ci(scripts): add trace-revalidation-weekly workflow

Adds .github/workflows/trace-revalidation-weekly.yml to run the library trace revalidation script on a weekly Monday cron (06:30 UTC) and on workflow_dispatch. Permissions scoped to issues:write + contents:read only — no contents:write, workflow does not auto-edit traces. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 17:52:01 +00:00
parent a7a4299213
commit 6869a51541
1 changed files with 38 additions and 0 deletions
--- a/.github/workflows/trace-revalidation-weekly.yml
+++ b/.github/workflows/trace-revalidation-weekly.yml
@@ -0,0 +1,38 @@
+# Library trace revalidation — weekly run + on-demand. ADR-022.
+#
+# Walks every approved + pre-shipped trace in docs/library-decisions/,
+# re-runs each trace's verification-commands, classifies divergence as
+# soft (minor drift → rolling dashboard issue) or hard (re-evaluation
+# warranted → per-dep issue), and opens/updates/closes GitHub issues
+# accordingly. Runs in parallel to main — does NOT gate deployments.
+
+name: Library trace revalidation (weekly)
+
+on:
+  schedule:
+    # 06:30 UTC every Monday
+    - cron: "30 6 * * 1"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  revalidate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+      - run: pnpm install --frozen-lockfile
+      - name: Revalidate library traces
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: node scripts/library-decisions/revalidate.mjs