Skip to content
Fixrisk Operational Readiness

ci: disable lfs checkout in non-release workflows #21

Sign in to view logs

ci: disable lfs checkout in non-release workflows

ci: disable lfs checkout in non-release workflows #21

Workflow file for this run

.github/workflows/fixrisk-operational-readiness.yml at a843222
name: Fixrisk Operational Readiness
on:
pull_request:
push:
branches:
- main
- master
- release/**
workflow_dispatch:
inputs:
run_strict_evidence:
description: "Run strict FR-009 evidence gate (requires run_mobile_capture=true)."
required: false
default: "false"
type: choice
options:
- "true"
- "false"
run_mobile_capture:
description: "Run self-hosted physical-device evidence capture and closure flow."
required: false
default: "false"
type: choice
options:
- "false"
- "true"
android_serial:
description: "Optional adb serial for the target physical device."
required: false
type: string
default: ""
evidence_node_count:
description: "Large-graph evidence node count threshold."
required: false
type: string
default: "10000"
evidence_edge_count:
description: "Large-graph evidence edge count threshold."
required: false
type: string
default: "1000000"
permissions:
contents: read
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
jobs:
fixrisk-issues-gate:
name: Fixrisk Issues Gate (Code-Level)
if: ${{ github.event_name != 'schedule' }}
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
lfs: false
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: "20"
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Verify fixrisk issue closure (code-level)
run: npm run verify:fixrisk:issues
- name: Upload fixrisk issue reports
if: always()
uses: actions/upload-artifact@v4
with:
name: fixrisk-issue-reports-code-gate
if-no-files-found: warn
path: |
build/fixrisk-issue-check-latest.json
build/fixrisk-issue-check-*.json
build/fixrisk-jest-contract-report.json
strict-evidence-gate:
name: Fixrisk Strict Evidence Gate (FR-009)
needs:
- capture-mobile-evidence
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.run_strict_evidence == 'true' && github.event.inputs.run_mobile_capture == 'true' }}
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
lfs: false
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: "20"
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Download captured mobile evidence artifact
uses: actions/download-artifact@v5
with:
name: mobile-evidence-captured
path: captured-mobile-evidence
- name: Materialize captured evidence tree
shell: pwsh
run: |
$sourceRoot = Join-Path $PWD "captured-mobile-evidence/docs/mobile-evidence"
if (-not (Test-Path $sourceRoot)) {
throw "Missing captured evidence tree: $sourceRoot"
}
if (Test-Path "docs/mobile-evidence") {
Remove-Item -Path "docs/mobile-evidence" -Recurse -Force
}
New-Item -Path "docs/mobile-evidence" -ItemType Directory | Out-Null
Copy-Item -Path (Join-Path $sourceRoot "*") -Destination "docs/mobile-evidence" -Recurse -Force
- name: Verify fixrisk issue closure (strict evidence required)
env:
NOTE_CONNECTION_REQUIRE_EVIDENCE_ROOT: "1"
NOTE_CONNECTION_REQUIRE_LARGE_GRAPH_EVIDENCE: "1"
NOTE_CONNECTION_MIN_EVIDENCE_NODE_COUNT: ${{ github.event.inputs.evidence_node_count }}
NOTE_CONNECTION_MIN_EVIDENCE_EDGE_COUNT: ${{ github.event.inputs.evidence_edge_count }}
NOTE_CONNECTION_EVIDENCE_ROOT: docs/mobile-evidence
run: npm run verify:fixrisk:issues:strict:evidence
- name: Upload strict evidence verification reports
if: always()
uses: actions/upload-artifact@v4
with:
name: fixrisk-issue-reports-strict-evidence
if-no-files-found: warn
path: |
build/fixrisk-issue-check-latest.json
build/fixrisk-issue-check-*.json
build/fixrisk-jest-contract-report.json
- name: Upload mobile evidence snapshot
if: always()
uses: actions/upload-artifact@v4
with:
name: mobile-evidence-snapshot
if-no-files-found: warn
path: |
docs/mobile-evidence/**
capture-mobile-evidence:
name: Capture Mobile Evidence (Self-Hosted)
if: ${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.run_mobile_capture == 'true') || ((github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) && vars.NOTE_CONNECTION_ENABLE_MOBILE_EVIDENCE_CAPTURE == '1') }}
runs-on:
- self-hosted
- windows
- x64
- android
timeout-minutes: 90
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
lfs: false
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: "20"
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Build Capacitor APK for evidence capture
run: npm run mobile:build:capacitor
- name: Run fixrisk operational closure pipeline
env:
NOTE_CONNECTION_ANDROID_SERIAL: ${{ github.event.inputs.android_serial }}
NOTE_CONNECTION_EVIDENCE_NODE_COUNT: ${{ github.event.inputs.evidence_node_count }}
NOTE_CONNECTION_EVIDENCE_EDGE_COUNT: ${{ github.event.inputs.evidence_edge_count }}
NOTE_CONNECTION_REQUIRE_EVIDENCE_ROOT: "1"
NOTE_CONNECTION_REQUIRE_LARGE_GRAPH_EVIDENCE: "1"
run: npm run ops:fixrisk:close
- name: Upload captured mobile evidence
if: always()
uses: actions/upload-artifact@v4
with:
name: mobile-evidence-captured
if-no-files-found: error
path: |
docs/mobile-evidence/**
build/fixrisk-ops-closure-latest.json
build/fixrisk-issue-check-latest.json
build/fixrisk-issue-check-*.json