-
Notifications
You must be signed in to change notification settings - Fork 0
104 lines (86 loc) · 5.75 KB
/
ci.yml
File metadata and controls
104 lines (86 loc) · 5.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: ci
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install package and test tools
run: |
python -m pip install --upgrade pip
python -m pip install -e . pytest
- name: Parse schema files
run: |
python - <<'PY'
import json
from pathlib import Path
for path in sorted(Path('schemas').glob('*.schema.json')):
data = json.loads(path.read_text())
assert data['$schema'] == 'https://json-schema.org/draft/2020-12/schema'
assert data['title']
print(f'validated {path}')
PY
- name: Validate control-plane examples
run: python3 tools/validate_control_plane_examples.py
- name: Validate orchestration examples
run: python3 tools/validate_orchestration_examples.py
- name: Run tests
run: pytest -q
- name: Exercise CLI snapshot
run: sourceos-syncd health snapshot --compact > /tmp/sourceos-syncd.snapshot.json
- name: Exercise CLI explain
run: sourceos-syncd health explain --file examples/health/healthy.snapshot.json --compact
- name: Exercise CLI verify healthy example
run: sourceos-syncd health verify --file examples/health/healthy.snapshot.json --compact
- name: Exercise CLI verify degraded example
run: sourceos-syncd health verify --file examples/health/degraded.snapshot.json --compact || test $? -eq 2
- name: Exercise repair plan preview
run: sourceos-syncd repair plan --file examples/health/degraded.snapshot.json --compact > /tmp/sourceos-syncd.repair-plan.json
- name: Exercise local store prototype
run: |
STORE_ROOT=/tmp/sourceos-syncd-store
sourceos-syncd store init --root "$STORE_ROOT" --compact
sourceos-syncd store record --root "$STORE_ROOT" --event-type add --lane normal --object-id obj-1 --producer ci --payload-json '{"path":"README.md"}' --compact
sourceos-syncd store record --root "$STORE_ROOT" --event-type update --lane priority --object-id obj-1 --producer ci --payload-json '{"field":"title"}' --compact
sourceos-syncd health snapshot --store-root "$STORE_ROOT" --compact > /tmp/sourceos-syncd.store.snapshot.json
sourceos-syncd health verify --file /tmp/sourceos-syncd.store.snapshot.json --compact
- name: Exercise orchestration event queue
run: |
ORCH_ROOT=/tmp/sourceos-syncd-orchestration
sourceos-syncd orchestration init --root "$ORCH_ROOT" --compact
sourceos-syncd orchestration enqueue --root "$ORCH_ROOT" --file examples/orchestration/event-capability.records.json --compact > /tmp/sourceos-syncd.orchestration.enqueue.json
sourceos-syncd orchestration summary --root "$ORCH_ROOT" --compact > /tmp/sourceos-syncd.orchestration.summary.json
sourceos-syncd orchestration list --root "$ORCH_ROOT" --state pending --compact > /tmp/sourceos-syncd.orchestration.pending.json
sourceos-syncd orchestration list --root "$ORCH_ROOT" --state waiting-approval --compact > /tmp/sourceos-syncd.orchestration.waiting.json
sourceos-syncd orchestration list --root "$ORCH_ROOT" --state blocked --compact > /tmp/sourceos-syncd.orchestration.blocked.json
sourceos-syncd orchestration replay --root "$ORCH_ROOT" --state pending --compact > /tmp/sourceos-syncd.orchestration.replay.json
- name: Exercise local evidence writer
run: |
EVIDENCE_DIR=/tmp/sourceos-syncd-evidence
sourceos-syncd evidence wrap --file examples/policy/secure-agent-access.decision.json --type policy-decision --subject sourceos-syncd --compact > /tmp/sourceos-syncd.policy.evidence.json
sourceos-syncd evidence validate --file /tmp/sourceos-syncd.policy.evidence.json --compact
sourceos-syncd evidence write --file examples/policy/secure-agent-access.decision.json --type policy-decision --subject sourceos-syncd --output-dir "$EVIDENCE_DIR" --compact > /tmp/sourceos-syncd.evidence-write.json
test -n "$(ls -A "$EVIDENCE_DIR")"
- name: Exercise AgentPlane trust gate
run: |
sourceos-syncd trust evaluate --file /tmp/sourceos-syncd.snapshot.json --subject agentplane --action read --lane normal --compact > /tmp/sourceos-syncd.trust.allowed.json
sourceos-syncd trust validate --file /tmp/sourceos-syncd.trust.allowed.json --compact
sourceos-syncd trust evaluate --file /tmp/sourceos-syncd.snapshot.json --subject agentplane --action read --lane normal --require-attestation --compact || test $? -eq 2
sourceos-syncd trust validate --file examples/trust/normal-read.allowed.json --compact
sourceos-syncd evidence wrap --file /tmp/sourceos-syncd.trust.allowed.json --type agent-trust-decision --subject agentplane --compact > /tmp/sourceos-syncd.trust.evidence.json
sourceos-syncd evidence validate --file /tmp/sourceos-syncd.trust.evidence.json --compact
- name: Exercise Delivery Excellence scorecard
run: |
sourceos-syncd scorecard evaluate --file /tmp/sourceos-syncd.snapshot.json --compact > /tmp/sourceos-syncd.scorecard.json
sourceos-syncd scorecard validate --file /tmp/sourceos-syncd.scorecard.json --compact
sourceos-syncd evidence wrap --file /tmp/sourceos-syncd.scorecard.json --type delivery-scorecard --subject sourceos-syncd --compact > /tmp/sourceos-syncd.scorecard.evidence.json
sourceos-syncd evidence validate --file /tmp/sourceos-syncd.scorecard.evidence.json --compact