Skip to content

Fleet coverage + secret-scan backfill: prerequisite for requiring them in code-quality (#575 follow-up) #581

Description

@don-petry

Goal

Make coverage and Secret scan (gitleaks) fleet-wide required checks in standards/rulesets/code-quality.json — safely, without bricking any repo.

Why it's blocked today

Adding a required context to code-quality.json makes it a merge gate on every repo the ruleset targets. A repo that does not produce that check is permanently blocked. The template ci.yml now ships both jobs (#578) so new repos produce them, but existing fleet repos do not yet have a coverage job — so #575/#579 scoped the stricter set to template/new repos only.

What is needed (the backfill)

  1. Add the jobs to every existing repo's ci.yml — the secret-scan job (+ seed .gitleaks.toml) and the green-until-tests coverage job, matching the template (feat(ci-template): add secret-scan + coverage jobs to template ci.yml (#575) #578, feat(seed): seed .gitleaks.toml into repo template from standards/gitleaks.toml (#575) .github-private#1014). Deploy via the cross-repo sync (deploy-standard-workflows.sh / aw-standards-sync.sh), one PR per repo.
  2. Verify each repo's PRs now report a coverage and Secret scan (gitleaks) status (green — no tests yet is fine).
  3. Then add {"context":"coverage"} and {"context":"Secret scan (gitleaks)"} to standards/rulesets/code-quality.json and re-apply fleet-wide (apply-rulesets.sh).

Order matters: jobs first (produce the checks), ruleset contexts last. Until step 3, the stricter set stays scoped to template/new repos.

Scope note

This is the fleet sweep #575 explicitly deferred ("the fleet-wide coverage backfill itself ... its own migration").

Refs: #575, #578, #579, petry-projects/.github-private#1014, epic #964.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions