ci: budget-friendly defaults + templates for gitguardex-managed projects#571
Merged
NagyVikt merged 1 commit intoMay 13, 2026
Merged
Conversation
Agent flows land high-volume PRs per month. Without these trims every PR + every post-merge push fans out across CI, CodeQL, Scorecard, and Code Review — which has dominated this month's Actions bill and blocked merges on multiple downstream repos when the org spending limit tripped. Live workflows: - ci.yml: drop push:main + Node matrix from per-PR; add paths-ignore + concurrency + draft-skip + ready_for_review. - ci-full.yml (new): weekly cron + workflow_dispatch carrying the cross-version Node 18/22 matrix that no longer runs per-PR. - codeql.yml: schedule + workflow_dispatch only (drops push/PR). - cr.yml: skip on draft AND on agent/* head branches; add concurrency. - scorecard.yml: drop push:main (keep schedule + branch_protection_rule + workflow_dispatch). Templates under templates/github/workflows/: - ci.yml, ci-full.yml, cr.yml mirror the live posture so downstream gitguardex-managed projects inherit it. - README.md documents the four trims, when to keep them, and when to relax them. OpenSpec change agent-claude-budget-friendly-ci-templates-2026-05-14-00-52 records the contract. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
NagyVikt
deleted the
agent/claude/budget-friendly-ci-templates-2026-05-14-00-52
branch
This was referenced May 13, 2026
NagyVikt
added a commit
that referenced
this pull request
May 13, 2026
Adds escape hatches for the budget-friendly defaults. Both apply identically in the live workflows AND the templates ship to downstream projects. - cr.yml: agent/* PRs still skip AI review by default, but the `needs-review` label overrides the skip for that one PR. - ci-full.yml: weekly schedule + workflow_dispatch unchanged, plus per-PR opt-in via the `needs-ci-full` label. Both workflows add `labeled` to their pull_request.types so applying the label fires the run immediately — no re-push required. README documents the labels and points at `gh label create` for setup. Pre-existing test/metadata.test.js failures (4) are stale assertions from PR #571 and remain out of scope here. Co-authored-by: NagyVikt <[email protected]> Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
This was referenced May 13, 2026
NagyVikt
added a commit
that referenced
this pull request
May 14, 2026
…trims (#576) The four metadata.test.js failures predated this PR — three are stale assertions that drifted out of sync with intentional repo changes, one is a legitimately missing release-notes entry for v7.0.43. - Add `### v7.0.43` release-notes section covering the budget-friendly CI templates, gx ci-init, gx budget, label-based opt-in, and the pre-flight gate in gx branch finish. - Loosen the cosign-installer assertion from `# v4.1.1` to `# v4.1.\d+` so a patch bump (already present at v4.1.2) doesn't break the gate; major/minor bumps still do. - Split the "About copy + problem-solution visuals" test into two: - keep enforcing the problem/solution image links in README - retire the README->about_description.txt link assertion that PR #564 obsoleted; package.json description must still match about_description.txt - Split the "CI and CodeQL workflows run on PRs" test into two: - keep the CI-on-PR check (still required) - replace the CodeQL-on-PR check with a schedule + workflow_dispatch + "no pull_request trigger" check matching the post-PR-#571 reality Verification: `node --test test/metadata.test.js` now reports 27/27 passing (was 21/25 before this PR). Co-authored-by: NagyVikt <[email protected]> Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Coordinated budget posture across the gitguardex repo's own workflows + seed
templates/github/workflows/so every downstream gitguardex-managed project inherits the same defaults.Live workflows:
ci.yml— droppush: main+ Node matrix from per-PR; addpaths-ignorefor docs/openspec/changeset paths; addconcurrency: cancel-in-progress; gatetestjob onpull_request.draft == false; addready_for_reviewto trigger.ci-full.yml(new) — weekly schedule +workflow_dispatchruns the cross-version Node 18/22 matrix that no longer runs per-PR.codeql.yml— droppushandpull_requesttriggers; keep weekly schedule +branch_protection_rule+workflow_dispatch; add concurrency.cr.yml— skip on draft AND onagent/*head branches (the largest single CR-bill cut for agent-heavy repos); add concurrency; addready_for_reviewtrigger.scorecard.yml— droppush: main; keep weekly schedule +branch_protection_rule+workflow_dispatch.Templates seeded under
templates/github/workflows/:ci.yml,ci-full.yml,cr.ymlmirror the same posture with placeholder steps.README.mddocuments the four trims, when to keep them, and when to relax.OpenSpec change:
agent-claude-budget-friendly-ci-templates-2026-05-14-00-52records the contract.Test plan
npm testgreenbash scripts/check-script-symlinks.shgreenjs-yamlopenspec validate agent-claude-budget-friendly-ci-templates-2026-05-14-00-52 --type change --strictvalidci.ymlrunsci-full.yml,codeql.yml,scorecard.ymlall fire on their schedules🤖 Generated with Claude Code