chore: initial commit with project structure, skills, agents, and con… #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: skills-ci | |
| # Two jobs run on every PR and every push to main: | |
| # | |
| # 1. lint-skills — runs scripts/validate_skills.py over skills/. This is | |
| # the canary. If any skill is malformed (missing | |
| # metadata, bad semver, schema invalid, missing | |
| # apply.yml for a mutation, missing inverse for a | |
| # mutation, etc.) CI must block the merge. | |
| # | |
| # 2. python — ruff + mypy + pytest. The pytest job reuses the | |
| # linter via tests/test_skills_lint.py, so a broken | |
| # skill fails this job too (belt & suspenders). | |
| # | |
| # Future jobs to add when phases 2+ land: | |
| # - sign-skills — produce detached signatures for every skill folder | |
| # on release tags, upload to the keyring. | |
| # - ansible-lint — run ansible-lint against skills/*/apply.yml and | |
| # skills/*/rollback.yml. | |
| # - molecule — spin up a throwaway VM per mutation skill and | |
| # exercise apply → verify → rollback. | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| jobs: | |
| lint-skills: | |
| name: validate skills registry | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: install runtime deps for the linter | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install PyYAML jsonschema | |
| - name: validate every skill folder | |
| run: python scripts/validate_skills.py skills/ | |
| python: | |
| name: ruff + mypy + pytest | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: install project (dev extras) | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e '.[dev]' | |
| - name: ruff | |
| run: ruff check src scripts tests | |
| - name: mypy | |
| run: mypy src | |
| continue-on-error: true # relax until Phase 1 types are filled in | |
| - name: pytest | |
| run: pytest -q | |
| ansible-lint: | |
| name: ansible-lint (non-blocking until phase 1) | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - run: pip install ansible-lint | |
| - run: | | |
| # lint every apply.yml / rollback.yml we can find | |
| find skills -maxdepth 2 -type f \( -name 'apply.yml' -o -name 'rollback.yml' \) \ | |
| -print0 | xargs -0 -r ansible-lint |