fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(scripts): pre-commit hook + CI gate for compliance drift

Browse Source 
Wire pnpm compliance:emit-all into the pre-commit hook (conditional on
staged Payload configs, library traces, or compliance/ files) and add a
hard-fail compliance drift check step to the CI validate job positioned
after pnpm conformance.

Also fix emit-all.mjs: it previously hardcoded --check on every invocation,
so it never actually regenerated artifacts. Now the default mode writes and
--check mode diffs only — matching the pre-commit (write) vs CI (check) split.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Danijel Martinek
2026-05-18 20:14:45 +00:00
parent add54f14ef
commit 239cfcadfa
3 changed files with 41 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.husky/pre-commit
View File

@@ -23,7 +23,14 @@ node scripts/work/state-sync-guard.mjs || exit 1
# 4. Check library decision traces for new runtime deps in feature/core packages.
node scripts/library-decisions/check.mjs || exit 1
# 5. Scan staged changes for secrets (skip gracefully if gitleaks is not installed).
# 5. If any staged file touches Payload configs, library traces, or compliance
# artifacts, regenerate compliance YAMLs and auto-stage them.
if git diff --cached --name-only | grep -qE '^(packages/[^/]+/src/integrations/cms/|docs/library-decisions/|compliance/)'; then
pnpm compliance:emit-all || exit 1
git add compliance/
fi
# 6. Scan staged changes for secrets (skip gracefully if gitleaks is not installed).
if command -v gitleaks > /dev/null 2>&1; then
gitleaks protect --staged --redact || exit 1
else