ci(verify): automate downstream consumer verification fan-out (network_system, pacs_system)#702
Open
kcenon wants to merge 1 commit into
Open
ci(verify): automate downstream consumer verification fan-out (network_system, pacs_system)#702kcenon wants to merge 1 commit into
kcenon wants to merge 1 commit into
Conversation
Add .github/workflows/downstream-verification.yml: a workflow_dispatch fan-out that triggers the network_system and pacs_system sanitizer and integration-tests workflows from a single invocation, replacing the per-repo 'gh workflow run' commands documented in VERIFICATION_GATES.md. The matrix covers both consumers x both gates; each dispatch and its result-runs link are recorded in the job summary. Cross-repo dispatch uses the DOWNSTREAM_DISPATCH_TOKEN secret (the default GITHUB_TOKEN cannot dispatch into other repositories); a missing secret fails the job with actionable guidance. Update docs/contributing/VERIFICATION_GATES.md: document the automated fan-out as the preferred path (manual commands kept as fallback) and mark the 'automated downstream verification' follow-up gap as closed. Reference the automated downstream gate in the PRODUCTION_QUALITY.md production readiness checklist. Closes #695
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #695
Summary
Adds
.github/workflows/downstream-verification.yml— aworkflow_dispatchfan-out that triggers thenetwork_systemandpacs_systemsanitizer and integration-tests gates from a single invocation, replacing the four per-repogh workflow runcommands documented inVERIFICATION_GATES.md.{network_system, pacs_system} × {sanitizers.yml, integration-tests.yml}(all four target workflows already exposeworkflow_dispatch).DOWNSTREAM_DISPATCH_TOKENsecret — the defaultGITHUB_TOKENcannot dispatch workflows in other repositories. A missing secret fails the job with actionable guidance.Acceptance criteria
workflow_dispatchfans out to all four gates.VERIFICATION_GATES.mdreflects the automated path — the Downstream Consumer Verification section documents the fan-out as preferred (manual commands kept as fallback), and the Missing Gates / Follow-up gap is marked closed.PRODUCTION_QUALITY.mdproduction readiness checklist.Test Plan
workflow_dispatchtrigger + 2×2 matrix present).DOWNSTREAM_DISPATCH_TOKENsecret to be configured by a maintainer; the workflow self-reports a clear error if it is absent.Setup note
To enable the fan-out, add a repository (or org) secret
DOWNSTREAM_DISPATCH_TOKENcontaining a PAT able to dispatch workflows inkcenon/network_systemandkcenon/pacs_system(classic:repo+workflow; fine-grained:actions: write).