ROOT=/tmp/sourceos-syncd-store | |
| sourceos-syncd store init --root "$STORE_ROOT" --compact | |
| sourceos-syncd store record --root "$STORE_ROOT" --event-type add --lane normal --object-id obj-1 --producer ci --payload-json '{"path":"README.md"}' --compact | |
| sourceos-syncd store record --root "$STORE_ROOT" --event-type update --lane priority --object-id obj-1 --producer ci --payload-json '{"field":"title"}' --compact | |
| sourceos-syncd health snapshot --store-root "$STORE_ROOT" --compact > /tmp/sourceos-syncd.store.snapshot.json | |
| sourceos-syncd health verify --file /tmp/sourceos-syncd.store.snapshot.json --compact | |
| - name: Exercise local evidence writer | |
| run: | | |
| EVIDENCE_DIR=/tmp/sourceos-syncd-evidence | |
| sourceos-syncd evidence wrap --file examples/policy/secure-agent-access.decision.json --type policy-decision --subject sourceos-syncd --compact > /tmp/sourceos-syncd.policy.evidence.json | |
| sourceos-syncd evidence validate --file /tmp/sourceos-syncd.policy.evidence.json --compact | |
| sourceos-syncd evidence write --file examples/policy/secure-agent-access.decision.json --type policy-decision --subject sourceos-syncd --output-dir "$EVIDENCE_DIR" --compact > /tmp/sourceos-syncd.evidence-write.json | |
| test -n "$(ls -A "$EVIDENCE_DIR")" | |
| - name: Exercise AgentPlane trust gate | |
| run: | | |
| sourceos-syncd trust evaluate --file /tmp/sourceos-syncd.snapshot.json --subject agentplane --action read --lane normal --compact > /tmp/sourceos-syncd.trust.allowed.json | |
| sourceos-syncd trust validate --file /tmp/sourceos-syncd.trust.allowed.json --compact | |
| sourceos-syncd trust evaluate --file /tmp/sourceos-syncd.snapshot.json --subject agentplane --action read --lane normal --require-attestation --compact || test $? -eq 2 | |
| sourceos-syncd trust validate --file examples/trust/normal-read.allowed.json --compact | |
| sourceos-syncd evidence wrap --file /tmp/sourceos-syncd.trust.allowed.json --type agent-trust-decision --subject agentplane --compact > /tmp/sourceos-syncd.trust.evidence.json | |
| sourceos-syncd evidence validate --file /tmp/sourceos-syncd.trust.evidence.json --compact | |
| - name: Exercise Delivery Excellence scorecard | |
| run: | | |
| sourceos-syncd scorecard evaluate --file /tmp/sourceos-syncd.snapshot.json --compact > /tmp/sourceos-syncd.scorecard.json | |
| sourceos-syncd scorecard validate --file /tmp/sourceos-syncd.scorecard.json --compact | |
| sourceos-syncd evidence wrap --file /tmp/sourceos-syncd.scorecard.json --type delivery-scorecard --subject sourceos-syncd --compact > /tmp/sourceos-syncd.scorecard.evidence.json | |
| sourceos-syncd evidence validate --file /tmp/sourceos-syncd.scorecard.evidence.json --compact |