ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-03-08 04:56:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f995f89a21ae2dec451d48e66eeb6701243bfaa7
actions/CLAUDE.md
Ismo Vuorinen f995f89a21 chore(claude): add hooks, skills, and agents for Claude Code (#496) 
* chore(claude): add hooks, skills, and agents for Claude Code

Add auto-formatting hooks (ruff, shfmt, prettier, actionlint),
rules.yml edit blocker, 5 skills (/release, /test-action,
/new-action, /validate, /check-pins), and 2 subagents
(action-validator, test-coverage-reviewer). Update CLAUDE.md
with hook documentation.

* fix(claude): add tool availability guards and fix skill docs

Add jq availability checks to hook scripts (block-rules-yml.sh,
post-edit-write.sh) and wrap actionlint call in command -v guard,
consistent with project rules #2 and #10. Fix validate skill to
reflect actual make all pipeline order and note that make test
runs separately.

* fix(claude): correct skill docs per PR review feedback

Fix validate skill description to say "precommit" instead of "test",
and fix check-pins SHA guidance to use origin/main instead of HEAD.

* feat(tools): add SHA-pinning enforcement to check-version-refs

The check-version-refs script previously only displayed existing
SHA-pinned refs but silently skipped non-SHA references. Add a
validation pass that detects and reports any ivuorinen/actions/*
references not using a 40-char hex SHA, exiting 1 on violations.

* fix(tools): fix temp file leak in check-version-refs.sh

Write find output directly to $violations_file instead of
$violations_file.all so the EXIT trap covers cleanup on all
exit paths, not just the happy path.
2026-03-08 04:22:02 +02:00

7.3 KiB
Raw Blame History

CLAUDE.md - GitHub Actions Monorepo

Mantra: Zero defects. Zero exceptions. All rules mandatory and non-negotiable.

Standards

Production Ready Criteria

  • All tests pass + all linting passes + all validation passes + zero warnings

Core Rules

  • Follow conventions, fix all issues, never compromise standards, test thoroughly
  • Prioritize quality over speed, write maintainable/DRY code
  • Document changes, communicate factually, review carefully
  • Update existing memory files rather than create new ones
  • Ask when unsure

Communication

  • Direct, factual, concise only
  • Prohibited: hype, buzzwords, jargon, clichés, assumptions, predictions, comparisons, superlatives
  • Never declare "production ready" until all checks pass

Folders

  • .serena/ Internal config (do not edit)
  • .claude/hooks/ Claude Code hook scripts (auto-format, lint, block rules.yml edits)
  • .claude/skills/ Claude Code skills (/release, /test-action, /new-action, /validate, /check-pins)
  • .claude/agents/ Claude Code subagents (action-validator, test-coverage-reviewer)
  • .github/ Workflows/templates
  • _tests/ ShellSpec tests
  • _tools/ Helper tools
  • validate-inputs/ Python validation system + tests
  • */rules.yml Auto-generated validation rules

Claude Code Hooks

Auto-formatting: PostToolUse hooks auto-format files on Edit/Write (ruff for .py, shfmt for .sh, prettier for .yml/.yaml/.json/.md, actionlint for action.yml) Blocked edits: PreToolUse hook blocks direct edits to rules.yml (auto-generated, use make update-validators) Hook schema: matcher is a regex string matching tool names (e.g. "Edit|Write"), not an object. File filtering done in hook scripts via stdin JSON (jq -r '.tool_input.file_path') Reference: $CLAUDE_PROJECT_DIR for project-relative paths in hook commands

Memory System

Location: .serena/memories/ (9 consolidated memories for context)

When to Use: Read memories at session start or when needed for specific context. Be token-efficient - read only relevant memories for the task.

Core Memories (read first for project understanding):

  • repository_overview 30 actions, categories, structure, status
  • validator_system Validation architecture, components, usage patterns
  • development_standards Quality rules, workflows, security, completion checklist

Reference Guides (read when working on specific areas):

  • code_style_conventions EditorConfig, Shell/Python/YAML style, 10 critical prevention rules
  • suggested_commands Make targets, testing commands, tool usage
  • tech_stack Python/Node.js/Shell tools, paths, versions

GitHub Actions Reference (read when working with workflows):

  • github-workflow-expressions Expression syntax, contexts, operators, common patterns
  • github-workflow-commands Workflow commands (outputs, env, logging, masking)
  • github-workflow-secure-use Security best practices, secrets, injection prevention

Memory Maintenance: Update existing memories rather than create new ones. Keep content token-efficient and factual.

Documentation Locations

Validation System: validate-inputs/docs/ (4 guides: API.md, DEVELOPER_GUIDE.md, ACTION_MAINTAINER.md, README_ARCHITECTURE.md)

Testing: _tests/README.md (ShellSpec framework, test patterns, running tests)

Docker Tools: _tools/docker-testing-tools/README.md (CI setup, pre-built testing image)

See: documentation_guide memory for detailed descriptions and when to read each

Repository Structure

Flat structure. Each action self-contained with action.yml.

24 Actions: Setup (language-version-detect), Utilities (action-versioning, version-file-parser), Linting (ansible-lint-fix, biome-lint, csharp-lint-check, eslint-lint, go-lint, pr-lint, pre-commit, prettier-lint, python-lint-fix, terraform-lint-fix), Testing (php-tests), Build (csharp-build, go-build, docker-build), Publishing (npm-publish, docker-publish, csharp-publish), Repository (release-monthly, sync-labels, stale, compress-images, codeql-analysis), Validation (validate-inputs)

Commands

Main: make all (docs+format+lint+test), make dev (format+lint), make lint, make format, make docs, make test

Testing: make test-python, make test-python-coverage, make test-actions, make test-update-validators, make test-coverage

Validation: make update-validators, make update-validators-dry

Versioning:

  • make release [VERSION=vYYYY.MM.DD] - Create release (auto-generates version from date if omitted)
  • make update-version-refs MAJOR=vYYYY - Update action refs to version
  • make bump-major-version OLD=vYYYY NEW=vYYYY - Annual version bump
  • make check-version-refs - Verify current action references

Linters

Use make lint (not direct calls). Runs: markdownlint-cli2, prettier, markdown-table-formatter, yaml-lint, actionlint, shellcheck, ruff

Tests

ShellSpec (_tests/) + pytest (validate-inputs/tests/). Full coverage + independent + integration tests required.

Architecture - Critical Prevention (Zero Tolerance)

Violations cause runtime failures:

  1. Add id: when outputs referenced (steps.x.outputs.y requires id: x)
  2. Check tool availability: command -v jq >/dev/null 2>&1 (jq/bc/terraform not on all runners)
  3. Sanitize $GITHUB_OUTPUT: use printf '%s\n' "$val" not echo "$val"
  4. Pin external actions to SHA commits (not @main/@v1)
  5. Quote shell vars: "$var", basename -- "$path" (handles spaces)
  6. Use SHA-pinned refs for internal actions: ivuorinen/actions/action-name@<SHA> (security, not ./ or @main)
  7. Test regex edge cases (support 1.0.0-rc.1, 1.0.0+build)
  8. Use set -eu (POSIX) in shell scripts (all scripts are POSIX sh, not bash)
  9. Never nest ${{ }} in quoted YAML strings (breaks hashFiles)
  10. Provide tool fallbacks (macOS/Windows lack Linux tools)

Core Requirements

  • All actions SHA-pinned (external + internal), use ${{ github.token }}, POSIX shell (set -eu)
  • EditorConfig: 2-space indent, UTF-8, LF, max 200 chars (120 for MD)
  • Auto-gen README via action-docs (note: npx action-docs --update-readme doesn't work)
  • Required error handling, POSIX-compliant scripts

Action References

Internal actions (in action.yml): SHA-pinned full references

  • ivuorinen/actions/action-name@7061aafd35a2f21b57653e34f2b634b2a19334a9
  • ./action-name (security risk, not portable when used externally)
  • owner/repo/action@main (floating reference)

Test workflows: Local references

  • ./action-name (tests run within repo)
  • ../action-name (ambiguous paths)

External users: Version tags

  • ivuorinen/actions/action-name@v2025 (CalVer major version)

Check: make check-version-refs

Validation System

Location: validate-inputs/ (YAML rules.yml per action, Python generator)

Conventions: token→GitHub token, *-version→SemVer/CalVer, email→format, dockerfile→path, dry-run→bool, architectures→Docker, *-retries→range

Version Types: semantic_version, calver_version, flexible_version, dotnet_version, terraform_version, node_version

CalVer Support: YYYY.MM.PATCH, YYYY.MM.DD, YYYY.0M.0D, YY.MM.MICRO, YYYY.MM, YYYY-MM-DD

Maintenance: make update-validators, git diff validate-inputs/rules/

All actions modular and externally usable. No exceptions to any rule.