fix(release): SHA256 step path — upload-artifact strips release/ pr…
#171
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: claim-evidence-audit | |
| # Phase 5.6 M-E S2 — CI conformance check. | |
| # Parses CLAUDE.md structured claims (IPC channels + bus events) and | |
| # verifies each has on-disk evidence under the expected location. Known | |
| # gaps are cross-referenced to the M-A conformance audit via | |
| # scripts/check-claim-evidence.allowlist.json — that file shrinks as M-C | |
| # and M-D restoration commits land. M-G ships with the allowlist deleted | |
| # (job switches to --strict mode). | |
| # | |
| # Plan: docs/plans/2026-04-17-team-x-phase-5.6-remediation.md §7 S2. | |
| # Engine: scripts/check-claim-evidence.mjs. | |
| # Tests: apps/desktop/src/check-claim-evidence.test.ts. | |
| # Runtime budget: <30s per plan §7 S3 acceptance. | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| audit: | |
| name: Claim-evidence audit | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout (full history for git grep coverage) | |
| uses: actions/checkout@v4 | |
| with: | |
| # Full history not strictly required — git grep operates on the | |
| # working tree — but shallow checkout (depth=1) sometimes drops | |
| # files needed by future engine extensions (e.g. blame-based | |
| # claim attribution). Keep the full clone to leave headroom. | |
| fetch-depth: 0 | |
| # pnpm version is read from root package.json `packageManager` | |
| # field (single source of truth). Pinned to pnpm@9.15.9. | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run claim-evidence audit (allowlist applied) | |
| run: pnpm audit:claims | |
| - name: Re-run in JSON mode for CI summary | |
| if: always() | |
| run: pnpm audit:claims:json > audit-claims.json | |
| continue-on-error: true | |
| - name: Upload JSON audit artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: claim-evidence-audit | |
| path: audit-claims.json | |
| retention-days: 30 | |
| if-no-files-found: ignore |