From 331573bc4f2aa54e5eea1a63dc999d7b3159f2f7 Mon Sep 17 00:00:00 2001 From: Danijel Martinek Date: Thu, 14 May 2026 19:53:07 +0200 Subject: [PATCH] chore(work): finish 05-trace-revalidation-workflow --- .../05-trace-revalidation-workflow/_story.md | 4 ++-- docs/work/_state.json | 11 +++-------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/docs/work/2026-05-14-ci-security-and-supply-chain/05-trace-revalidation-workflow/_story.md b/docs/work/2026-05-14-ci-security-and-supply-chain/05-trace-revalidation-workflow/_story.md index a28212d..fdae52b 100644 --- a/docs/work/2026-05-14-ci-security-and-supply-chain/05-trace-revalidation-workflow/_story.md +++ b/docs/work/2026-05-14-ci-security-and-supply-chain/05-trace-revalidation-workflow/_story.md @@ -3,7 +3,7 @@ id: 05-trace-revalidation-workflow epic: 2026-05-14-ci-security-and-supply-chain title: Trace revalidation workflow type: technical-story -status: in-progress +status: done feature: scripts depends-on: [01-trace-schema-extensions, 04-major-bump-reevaluation] blocks: [09-ci-security-guide-and-docs] @@ -41,4 +41,4 @@ ADR-022 traces go stale silently when new CVEs drop or Socket picks up behaviora ## Tasks - [x] Write `scripts/library-decisions/revalidate.mjs` (walk approved+pre-shipped traces, re-run `verification-commands`, classify soft/hard divergence, open/update/close issues via `gh` CLI; mock-friendly `gh` surface for tests); write `revalidate.test.mjs` integration tests with fixture traces covering: no-drift, soft-drift (dashboard issue), hard-drift (per-dep issue with correct labels+title), duplicate-issue guard, stale-issue close on refreshed `lastRevalidated`, rejected-trace skip; one commit, all gates pass. -- [ ] Create `.github/workflows/trace-revalidation-weekly.yml` (trigger: `schedule: cron: "30 6 * * 1"` + `workflow_dispatch`; steps: checkout, `pnpm install --frozen-lockfile`, `node scripts/library-decisions/revalidate.mjs`; permissions: `issues: write`, `contents: read`); one commit, all gates pass. +- [x] Create `.github/workflows/trace-revalidation-weekly.yml` (trigger: `schedule: cron: "30 6 * * 1"` + `workflow_dispatch`; steps: checkout, `pnpm install --frozen-lockfile`, `node scripts/library-decisions/revalidate.mjs`; permissions: `issues: write`, `contents: read`); one commit, all gates pass. diff --git a/docs/work/_state.json b/docs/work/_state.json index 2c5dfed..15cf807 100644 --- a/docs/work/_state.json +++ b/docs/work/_state.json @@ -1,5 +1,5 @@ { - "updated_at": "2026-05-14T17:50:50.219Z", + "updated_at": "2026-05-14T17:53:08.262Z", "epics": { "2026-05-13-binder-wrap-helper": { "status": "done", @@ -87,10 +87,10 @@ ] }, "05-trace-revalidation-workflow": { - "status": "in-progress", + "status": "done", "title": "Trace revalidation workflow", "ac_total": 2, - "ac_completed": 1, + "ac_completed": 2, "depends_on": [ "01-trace-schema-extensions", "04-major-bump-reevaluation" @@ -258,11 +258,6 @@ } }, "ready": [ - { - "epic": "2026-05-14-ci-security-and-supply-chain", - "story": "05-trace-revalidation-workflow", - "title": "Trace revalidation workflow" - }, { "epic": "2026-05-14-ci-security-and-supply-chain", "story": "06-codeql-and-audit-signatures",