fix: post-audit CI and governance cleanup #6
Reference in New Issue
Block a user
Delete Branch "fix/post-audit-cleanup"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Post-audit cleanup across three fix categories (A + H + I). The critic pass confirmed
astro checkreturns 0 errors / 13 hints, the Tower scp deploy has been superseded by Cloudflare since PR #5, and the monthly governance report referenced a stale required check.Changes
A — CI + workflow cleanup
ci.yml: removedcontinue-on-error: trueon the Typecheck step. astro check is clean so this step must block.deploy-cloudflare.yml(job name: 'Deploy to Tower'): deleted. Production has been on Cloudflare since PR #5; this workflow only fails (stale TOWER_* secrets, wrong origin).H — Monthly cross-stack report generalised
monthly-cross-stack-report.yml: replaced the hardcoded probe forCross-stack coherence(no longer in branch protection) with a dynamic dump ofrequired_status_checks.contexts[]andrequired_status_checks.checks[].context. The report now reflects the live required-checks set.I — CI quality gates
ci.yml: addednpm run tracking:checkandnpm run image:budgetafter the Build step. Scripts already existed inpackage.jsonbut were never wired into CI.Commits
ci: enforce typecheck and add quality gates(A1 + I)chore: remove obsolete Tower deploy workflow(A2)chore: monthly report tracks live required checks(H)Deploying with
Cloudflare Workers
The latest updates on your project. Learn more about integrating Git with Workers.
View logs
97e19348Branch Preview URL
Pull request overview
This PR performs post-audit cleanup of GitHub Actions workflows by tightening CI quality gates, removing an obsolete production deploy workflow, and making the monthly governance report reflect the live branch-protection required-checks configuration.
Changes:
typecheckblocking in CI and added two additional CI quality gates (tracking:check,image:budget).Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
.github/workflows/ci.yml.github/workflows/deploy-cloudflare.yml.github/workflows/monthly-cross-stack-report.yml💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
@@ -58,10 +60,15 @@ jobs:echo "Generated: $NOW_UTC"echo "Repository: $GH_REPO"The jq extraction can emit
nullentries (e.g., when a check object lacks.context), which then get rendered as a bullet like- null. Also, because jq errors are swallowed (2>/dev/null || true), a parse/API shape failure will be reported as “(none)” rather than “(unknown)”, which can make the governance report inaccurate. Consider filtering out null/empty contexts and preserving an explicit “unknown/parse-error” state when jq fails.