Update repo_health.yml

2025-12-30 15:05:59 -06:00
parent 69281d87aa
commit 18292097a1
1 changed files with 74 additions and 74 deletions
--- a/.github/workflows/repo_health.yml
+++ b/.github/workflows/repo_health.yml
@@ -145,37 +145,37 @@ jobs:
          fi
          python3 - <<'PY'
-import json
+          import json
-import os
+          import os
-import uuid
+          import uuid
-path = "/tmp/repo_guardrails.definition.json"
+          path = "/tmp/repo_guardrails.definition.json"
-with open(path, "r", encoding="utf-8") as f:
+          with open(path, "r", encoding="utf-8") as f:
-  data = json.load(f)
+            data = json.load(f)
-env_path = os.environ.get("GITHUB_ENV")
+          env_path = os.environ.get("GITHUB_ENV")
-if not env_path:
+          if not env_path:
-  raise SystemExit("GITHUB_ENV not set")
+            raise SystemExit("GITHUB_ENV not set")
-def put_multiline(key: str, values):
+          def put_multiline(key: str, values):
-  vals = [str(v) for v in (values or []) if str(v).strip()]
+            vals = [str(v) for v in (values or []) if str(v).strip()]
-  marker = f"EOF_{uuid.uuid4().hex}"
+            marker = f"EOF_{uuid.uuid4().hex}"
-  with open(env_path, "a", encoding="utf-8") as w:
+            with open(env_path, "a", encoding="utf-8") as w:
-    w.write(f"{key}<<{marker}\n")
+              w.write(f"{key}<<{marker}\n")
-    for v in vals:
+              for v in vals:
-      w.write(v + "\n")
+                w.write(v + "\n")
-    w.write(f"{marker}\n\n")
+              w.write(f"{marker}\n\n")
-put_multiline("GUARDRAILS_RELEASE_REQUIRED_SECRETS", data.get("release", {}).get("required_secrets"))
+          put_multiline("GUARDRAILS_RELEASE_REQUIRED_SECRETS", data.get("release", {}).get("required_secrets"))
-put_multiline("GUARDRAILS_RELEASE_OPTIONAL_SECRETS", data.get("release", {}).get("optional_secrets"))
+          put_multiline("GUARDRAILS_RELEASE_OPTIONAL_SECRETS", data.get("release", {}).get("optional_secrets"))
-put_multiline("GUARDRAILS_RELEASE_OPTIONAL_VARS", data.get("release", {}).get("optional_vars"))
+          put_multiline("GUARDRAILS_RELEASE_OPTIONAL_VARS", data.get("release", {}).get("optional_vars"))
-put_multiline("GUARDRAILS_RELEASE_PROTOCOL_ALLOWED", data.get("release", {}).get("protocol", {}).get("allowed"))
+          put_multiline("GUARDRAILS_RELEASE_PROTOCOL_ALLOWED", data.get("release", {}).get("protocol", {}).get("allowed"))
-with open(env_path, "a", encoding="utf-8") as w:
+          with open(env_path, "a", encoding="utf-8") as w:
-  w.write("GUARDRAILS_LOADED=true\n")
+            w.write("GUARDRAILS_LOADED=true\n")
-print("Guardrails definition loaded")
+          print("Guardrails definition loaded")
-PY
+          PY
      - name: Guardrails release secrets and vars
        env:
@@ -376,36 +376,36 @@ PY
          fi
          python3 - <<'PY'
-import json
+          import json
-import os
+          import os
-import uuid
+          import uuid
-path = "/tmp/repo_guardrails.definition.json"
+          path = "/tmp/repo_guardrails.definition.json"
-with open(path, "r", encoding="utf-8") as f:
+          with open(path, "r", encoding="utf-8") as f:
-  data = json.load(f)
+            data = json.load(f)
-env_path = os.environ.get("GITHUB_ENV")
+          env_path = os.environ.get("GITHUB_ENV")
-if not env_path:
+          if not env_path:
-  raise SystemExit("GITHUB_ENV not set")
+            raise SystemExit("GITHUB_ENV not set")
-def put_multiline(key: str, values):
+          def put_multiline(key: str, values):
-  vals = [str(v) for v in (values or []) if str(v).strip()]
+            vals = [str(v) for v in (values or []) if str(v).strip()]
-  marker = f"EOF_{uuid.uuid4().hex}"
+            marker = f"EOF_{uuid.uuid4().hex}"
-  with open(env_path, "a", encoding="utf-8") as w:
+            with open(env_path, "a", encoding="utf-8") as w:
-    w.write(f"{key}<<{marker}\n")
+              w.write(f"{key}<<{marker}\n")
-    for v in vals:
+              for v in vals:
-      w.write(v + "\n")
+                w.write(v + "\n")
-    w.write(f"{marker}\n\n")
+              w.write(f"{marker}\n\n")
-put_multiline("GUARDRAILS_SCRIPTS_ALLOWED_DIRS", data.get("scripts", {}).get("allowed_top_level_dirs"))
+          put_multiline("GUARDRAILS_SCRIPTS_ALLOWED_DIRS", data.get("scripts", {}).get("allowed_top_level_dirs"))
-put_multiline("GUARDRAILS_SCRIPTS_RECOMMENDED_DIRS", data.get("scripts", {}).get("recommended_dirs"))
+          put_multiline("GUARDRAILS_SCRIPTS_RECOMMENDED_DIRS", data.get("scripts", {}).get("recommended_dirs"))
-put_multiline("GUARDRAILS_SCRIPTS_REQUIRED_VALIDATE_FILES", data.get("scripts", {}).get("required_validate_files_when_present"))
+          put_multiline("GUARDRAILS_SCRIPTS_REQUIRED_VALIDATE_FILES", data.get("scripts", {}).get("required_validate_files_when_present"))
-with open(env_path, "a", encoding="utf-8") as w:
+          with open(env_path, "a", encoding="utf-8") as w:
-  w.write("GUARDRAILS_LOADED=true\n")
+            w.write("GUARDRAILS_LOADED=true\n")
-print("Guardrails definition loaded")
+          print("Guardrails definition loaded")
-PY
+          PY
      - name: Scripts folder governance
        env:
@@ -535,37 +535,37 @@ PY
          fi
          python3 - <<'PY'
-import json
+          import json
-import os
+          import os
-import uuid
+          import uuid
-path = "/tmp/repo_guardrails.definition.json"
+          path = "/tmp/repo_guardrails.definition.json"
-with open(path, "r", encoding="utf-8") as f:
+          with open(path, "r", encoding="utf-8") as f:
-  data = json.load(f)
+            data = json.load(f)
-env_path = os.environ.get("GITHUB_ENV")
+          env_path = os.environ.get("GITHUB_ENV")
-if not env_path:
+          if not env_path:
-  raise SystemExit("GITHUB_ENV not set")
+            raise SystemExit("GITHUB_ENV not set")
-def put_multiline(key: str, values):
+          def put_multiline(key: str, values):
-  vals = [str(v) for v in (values or []) if str(v).strip()]
+            vals = [str(v) for v in (values or []) if str(v).strip()]
-  marker = f"EOF_{uuid.uuid4().hex}"
+            marker = f"EOF_{uuid.uuid4().hex}"
-  with open(env_path, "a", encoding="utf-8") as w:
+            with open(env_path, "a", encoding="utf-8") as w:
-    w.write(f"{key}<<{marker}\n")
+              w.write(f"{key}<<{marker}\n")
-    for v in vals:
+              for v in vals:
-      w.write(v + "\n")
+                w.write(v + "\n")
-    w.write(f"{marker}\n\n")
+              w.write(f"{marker}\n\n")
-put_multiline("GUARDRAILS_REQUIRED_FILES", data.get("repo", {}).get("required_files"))
+          put_multiline("GUARDRAILS_REQUIRED_FILES", data.get("repo", {}).get("required_files"))
-put_multiline("GUARDRAILS_OPTIONAL_FILES", data.get("repo", {}).get("optional_files"))
+          put_multiline("GUARDRAILS_OPTIONAL_FILES", data.get("repo", {}).get("optional_files"))
-put_multiline("GUARDRAILS_REQUIRED_PATHS", data.get("repo", {}).get("required_paths"))
+          put_multiline("GUARDRAILS_REQUIRED_PATHS", data.get("repo", {}).get("required_paths"))
-put_multiline("GUARDRAILS_DISALLOWED_DIRS", data.get("repo", {}).get("paths", {}).get("disallowed_dirs"))
+          put_multiline("GUARDRAILS_DISALLOWED_DIRS", data.get("repo", {}).get("paths", {}).get("disallowed_dirs"))
-with open(env_path, "a", encoding="utf-8") as w:
+          with open(env_path, "a", encoding="utf-8") as w:
-  w.write("GUARDRAILS_LOADED=true\n")
+            w.write("GUARDRAILS_LOADED=true\n")
-print("Guardrails definition loaded")
+          print("Guardrails definition loaded")
-PY
+          PY
      - name: Repo health checks
        env: