Skip to content

Comments

ci: KEEP-1500 add maintainability workflow for repo health checks#413

Open
suisuss wants to merge 4 commits intostagingfrom
feat/maintainability-workflow
Open

ci: KEEP-1500 add maintainability workflow for repo health checks#413
suisuss wants to merge 4 commits intostagingfrom
feat/maintainability-workflow

Conversation

@suisuss
Copy link

@suisuss suisuss commented Feb 24, 2026
edited
Loading

Summary

  • Adds a new maintainability.yml workflow that runs 10 parallel repo health checks on PRs to staging
  • Checks cover: compose validation, makefile dry-run, fork marker integrity, shellcheck, actionlint, hadolint, dockerfile COPY validation, env sync, cross-compose consistency, and plugin discovery integrity
  • Env sync and cross-compose consistency are warn-only; the rest are blocking
  • Uses dorny/paths-filter@v3 to skip jobs when their relevant files are untouched in the PR

Path filtering

Jobs are gated on a lightweight changes detection job that uses the GitHub API (no checkout) to determine which files were modified. Only jobs whose relevant files changed will run:

Job Runs when these paths change
compose-validation, compose-consistency docker-compose*.yml
makefile-dry-run Makefile
shellcheck **/*.sh
actionlint .github/workflows/**
hadolint **/Dockerfile*, .hadolint.yaml
plugin-integrity keeperhub/plugins/**, plugins/**

Three jobs always run because they have reverse dependencies -- the files they validate can break without being directly modified:

Job Why it always runs
fork-markers Any source file edit could introduce unbalanced markers or unmarked keeperhub imports
dockerfile-sources A deleted or renamed file could break a Dockerfile COPY without the Dockerfile itself changing
env-sync Any source file could add or remove process.env.* references

Test plan

  • Open PR to staging and verify all 10 jobs run in parallel
  • Confirm env-sync and compose-consistency produce warnings (not failures) given current repo state
  • Confirm fork-markers job warns on unmarked files but only fails on imbalanced markers

@suisuss
ci: add maintainability workflow for repo health checks
faebb48 
Runs 10 parallel checks on PRs to staging: compose validation,
makefile dry-run, fork marker integrity, shellcheck, actionlint,
hadolint, dockerfile COPY validation, env sync, cross-compose
consistency, and plugin discovery integrity.
@suisuss suisuss force-pushed the feat/maintainability-workflow branch from 5093c5d to faebb48 Compare February 24, 2026 01:00
@suisuss
fix: resolve maintainability workflow failures
2d2aa95 
- Fix hadolint Docker invocation in workflow (pass args correctly)
- Fix shellcheck warnings: separate declare/assign in deploy scripts,
  quote command substitutions, remove unused MIN_CPU_CORES variable
- Normalize fork marker end syntax from 'end custom keeperhub code'
  to 'end keeperhub code' across 14 files, add missing start marker
  in edit-connection-overlay, remove orphan end marker in action-config
@techops-services techops-services deleted a comment from github-actions bot Feb 24, 2026
@suisuss
fix: resolve hadolint warnings in Dockerfiles
76e2d2a 
- Pin npm global installs: pnpm@9, tsx@4
- Add SHELL pipefail before piped RUN instruction (DL4006)
- Fix read without -r flag (SC2162)
- Add .hadolint.yaml to suppress DL3018 (Alpine package pinning
  is tied to base image tag, not independently meaningful)
- Mount hadolint config in CI workflow
@techops-services techops-services deleted a comment from github-actions bot Feb 24, 2026
@suisuss suisuss changed the title ci: add maintainability workflow for repo health checks ci: KEEP-1500 add maintainability workflow for repo health checks Feb 24, 2026
@suisuss suisuss requested review from a team, OleksandrUA, eskp, joelorzet and taitsengstock and removed request for a team February 24, 2026 01:48
@suisuss
ci: gate maintainability jobs on relevant file changes
45cf48a 
Use dorny/paths-filter to skip jobs when their relevant files
are untouched. Jobs with reverse dependencies (fork-markers,
dockerfile-sources, env-sync) always run.
@techops-services techops-services deleted a comment from github-actions bot Feb 24, 2026
@techops-services techops-services deleted a comment from github-actions bot Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eskp eskp Awaiting requested review from eskp eskp was automatically assigned from techops-services/keeperhub

@OleksandrUA OleksandrUA Awaiting requested review from OleksandrUA OleksandrUA was automatically assigned from techops-services/keeperhub

@taitsengstock taitsengstock Awaiting requested review from taitsengstock taitsengstock was automatically assigned from techops-services/keeperhub

@joelorzet joelorzet Awaiting requested review from joelorzet joelorzet was automatically assigned from techops-services/keeperhub

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@suisuss