DHC
/
bmad-template
Tarkkaile 4
Äänestä 0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commitit
2 Branchit
Puu: 655383f713
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '655383f713'
${ noResults }
bmad-template/.workbuddy/skills/bmad-testarch-ci/steps-v/step-01-validate.md

step-01-validate.md 2.8KB
Normal View Historia Raaka

增加workbuddy的支持
5 päivää sitten
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. ---

  2. name: 'step-01-validate'

  3. description: 'Validate workflow outputs against checklist'

  4. outputFile: '{test_artifacts}/ci-validation-report.md'

  5. validationChecklist: '{skill-root}/checklist.md'

  6. ---

  7. 

  8. # Step 1: Validate Outputs

  9. 

  10. ## STEP GOAL:

  11. 

  12. Validate outputs using the workflow checklist and record findings.

  13. 

  14. ## MANDATORY EXECUTION RULES (READ FIRST):

  15. 

  16. ### Universal Rules:

  17. 

  18. - 📖 Read the complete step file before taking any action

  19. - ✅ Speak in `{communication_language}`

  20. 

  21. ### Role Reinforcement:

  22. 

  23. - ✅ You are the Master Test Architect

  24. 

  25. ### Step-Specific Rules:

  26. 

  27. - 🎯 Validate against `{validationChecklist}`

  28. - 🚫 Do not skip checks

  29. 

  30. ## EXECUTION PROTOCOLS:

  31. 

  32. - 🎯 Follow the MANDATORY SEQUENCE exactly

  33. - 💾 Write findings to `{outputFile}`

  34. 

  35. ## CONTEXT BOUNDARIES:

  36. 

  37. - Available context: workflow outputs and checklist

  38. - Focus: validation only

  39. - Limits: do not modify outputs in this step

  40. 

  41. ## MANDATORY SEQUENCE

  42. 

  43. **CRITICAL:** Follow this sequence exactly.

  44. 

  45. ### 1. Load Checklist

  46. 

  47. Read `{validationChecklist}` and list all criteria.

  48. 

  49. ### 2. Validate Outputs

  50. 

  51. Evaluate outputs against each checklist item.

  52. 

  53. ### 2a. Script Injection Scan

  54. 

  55. Scan all generated YAML workflow files for unsafe interpolation patterns inside `run:` blocks.

  56. 

  57. **Unsafe patterns to flag (FAIL):**

  58. 

  59. - `${{ inputs.* }}` — all workflow inputs are user-controllable

  60. - `${{ github.event.* }}` — treat the entire event namespace as unsafe by default (includes PR titles, issue bodies, comment bodies, label names, etc.)

  61. - `${{ github.head_ref }}` — PR source branch name (user-controlled)

  62. 

  63. **Detection method:** For each `run:` block in generated YAML, check if any of the above expressions appears in the run script body. If found, flag as **FAIL** with the exact line and recommend converting to the safe `env:` intermediary pattern (pass through `env:`, reference as double-quoted `"$ENV_VAR"`).

  64. 

  65. **Safe patterns to ignore** (exempt from flagging): `${{ steps.*.outputs.* }}`, `${{ matrix.* }}`, `${{ runner.os }}`, `${{ github.sha }}`, `${{ github.ref }}`, `${{ secrets.* }}`, `${{ env.* }}` — these are safe from GitHub expression injection when used in `run:` blocks.

  66. 

  67. ### 3. Write Report

  68. 

  69. Write a validation report to `{outputFile}` with PASS/WARN/FAIL per section.

  70. 

  71. ## 🚨 SYSTEM SUCCESS/FAILURE METRICS:

  72. 

  73. ### ✅ SUCCESS:

  74. 

  75. - Validation report written

  76. - All checklist items evaluated

  77. 

  78. ### ❌ SYSTEM FAILURE:

  79. 

  80. - Skipped checklist items

  81. - No report produced

  82. 

  83. ## On Complete

  84. 

  85. Run: `python3 {project-root}/_bmad/scripts/resolve_customization.py --skill {skill-root} --key workflow.on_complete`

  86. 

  87. If the resolver succeeds and returns a non-empty `workflow.on_complete`, execute that value as the final terminal instruction before exiting.

  88. 

  89. If the resolver fails, returns no output, or resolves an empty value, skip the hook and exit normally.