Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions MAINTAINERS.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
- 所有Cargo、PostgreSQL和Docker重计算只在GitHub Actions执行。
- 维护者和Agent可以直接非force推进`main`;失败commit保留并由后续commit修复。
- Pull Request是可选外部贡献入口,始终只读且不得获得package、Release或attestation写权限。
- `Verify`是`main`的required check。只有具备write权限的owner或Agent可以启用GitHub原生auto-merge;Dependabot PR经维护者确认后可以启用,外部贡献者PR必须由维护者人工决定且workflow不得自行合并。

## 依赖与兼容审查

Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@

## GitHub Actions

`.github/workflows/native-ci.yml`负责依赖解析、Rustfmt、Clippy、Cargo tests、C/Rust ABI、真实 PG18 OAuth、production module 和最终 image 验证。根 `Dockerfile` 只构建 production image,不承载测试或扫描器。
`.github/workflows/ci.yml`是 PR、`main` push 与 release 调用复用的验证入口,负责依赖解析、Rustfmt、Clippy、Cargo tests、C/Rust ABI、真实 PG18 OAuth、production module 和最终 image。PR 与`main`只读运行且不上传release材料;只有SemVer tag workflow调用时才短暂传递同一run已验证的OCI archive。根`Dockerfile`只构建production image,不承载测试或扫描器。

维护者和 Agent 可以把范围明确的 commit 直接非 force 推送到 `main`。失败 commit 保留并通过后续 commit 修复;失败 run 不得发布 candidate 或 stable。

Expand All @@ -33,7 +33,7 @@
查询远端结果:

```bash
gh run list --repo codeh007/mtmpg --workflow native-ci.yml --branch main --limit 5
gh run list --repo codeh007/mtmpg --workflow ci.yml --branch main --limit 5
gh run view <run-id> --repo codeh007/mtmpg --log-failed
```

Expand Down
2 changes: 1 addition & 1 deletion openspec/changes/extract-and-standardize-pggomtm/tasks.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
- [x] 6.2 合并重复矩阵与support入口,保留单一Rust领域权威、单一真实PG18 backend harness和最小final-image allow/deny smoke
- [x] 6.3 用支持`pull_request`、`main` push与`workflow_call`的可复用只读`ci.yml`替代复杂`native-ci.yml`,移除candidate、ORAS evidence和跨仓consumer逻辑
- [x] 6.4 让可复用CI在release调用时上传同一run已验证OCI archive、Cargo.lock、resolved inputs与manifest输入,并证明后续publish无需重新运行Cargo或Docker build
- [ ] 6.5 配置required CI与GitHub原生auto-merge,只允许owner、Agent或批准的Dependabot PR自动合并,外部PR保持人工批准且维护者/Agent可直接非force推进`main`
- [x] 6.5 配置required CI与GitHub原生auto-merge,只允许owner、Agent或批准的Dependabot PR自动合并,外部PR保持人工批准且维护者/Agent可直接非force推进`main`
- [ ] 6.6 取得PR与`main`的精确远端成功run,证明两者没有packages、Release、attestation或跨仓写权限,并更新README/维护文档的CI入口

## 7. 首个标准SemVer prerelease
Expand Down