Skip to content

add repo protection and metadata configuration#5

Merged
TGPSKI merged 4 commits intomainfrom
add-repo-protection-metadata
Apr 10, 2026
Merged

add repo protection and metadata configuration#5
TGPSKI merged 4 commits intomainfrom
add-repo-protection-metadata

Conversation

@TGPSKI
Copy link
Copy Markdown
Owner

@TGPSKI TGPSKI commented Apr 10, 2026
edited
Loading

Summary

Add the full suite of repository governance, licensing, and CI protection files inspired by the skeptic repo:

  • LICENSE: GPLv3 full text (replacing the Apache 2.0 reference in README)
  • CODEOWNERS: root and .github/ copies assigning @TGPSKI as default reviewer
  • OWNERS: structured maintainer metadata (name, GitHub handle, role)
  • CONTRIBUTING.md: contribution guidelines covering workflow file conventions, quality gates, and Agent Skills specification compliance requirements
  • CI workflow (.github/workflows/ci.yml): validates SKILL.md entry points, references/ directories, phase file naming, internal link integrity, and Agent Skills spec frontmatter (required name and description fields with full constraint checking)
  • Auto-label workflow (.github/workflows/auto-label.yml): applies ok-to-test label for trusted PR authors derived from CODEOWNERS and OWNERS, gating CI on external PRs
  • Branch rulesets:
    • ruleset-main.json: required status checks (validate job), signed commits, non-fast-forward protection
    • ruleset-main-reviews.json: required PR reviews with code owner approval and thread resolution
    • ruleset-fork-only.json: restricts branch creation/update on non-main branches to repo admins
  • README.md: updated license section from Apache 2.0 to GPLv3

Agent Skills spec enforcement

The CI workflow validates every SKILL.md against the Agent Skills specification (SHA-pinned at 1eeb1aab):

  • YAML frontmatter must be present (opening/closing --- delimiters)
  • name: required, 1-64 chars, lowercase alphanumeric + hyphens, no consecutive hyphens, must match parent directory
  • description: required, 1-1024 chars

Test plan

  • Verify CI workflow passes on this PR (SKILL.md entry points, references/ dirs, phase naming, frontmatter validation)
  • Verify auto-label workflow triggers on PR open
  • Confirm LICENSE file contains full GPLv3 text
  • Confirm CODEOWNERS triggers review request to @TGPSKI
  • Apply rulesets to repo settings via GitHub UI or API after merge

Tyler Pate added 2 commits April 10, 2026 10:54
add repo protection and metadata configuration
d1004ce 
Add the full suite of repository governance files inspired by skeptic:

- LICENSE: GPLv3 (replacing Apache 2.0 reference in README)
- CODEOWNERS: root and .github/ copies assigning @TGPSKI
- OWNERS: structured maintainer metadata
- CONTRIBUTING.md: contribution guidelines, workflow conventions, quality gates
- .github/workflows/ci.yml: validates SKILL.md entry points, references/
  directories, phase file naming, and internal link integrity
- .github/workflows/auto-label.yml: applies ok-to-test label for trusted
  PR authors derived from CODEOWNERS and OWNERS
- .github/ruleset-main.json: required status checks, signed commits,
  non-fast-forward protection on main
- .github/ruleset-main-reviews.json: required PR reviews with code owner
  approval and thread resolution on main
- .github/ruleset-fork-only.json: restricts branch creation/update on
  non-main branches to repo admins

Made-with: Cursor
require Agent Skills spec compliance in CONTRIBUTING.md and CI
2c8400c 
Pin the Agent Skills specification at agentskills/agentskills@1eeb1aab
and enforce it in two places:

- CONTRIBUTING.md: add Agent Skills Specification section with required
  and optional frontmatter fields, SHA-pinned link to the spec, and
  add spec conformance as quality gate item #3
- CI workflow: add frontmatter validation step that checks every
  SKILL.md for YAML frontmatter with required name (lowercase
  alphanumeric + hyphens, 1-64 chars, no consecutive hyphens, matches
  parent directory) and description (1-1024 chars) fields per the spec

Made-with: Cursor
@TGPSKI
enforce squash-and-merge only on main
30bedcb 
Add merge_queue rule with merge_method: squash to the main branch
ruleset, ensuring all PRs targeting main use squash merges for a
clean linear history.

Made-with: Cursor
@TGPSKI TGPSKI force-pushed the add-repo-protection-metadata branch from 512abf3 to 30bedcb Compare April 10, 2026 18:06
@TGPSKI
fix ruleset-main.json to match applied configuration
c519190 
Remove merge_queue and required_signatures rules that are not valid
ruleset rule types in the GitHub API. Squash-merge-only is enforced
via repo settings (allow_squash_merge=true, others disabled). Commit
signing can be re-enabled once GPG/SSH signing is configured.

Add admin bypass (RepositoryRole 5) so repo admins can merge.

Made-with: Cursor
@TGPSKI TGPSKI merged commit 379dfd7 into main Apr 10, 2026
1 check passed
@TGPSKI TGPSKI deleted the add-repo-protection-metadata branch April 10, 2026 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TGPSKI