docs: refresh compliance analysis for di and local validation
This commit is contained in:
Micheal Wilkinson
@@ -266,19 +266,23 @@ if err != nil {
|
|||||||
|
|
||||||
### Justfile (Local Automation)
|
### Justfile (Local Automation)
|
||||||
|
|
||||||
**Current state:** Minimal
|
**Current state:** Aligned with CI baseline for local validation
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
go-build: # Rebuild
|
go-build
|
||||||
go-test: # Only run tests
|
go-test
|
||||||
|
validate-fmt
|
||||||
|
validate-mod
|
||||||
|
security
|
||||||
|
validate
|
||||||
```
|
```
|
||||||
|
|
||||||
**Missing local tasks per standards:**
|
**Implemented locally (commit 383aad4):**
|
||||||
|
|
||||||
- No `go fmt` validation task
|
- ✅ `validate-fmt` runs `go fmt ./...` and verifies `gofmt -l .` is clean
|
||||||
- No `go mod tidy` task
|
- ✅ `validate-mod` runs `go mod tidy` and `go mod verify`
|
||||||
- No security scanning tasks
|
- ✅ `security` runs `gosec ./...` and `govulncheck ./...`
|
||||||
- No full validation task
|
- ✅ `validate` composes formatting, module hygiene, tests, and security checks
|
||||||
|
|
||||||
### Go Module Configuration
|
### Go Module Configuration
|
||||||
|
|
||||||
@@ -307,39 +311,27 @@ go-test: # Only run tests
|
|||||||
3. ✅ **`go fmt` validation** — Now implemented in `push-validation.yml`
|
3. ✅ **`go fmt` validation** — Now implemented in `push-validation.yml`
|
||||||
4. ✅ **Module hygiene checks** (`go mod tidy` + `go mod verify`) — Now implemented in `push-validation.yml`
|
4. ✅ **Module hygiene checks** (`go mod tidy` + `go mod verify`) — Now implemented in `push-validation.yml`
|
||||||
5. ✅ **Regex variable organization** — Grouped with clarifying comments in `vociferate.go`
|
5. ✅ **Regex variable organization** — Grouped with clarifying comments in `vociferate.go`
|
||||||
|
6. ✅ **DI service boundary** — `internal/vociferate` now uses a constructor-backed service with injected filesystem, environment, and git dependencies (commit 383aad4)
|
||||||
|
7. ✅ **Local validation parity** — `justfile` now mirrors CI checks for format, modules, tests, and security (commit 383aad4)
|
||||||
|
|
||||||
### 🟡 FUTURE (Lower Priority)
|
### 🟡 FUTURE (Lower Priority)
|
||||||
|
|
||||||
6. **Implement changelog gate in PR workflows** — The `decorate-pr` action has changelog gate support; consider enabling `changelog-gate-mode: soft` in workflow if desired for future enhancement.
|
8. **Implement changelog gate in PR workflows** — The `decorate-pr` action has changelog gate support; consider enabling `changelog-gate-mode: soft` in workflow if desired for future enhancement.
|
||||||
|
|
||||||
7. **Update `justfile` with full validation task** (optional, supports local pre-commit validation):
|
|
||||||
|
|
||||||
```makefile
|
|
||||||
validate:
|
|
||||||
@just validate-fmt
|
|
||||||
@just validate-mod
|
|
||||||
@just test
|
|
||||||
@just security
|
|
||||||
|
|
||||||
security:
|
|
||||||
gosec ./...
|
|
||||||
govulncheck ./...
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Summary Table
|
## Summary Table
|
||||||
|
|
||||||
| Category | Standard | Status | Details |
|
| Category | Standard | Status | Details |
|
||||||
| ------------------------ | ------------------------------------ | ---------- | ------------------------------------------------ |
|
| ------------------------ | ------------------------------------ | ------- | ------------------------------------------------------ |
|
||||||
| **Testing** | `*_test.go` + testify suites | ✅ PASS | 80%+ coverage in all packages |
|
| **Testing** | `*_test.go` + testify suites | ✅ PASS | 80%+ coverage in all packages |
|
||||||
| **DI Pattern** | Constructor functions, no singletons | ⚠️ PARTIAL | Options pattern used; regex vars should be const |
|
| **DI Pattern** | Constructor functions, no singletons | ✅ PASS | Constructor-backed service with injected collaborators |
|
||||||
| **Error Handling** | fmt.Errorf with `%w` wrapping | ✅ PASS | Consistent throughout codebase |
|
| **Error Handling** | fmt.Errorf with `%w` wrapping | ✅ PASS | Consistent throughout codebase |
|
||||||
| **Package Organization** | Domain-driven, no layer-based | ✅ PASS | Clean structure, no over-engineering |
|
| **Package Organization** | Domain-driven, no layer-based | ✅ PASS | Clean structure, no over-engineering |
|
||||||
| **go fmt validation** | Fail if formatting inconsistent | ❌ FAIL | Not in workflows |
|
| **go fmt validation** | Fail if formatting inconsistent | ✅ PASS | Enforced in workflows and local automation |
|
||||||
| **go mod checks** | tidy + verify | ❌ FAIL | Not in workflows |
|
| **go mod checks** | tidy + verify | ✅ PASS | Enforced in workflows and local automation |
|
||||||
| **gosec** | Static security analysis | ❌ FAIL | Completely missing |
|
| **gosec** | Static security analysis | ✅ PASS | Enforced in workflows and local automation |
|
||||||
| **govulncheck** | Vulnerability scanning | ❌ FAIL | Completely missing |
|
| **govulncheck** | Vulnerability scanning | ✅ PASS | Enforced in workflows and local automation |
|
||||||
| **Coverage gates** | 80% target per module | ✅ PASS | Both packages exceed/meet target |
|
| **Coverage gates** | 80% target per module | ✅ PASS | Both packages exceed/meet target |
|
||||||
| **Changelog gate** | Enforce changelog entries | ❌ FAIL | Not implemented |
|
| **Changelog gate** | Enforce changelog entries | ❌ FAIL | Not implemented |
|
||||||
|
|
||||||
@@ -349,13 +341,17 @@ go-test: # Only run tests
|
|||||||
|
|
||||||
**Current State (Updated):** The codebase now demonstrates strong engineering fundamentals in testing, error handling, structure, **and CI/CD validation**.
|
**Current State (Updated):** The codebase now demonstrates strong engineering fundamentals in testing, error handling, structure, **and CI/CD validation**.
|
||||||
|
|
||||||
✅ **All critical standards gaps have been addressed** in commit 7cb7b05:
|
✅ **All critical standards gaps have been addressed** across commits 7cb7b05 and 383aad4:
|
||||||
|
|
||||||
- Security scanning (`gosec` + `govulncheck`) now enforced
|
- Security scanning (`gosec` + `govulncheck`) now enforced
|
||||||
- Code formatting validation now required
|
- Code formatting validation now required
|
||||||
- Module hygiene checks (`go mod tidy`/`verify`) now enforced
|
- Module hygiene checks (`go mod tidy`/`verify`) now enforced
|
||||||
- Regex variable organization clarified
|
- Regex variable organization clarified
|
||||||
|
- Dependency injection implemented through a constructor-backed service
|
||||||
|
- Local `justfile` validation now mirrors CI checks
|
||||||
|
|
||||||
**Validation Sequence:** The workflow now follows the documented 8-step validation sequence from copilot-instructions.md:
|
**Validation Sequence:** The workflow now follows the documented 8-step validation sequence from copilot-instructions.md:
|
||||||
|
|
||||||
1. Format validation
|
1. Format validation
|
||||||
2. Module hygiene
|
2. Module hygiene
|
||||||
3. Security analysis
|
3. Security analysis
|
||||||
@@ -364,10 +360,12 @@ go-test: # Only run tests
|
|||||||
6. Coverage analysis
|
6. Coverage analysis
|
||||||
|
|
||||||
**Effort Invested:**
|
**Effort Invested:**
|
||||||
- CI/CD improvements: ~30 lines of YAML
|
|
||||||
- Code organization: ~5 lines of comments
|
- CI/CD improvements: workflow hardening in `push-validation.yml` and `prepare-release.yml`
|
||||||
- **Total: commit 7cb7b05**
|
- Code organization: injected service boundaries for filesystem, environment, and git access
|
||||||
|
- Local automation: `justfile` validation parity for format, modules, tests, and security
|
||||||
|
- **Primary commits:** 7cb7b05, 383aad4, 5c903c9
|
||||||
|
|
||||||
**Next Steps (Optional):**
|
**Next Steps (Optional):**
|
||||||
- Implement justfile validation tasks for local pre-commit checks
|
|
||||||
- Consider enabling changelog gate in PR workflows for future enhancement
|
- Consider enabling changelog gate in PR workflows for future enhancement
|
||||||
|
|||||||
Reference in New Issue
Block a user