mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 18:31:37 +00:00
shankar0123
86d92efd2b
Bundle: ci-pipeline-cleanup, Phase 2 / frozen decision 0.3. Move 9 hardcoded coverage thresholds from inline bash to a YAML manifest at .github/coverage-thresholds.yml. The load-bearing per-package context (Bundle reference, HEAD measurement, gap rationale) survives in the YAML's `why:` field instead of in inline bash comments. Adding a new gated package: one YAML entry instead of ~30 lines of bash + 50 lines of comment. Coverage check logic extracted to scripts/check-coverage-thresholds.sh so the operator can run the same check locally: bash scripts/check-coverage-thresholds.sh ci.yml dropped 557 → 417 lines (-140, total Phase 1+2: -1071, -72% from baseline 1488). Same 9 floors, same fail-on-miss semantics — pure relocation: internal/service: 70 (was: 70) internal/api/handler: 75 (was: 75) internal/domain: 40 (was: 40) internal/api/middleware: 30 (was: 30) internal/crypto: 88 (was: 88) internal/connector/issuer/local: 86 (was: 86) internal/connector/issuer/acme: 80 (was: 80) internal/connector/issuer/stepca: 80 (was: 80) internal/mcp: 85 (was: 85) Sandbox verification: - ci.yml YAML-parses cleanly - coverage-thresholds.yml YAML-parses cleanly with all 9 entries - scripts/check-coverage-thresholds.sh extracts the (pkg, floor) table correctly from the YAML
62 lines
1.9 KiB
Bash
Executable File
62 lines
1.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# scripts/check-coverage-thresholds.sh
|
|
#
|
|
# Enforces per-package coverage floors declared in
|
|
# .github/coverage-thresholds.yml against the live coverage.out.
|
|
#
|
|
# Per ci-pipeline-cleanup bundle Phase 2 / frozen decision 0.3.
|
|
# Adding a new gated package: one entry in the YAML — this script
|
|
# auto-picks it up. Lowering a floor REQUIRES corresponding code-side
|
|
# test work — never lower the gate to make CI green.
|
|
|
|
set -e
|
|
|
|
if [ ! -f coverage.out ]; then
|
|
echo "::error::coverage.out not found — run 'go test -cover -coverprofile=coverage.out' first"
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f .github/coverage-thresholds.yml ]; then
|
|
echo "::error::.github/coverage-thresholds.yml not found"
|
|
exit 1
|
|
fi
|
|
|
|
echo "=== Coverage Report ==="
|
|
go tool cover -func=coverage.out | tail -1
|
|
echo ""
|
|
|
|
# Extract the pkg → floor table from the YAML.
|
|
python3 - <<'PY' > /tmp/cov-thresholds.tsv
|
|
import yaml
|
|
d = yaml.safe_load(open('.github/coverage-thresholds.yml'))
|
|
for pkg, entry in d.items():
|
|
print(f"{pkg}\t{entry['floor']}")
|
|
PY
|
|
|
|
fail=0
|
|
while IFS=$'\t' read -r pkg floor; do
|
|
cov=$(go tool cover -func=coverage.out \
|
|
| grep "$pkg" \
|
|
| awk '{print $NF}' \
|
|
| sed 's/%//' \
|
|
| awk '{sum+=$1; n++} END {if(n>0) printf "%.1f", sum/n; else print "0"}')
|
|
printf "%-50s %5s%% (floor: %s%%)\n" "$pkg" "$cov" "$floor"
|
|
if [ "$(echo "$cov < $floor" | bc -l)" -eq 1 ]; then
|
|
# Pull the why: text out of the YAML for this package.
|
|
why=$(python3 -c "
|
|
import yaml, sys
|
|
d = yaml.safe_load(open('.github/coverage-thresholds.yml'))
|
|
print(d.get(sys.argv[1], {}).get('why', '').strip())
|
|
" "$pkg")
|
|
echo "::error::$pkg coverage $cov% is below floor $floor%"
|
|
echo "Why this floor exists:"
|
|
echo "$why" | sed 's/^/ /'
|
|
echo "Add tests; do not lower the gate."
|
|
fail=1
|
|
fi
|
|
done < /tmp/cov-thresholds.tsv
|
|
|
|
[ $fail -eq 0 ] || exit 1
|
|
echo ""
|
|
echo "All coverage thresholds passed."
|