From 406de99359a8de29bf297711c8ea163396eaf547 Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sun, 7 Jun 2026 14:52:38 +0200 Subject: [PATCH 1/6] docs(reference): document global --ci header suppression --- .github/workflows/ci.yml | 70 +------------------ .github/workflows/zenzic.yml | 28 ++++++++ docs/how-to/configure-ci-cd.mdx | 2 +- docs/reference/cli.mdx | 9 ++- .../current/how-to/configure-ci-cd.mdx | 2 +- .../current/reference/cli.mdx | 9 ++- 6 files changed, 46 insertions(+), 74 deletions(-) create mode 100644 .github/workflows/zenzic.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 85f0c3d..24a5c62 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,80 +59,14 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Determine Zenzic Core Branch (Parity or Fallback) - id: resolve-branch - shell: bash - run: | - TARGET_BRANCH="${{ github.head_ref || github.ref_name }}" - echo "Target branch is: $TARGET_BRANCH" - - if git ls-remote --exit-code --heads https://github.com/PythonWoods/zenzic.git "$TARGET_BRANCH" > /dev/null 2>&1; then - echo "Branch $TARGET_BRANCH exists in core. Using it." - echo "core_ref=$TARGET_BRANCH" >> $GITHUB_OUTPUT - else - echo "Branch $TARGET_BRANCH not found in core. Falling back to main." - echo "core_ref=main" >> $GITHUB_OUTPUT - fi - - - name: Checkout local zenzic (unreleased) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - repository: PythonWoods/zenzic - ref: ${{ steps.resolve-branch.outputs.core_ref }} - path: _zenzic_core - - - name: Setup Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - with: - python-version: '3.13' - - - name: Install local zenzic in editable mode - run: python -m pip install -e ./_zenzic_core - - - name: Install just - uses: taiki-e/install-action@ea85faa6acd705ad6d40586db99f1a70b09c2929 # just - - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: '24' cache: npm - - name: Install uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 - - name: Install dependencies run: npm ci - - name: Certify Zenzic public hooks contract - shell: bash - run: | - set -euo pipefail - hooks_file="_zenzic_core/.pre-commit-hooks.yaml" - test -f "$hooks_file" - - # Required public hook ids - grep -q "id: zenzic-verify" "$hooks_file" - grep -q "id: zenzic-guard" "$hooks_file" - grep -q "id: zenzic-score" "$hooks_file" - - # Required public contract entries - grep -q "entry: zenzic check all" "$hooks_file" - grep -q "entry: zenzic guard scan" "$hooks_file" - grep -q "entry: zenzic score" "$hooks_file" - - # Required extension coverage (Markdown + MDX) - grep -q "markdown" "$hooks_file" - grep -q "mdx" "$hooks_file" - - echo "Public hooks contract certified from _zenzic_core/.pre-commit-hooks.yaml" - - - name: Run unified verification - shell: bash - env: - PYTHONUTF8: '1' - # Runtime-only injection point for local isolation checks in CI. - ZENZIC_EXTRA_ARGS: ${{ secrets.ZENZIC_EXTRA_ARGS }} - # ZRT-010 — Sovereign Parity: Pre-Launch Guard lives in justfile. - # Local and CI run identical 'just check' invocations. - run: just verify + - name: Build Docusaurus + run: npm run build diff --git a/.github/workflows/zenzic.yml b/.github/workflows/zenzic.yml new file mode 100644 index 0000000..d9d9100 --- /dev/null +++ b/.github/workflows/zenzic.yml @@ -0,0 +1,28 @@ +name: zenzic-action-dogfood + +on: + pull_request: + branches: + - main + - 'release/**' + push: + branches: + - main + - 'release/**' + +permissions: + contents: read + security-events: write + +jobs: + quality-gate: + name: Run Zenzic Quality Gate + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run Zenzic Quality Gate + uses: PythonWoods/zenzic-action@v1 + with: + strict: 'true' + upload-sarif: 'true' diff --git a/docs/how-to/configure-ci-cd.mdx b/docs/how-to/configure-ci-cd.mdx index 273ce34..123e8f6 100644 --- a/docs/how-to/configure-ci-cd.mdx +++ b/docs/how-to/configure-ci-cd.mdx @@ -115,7 +115,7 @@ jobs: - uses: actions/checkout@v6 - name: Lint documentation - # --ci automatically applies --strict and --format github-annotations + # --ci automatically applies --strict, --no-header, and --format github-annotations # for inline PR feedback run: uvx zenzic check all --ci diff --git a/docs/reference/cli.mdx b/docs/reference/cli.mdx index b822220..513bb7b 100644 --- a/docs/reference/cli.mdx +++ b/docs/reference/cli.mdx @@ -32,7 +32,8 @@ zenzic check all --audit # Sovereign Audit: ignore inline + per-file zenzic check all --strict # Also validate external URLs; treat warnings as errors zenzic check all --format json # Machine-readable output zenzic check all --format github-annotations # GitHub Actions annotations format -zenzic check all --ci # CI shorthand: sets --strict and --format github-annotations +zenzic check all --ci # CI shorthand: sets --strict, --no-header, and --format github-annotations +zenzic check all --no-header # Suppress the ASCII art header zenzic check all --only Z104,Z101 # Filter findings to only output specific Z-Codes zenzic check all --exit-zero # Report issues but always exit 0 zenzic check all --quiet # Minimal one-line output for pre-commit and CI hooks @@ -117,7 +118,9 @@ You can also set `strict = true` in `.zenzic.toml` to make it the permanent defa ### `--ci` -`--ci` is a convenience shorthand designed specifically for GitHub Actions pipelines. It forces two behaviors simultaneously: +`--ci` is a convenience shorthand designed specifically for GitHub Actions pipelines, available on `check all`, `score`, and `diff`. It acts as an implicit non-interactive mode and suppresses the ASCII art header globally (`no_header = True`). + +For `check all`, it forces two additional behaviors simultaneously: 1. Sets `strict = true` (warnings promote to errors). 2. Sets `--format github-annotations` (if no other format is specified). @@ -767,11 +770,13 @@ zenzic score --save # Compute and persist snapshot to .zenzic-score.j zenzic score --stamp # Update audit+score markers in badge_stamp_files zenzic score --fail-under 80 # Exit 1 if score is below threshold zenzic score --format json # Machine-readable score report +zenzic score --ci # Run in CI mode (suppresses header) zenzic score [PATH] # Score a remote project (sovereign root) zenzic diff # Compare current score against saved snapshot zenzic diff --threshold 5 # Exit 1 only if score dropped by more than 5 points zenzic diff --format json # Machine-readable diff report +zenzic diff --ci # Run in CI mode (suppresses header) zenzic diff [PATH] # Diff a remote project against its saved baseline ``` diff --git a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx index 0a50b76..342198d 100644 --- a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx +++ b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx @@ -115,7 +115,7 @@ jobs: - uses: actions/checkout@v6 - name: Lint documentazione - # --ci applica automaticamente --strict e --format github-annotations + # --ci applica automaticamente --strict, --no-header, e --format github-annotations # per feedback inline sulle PR run: uvx zenzic check all --ci diff --git a/i18n/it/docusaurus-plugin-content-docs/current/reference/cli.mdx b/i18n/it/docusaurus-plugin-content-docs/current/reference/cli.mdx index 4db29aa..337c43b 100644 --- a/i18n/it/docusaurus-plugin-content-docs/current/reference/cli.mdx +++ b/i18n/it/docusaurus-plugin-content-docs/current/reference/cli.mdx @@ -30,7 +30,8 @@ zenzic check all --audit # Audit Sovrano: ignora soppressioni inline zenzic check all --strict # Valida anche gli URL esterni; tratta i warning come errori zenzic check all --format json # Output machine-readable zenzic check all --format github-annotations # Formato annotazioni GitHub Actions -zenzic check all --ci # Shorthand CI: imposta --strict e --format github-annotations +zenzic check all --ci # Shorthand CI: imposta --strict, --no-header, e --format github-annotations +zenzic check all --no-header # Sopprime l'header ASCII zenzic check all --only Z104,Z101 # Filtra i finding per produrre solo specifici codici Z zenzic check all --exit-zero # Segnala problemi ma esce sempre con codice 0 zenzic check all --quiet # Output minimale a riga singola per pre-commit e CI @@ -113,7 +114,9 @@ Puoi anche impostare `strict = true` in `.zenzic.toml` per renderlo il default p ### `--ci` -`--ci` è un comodo shorthand progettato specificamente per le pipeline GitHub Actions. Forza due comportamenti simultaneamente: +`--ci` è un comodo shorthand progettato specificamente per le pipeline GitHub Actions, disponibile su `check all`, `score` e `diff`. Agisce da modalità non interattiva implicita e sopprime globalmente l'header ASCII (`no_header = True`). + +Per il comando `check all`, forza due comportamenti aggiuntivi simultaneamente: 1. Imposta `strict = true` (promuove i warning ad errori bloccanti). 2. Imposta `--format github-annotations` (se non è specificato alcun altro formato). @@ -771,11 +774,13 @@ zenzic score --save # Calcola e persiste snapshot in .zenzic-score.js zenzic score --stamp # Aggiorna marker audit+score in badge_stamp_files zenzic score --fail-under 80 # Esce con 1 se il punteggio è sotto la soglia zenzic score --format json # Report punteggio machine-readable +zenzic score --ci # Esegue in modalità CI (sopprime l'header) zenzic score [PATH] # Punteggio di un progetto remoto (sovereign root) zenzic diff # Confronta punteggio attuale con snapshot salvato zenzic diff --threshold 5 # Esce con 1 solo se il calo è superiore a 5 punti zenzic diff --format json # Report diff machine-readable +zenzic diff --ci # Esegue in modalità CI (sopprime l'header) zenzic diff [PATH] # Diff di un progetto remoto rispetto al suo baseline salvato ``` From 2867b1b1832faf0bfd1bd02bb0041c0f9524ca3f Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sun, 7 Jun 2026 14:52:38 +0200 Subject: [PATCH 2/6] ci: dogfooding setup with zenzic-action and documentation update --- .github/workflows/zenzic.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/zenzic.yml b/.github/workflows/zenzic.yml index d9d9100..dcfc433 100644 --- a/.github/workflows/zenzic.yml +++ b/.github/workflows/zenzic.yml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2026 PythonWoods +# SPDX-License-Identifier: Apache-2.0 + name: zenzic-action-dogfood on: From b1d1901c779d918d6ce2063b18d1400656b1bd53 Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sun, 7 Jun 2026 15:00:18 +0200 Subject: [PATCH 3/6] release: bump version to 0.10.1 --- .bumpversion.toml | 2 +- README.it.md | 2 +- README.md | 2 +- RELEASE.md | 8 ++++---- docs/how-to/configure-ci-cd.mdx | 14 +++++++------- docusaurus.config.ts | 4 ++-- i18n/en/code.json | 2 +- i18n/it/code.json | 2 +- .../it/docusaurus-plugin-content-docs/current.json | 2 +- .../current/how-to/configure-ci-cd.mdx | 14 +++++++------- package-lock.json | 4 ++-- package.json | 2 +- src/components/Homepage/Features.tsx | 2 +- src/components/Homepage/Hero.tsx | 2 +- static/assets/brand/zenzic-brand-system.html | 4 ++-- 15 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.bumpversion.toml b/.bumpversion.toml index df7171e..2b15e45 100644 --- a/.bumpversion.toml +++ b/.bumpversion.toml @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 [tool.bumpversion] -current_version = "0.10.0" +current_version = "0.10.1" parse = "(?P\\d+)\\.(?P\\d+)\\.(?P\\d+)" serialize = ["{major}.{minor}.{patch}"] diff --git a/README.it.md b/README.it.md index 8854746..dd10b4f 100644 --- a/README.it.md +++ b/README.it.md @@ -23,7 +23,7 @@ SPDX-License-Identifier: Apache-2.0 [![REUSE 3.x compliant](https://img.shields.io/badge/REUSE-3.x%20compliant-0d9488?style=flat-square)](https://reuse.software/) [![License](https://img.shields.io/badge/license-Apache--2.0-0d9488?style=flat-square)](LICENSE) [![Documentation: Diátaxis](https://img.shields.io/badge/Docs-Di%C3%A1taxis-brightgreen?style=flat-square)](https://diataxis.fr/) -[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.0-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) +[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.1-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) --- diff --git a/README.md b/README.md index 0f46269..b0e937d 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ SPDX-License-Identifier: Apache-2.0 [![REUSE 3.x compliant](https://img.shields.io/badge/REUSE-3.x%20compliant-0d9488?style=flat-square)](https://reuse.software/) [![License](https://img.shields.io/badge/license-Apache--2.0-0d9488?style=flat-square)](LICENSE) [![Documentation: Diátaxis](https://img.shields.io/badge/Docs-Di%C3%A1taxis-brightgreen?style=flat-square)](https://diataxis.fr/) -[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.0-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) +[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.1-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) --- diff --git a/RELEASE.md b/RELEASE.md index 287d9fc..e60929a 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -8,9 +8,9 @@ | Field | Value | | :------- | :--------- | -| Version | v0.10.0 | +| Version | v0.10.1 | | Codename | Magnetite | -| Date | 2026-06-06 | +| Date | 2026-06-07 | | Status | Stable | ## Release Checklist @@ -47,11 +47,11 @@ git checkout main git pull origin main # 3. Tag the main branch and push -git tag v0.10.0 +git tag v0.10.1 git push origin main --tags ``` -- [ ] Create GitHub Release from the tag, using the `## v0.10.0` CHANGELOG section as the release body. +- [ ] Create GitHub Release from the tag, using the `## v0.10.1` CHANGELOG section as the release body. ## Changelog Reference diff --git a/docs/how-to/configure-ci-cd.mdx b/docs/how-to/configure-ci-cd.mdx index 123e8f6..69a997b 100644 --- a/docs/how-to/configure-ci-cd.mdx +++ b/docs/how-to/configure-ci-cd.mdx @@ -199,7 +199,7 @@ jobs: uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" # pin to a stable release + version: "0.10.1" # pin to a stable release format: sarif # emit SARIF for Code Scanning upload-sarif: "true" fail-on-error: "true" @@ -254,7 +254,7 @@ Slack notifications without re-parsing the SARIF file: id: zenzic uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" - name: Post finding count @@ -271,7 +271,7 @@ By setting `ci: "true"`, the action natively injects the `--ci` flag under the h - name: Zenzic Progressive Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" ci: "true" # Native inline PR annotations (no SARIF required) only: "Z101,Z201" # Gate ONLY fails on broken links and leaked secrets fail-on-error: "true" @@ -320,7 +320,7 @@ jobs: - name: Run Zenzic and save baseline uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" format: json # triggers .zenzic-score.json snapshot upload-sarif: "false" @@ -352,7 +352,7 @@ jobs: uses: PythonWoods/zenzic-action@ id: zenzic with: - version: "0.10.0" + version: "0.10.1" format: sarif upload-sarif: "true" diff-base: ".zenzic-baseline/.zenzic-score.json" @@ -400,7 +400,7 @@ jobs: - name: Sovereign Audit (suppressions bypassed) uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" format: sarif upload-sarif: "true" audit: "true" # bypass all zenzic:ignore and per_file_ignores @@ -419,7 +419,7 @@ The `guard-scan: "true"` input runs `zenzic guard scan` as a standalone step **b - name: Run Zenzic Documentation Quality Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" guard-scan: "true" # zenzic guard scan runs before check all format: sarif upload-sarif: "true" diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 4521bc6..c7c1f40 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -75,7 +75,7 @@ const config: Config = { lastVersion: 'current', versions: { current: { - label: '0.10.0', + label: '0.10.1', badge: false, banner: 'none', }, @@ -239,7 +239,7 @@ const config: Config = { ], }, ], - copyright: `© ${new Date().getFullYear()} PythonWoods · Zenzic v0.10.0 · Engineered with precision by PythonWoods in Italy 🇮🇹`, + copyright: `© ${new Date().getFullYear()} PythonWoods · Zenzic v0.10.1 · Engineered with precision by PythonWoods in Italy 🇮🇹`, }, prism: { theme: prismThemes.github, diff --git a/i18n/en/code.json b/i18n/en/code.json index 416a457..1e70a44 100644 --- a/i18n/en/code.json +++ b/i18n/en/code.json @@ -43,7 +43,7 @@ "message": "Brand obsolescence" }, "homepage.hero.badge": { - "message": "v0.10.0", + "message": "v0.10.1", "description": "Wait release version badge" }, "enterprise.section.sub": { diff --git a/i18n/it/code.json b/i18n/it/code.json index fde2eb3..5f87851 100644 --- a/i18n/it/code.json +++ b/i18n/it/code.json @@ -379,7 +379,7 @@ "message": "Marchio obsoleto" }, "homepage.hero.badge": { - "message": "v0.10.0", + "message": "v0.10.1", "description": "Wait release version badge" }, "homepage.hero.title": { diff --git a/i18n/it/docusaurus-plugin-content-docs/current.json b/i18n/it/docusaurus-plugin-content-docs/current.json index 2fbc9b7..6fbe79c 100644 --- a/i18n/it/docusaurus-plugin-content-docs/current.json +++ b/i18n/it/docusaurus-plugin-content-docs/current.json @@ -1,6 +1,6 @@ { "version.label": { - "message": "0.10.0", + "message": "0.10.1", "description": "The label for version current" }, "sidebar.tutorialSidebar.category.User Guide": { diff --git a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx index 342198d..c20fa79 100644 --- a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx +++ b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx @@ -199,7 +199,7 @@ jobs: uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" # fissa a una release stabile + version: "0.10.1" # fissa a una release stabile format: sarif # emetti SARIF per Code Scanning upload-sarif: "true" fail-on-error: "true" @@ -254,7 +254,7 @@ o notifiche Slack senza dover rileggere il file SARIF: id: zenzic uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" - name: Mostra conteggio finding @@ -271,7 +271,7 @@ Impostando `ci: "true"`, l'action inietta nativamente il flag `--ci` sotto il co - name: Zenzic Progressive Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" ci: "true" # Annotazioni PR native (non richiede SARIF) only: "Z101,Z201" # Il Gate fallisce SOLO per link rotti e segreti esposti fail-on-error: "true" @@ -320,7 +320,7 @@ jobs: - name: Esegui Zenzic e salva il baseline uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" format: json # genera lo snapshot .zenzic-score.json upload-sarif: "false" @@ -352,7 +352,7 @@ jobs: uses: PythonWoods/zenzic-action@ id: zenzic with: - version: "0.10.0" + version: "0.10.1" format: sarif upload-sarif: "true" diff-base: ".zenzic-baseline/.zenzic-score.json" @@ -400,7 +400,7 @@ jobs: - name: Sovereign Audit (soppressioni bypassate) uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" format: sarif upload-sarif: "true" audit: "true" # bypassa tutti i zenzic:ignore e per_file_ignores @@ -419,7 +419,7 @@ L'input `guard-scan: "true"` esegue `zenzic guard scan` come step standalone **p - name: Run Zenzic Documentation Quality Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.0" + version: "0.10.1" guard-scan: "true" # zenzic guard scan viene eseguito prima di check all format: sarif upload-sarif: "true" diff --git a/package-lock.json b/package-lock.json index bad9a3d..1eba93b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "zenzic-doc", - "version": "0.10.0", + "version": "0.10.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "zenzic-doc", - "version": "0.10.0", + "version": "0.10.1", "dependencies": { "@docusaurus/core": "3.10.1", "@docusaurus/faster": "3.10.1", diff --git a/package.json b/package.json index 60bd27e..247198a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "zenzic-doc", - "version": "0.10.0", + "version": "0.10.1", "private": true, "scripts": { "docusaurus": "docusaurus", diff --git a/src/components/Homepage/Features.tsx b/src/components/Homepage/Features.tsx index 05113cf..e4e0e77 100644 --- a/src/components/Homepage/Features.tsx +++ b/src/components/Homepage/Features.tsx @@ -18,7 +18,7 @@ function TerminalPreview(): React.JSX.Element { - zenzic check all · v0.10.0 + zenzic check all · v0.10.1 {/* Output body */} diff --git a/src/components/Homepage/Hero.tsx b/src/components/Homepage/Hero.tsx index 3f17107..e092d64 100644 --- a/src/components/Homepage/Hero.tsx +++ b/src/components/Homepage/Hero.tsx @@ -39,7 +39,7 @@ export default function Hero(): React.JSX.Element {
- v0.10.0 + v0.10.1

diff --git a/static/assets/brand/zenzic-brand-system.html b/static/assets/brand/zenzic-brand-system.html index 3464d55..a85f4ff 100644 --- a/static/assets/brand/zenzic-brand-system.html +++ b/static/assets/brand/zenzic-brand-system.html @@ -549,7 +549,7 @@

Code / UI · JetBrains Mono

-

Markdown static analyzer & credential scanner
uvx zenzic check all ./docs
v0.10.0 · exit 0

+

Markdown static analyzer & credential scanner
uvx zenzic check all ./docs
v0.10.1 · exit 0

@@ -711,7 +711,7 @@

CLI Output — Color Mapping

- ▮ ZENZIC v0.10.0
+ ▮ ZENZIC v0.10.1
✨ All statically-detectable links, credentials, and references verified.
⚠ WARNING docs/guide.md:14
✗ ERROR docs/api.md:88
From 238dee3efa2c14ef98a8b6096ee849237580bd62 Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sun, 7 Jun 2026 15:31:17 +0200 Subject: [PATCH 4/6] chore: optimize CI triggers & document Draft PR workflow --- .github/workflows/ci.yml | 4 ---- .github/workflows/zenzic.yml | 6 +----- CONTRIBUTING.md | 5 +++++ developers/how-to/contribute/pull-requests.mdx | 8 ++++++++ .../current/how-to/contribute/pull-requests.mdx | 8 ++++++++ 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24a5c62..40d01b5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,9 +5,6 @@ name: zenzic-audit on: pull_request: - branches: - - main - - 'release/**' paths: - 'docs/**' - 'i18n/**' @@ -26,7 +23,6 @@ on: push: branches: - main - - 'release/**' paths: - 'docs/**' - 'i18n/**' diff --git a/.github/workflows/zenzic.yml b/.github/workflows/zenzic.yml index dcfc433..b4a9fda 100644 --- a/.github/workflows/zenzic.yml +++ b/.github/workflows/zenzic.yml @@ -4,14 +4,10 @@ name: zenzic-action-dogfood on: - pull_request: - branches: - - main - - 'release/**' push: branches: - main - - 'release/**' + pull_request: permissions: contents: read diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5d7f9fe..b353187 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -226,6 +226,11 @@ This must pass with zero errors before you open or update a PR. - Execute a D.I.A. (Documentation Impact Analysis). If your PR alters CLI behavior or API contracts, explicitly state it in your PR description. You are encouraged to open a matching PR on zenzic-doc, but if you cannot, the maintainers will handle the documentation sync before release. +### CI/CD & Workflow +- **Draft PRs:** We run CI exclusively on `main` and Pull Requests to save resources. Open a **Draft PR** early to get continuous CI feedback on your branch. +- **Hooks:** Use `pre-commit` for local mutations. Do not use `post-commit`. +- **Full Guide:** Read the complete workflow in our [Developer Documentation](https://zenzic.dev/developers/how-to/contribute/pull-requests). + ### Pre-commit hooks The repository enforces quality automatically on every `git commit`: diff --git a/developers/how-to/contribute/pull-requests.mdx b/developers/how-to/contribute/pull-requests.mdx index a69a9eb..b373be3 100644 --- a/developers/how-to/contribute/pull-requests.mdx +++ b/developers/how-to/contribute/pull-requests.mdx @@ -123,6 +123,14 @@ approach to take. This prevents you from spending time on a feature that may not align with the project's goals. You then reference the issue number in your PR to link back to our discussion. +## CI/CD & Draft PRs + +To optimize resources, Zenzic's GitHub Actions trigger ONLY on pushes to `main` and on Pull Requests. Pushes to isolated development branches do not trigger CI. If you want continuous feedback from CI during development, open a Draft PR immediately. + +### Local Hooks + +Zenzic uses `pre-commit` for automatic mutations (e.g., updating DQS badges). The use of hooks like `post-commit` is an anti-pattern and is not supported, as it would leave the working tree dirty after the commit. + ## Styles and linting It is important that your edits produce clean commits that can be reviewed diff --git a/i18n/it/docusaurus-plugin-content-docs-developers/current/how-to/contribute/pull-requests.mdx b/i18n/it/docusaurus-plugin-content-docs-developers/current/how-to/contribute/pull-requests.mdx index 3117e1c..1f7187f 100644 --- a/i18n/it/docusaurus-plugin-content-docs-developers/current/how-to/contribute/pull-requests.mdx +++ b/i18n/it/docusaurus-plugin-content-docs-developers/current/how-to/contribute/pull-requests.mdx @@ -125,6 +125,14 @@ l'approccio da adottare. Questo ti evita di dedicare tempo a una funzionalità c potrebbe non allinearsi con gli obiettivi del progetto. Nella tua PR farai quindi riferimento al numero dell'issue per collegare la nostra discussione. +## CI/CD & Draft PRs + +Per ottimizzare le risorse, le GitHub Actions di Zenzic si innescano SOLO sui push verso `main` e sulle Pull Request. I push su branch di sviluppo isolati non avviano la CI. Se desideri un feedback continuo dalla CI durante lo sviluppo, apri immediatamente una Draft PR. + +### Local Hooks + +Zenzic utilizza `pre-commit` per le mutazioni automatiche (es. l'aggiornamento dei badge DQS). L'uso di hook come `post-commit` è un anti-pattern e non è supportato, in quanto lascerebbe il working tree sporco dopo il commit. + ## Stile e linting È importante che le tue modifiche producano commit puliti che possano essere revisionati From 654f90feb76084b83b3082213fa1101763d89401 Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sun, 7 Jun 2026 15:57:40 +0200 Subject: [PATCH 5/6] chore: fix TOML structure and enforce CI naming convention --- .github/workflows/ci.yml | 7 ++-- .github/workflows/codeql.yml | 4 +- .github/workflows/dependency-review.yml | 6 +-- .github/workflows/npm-audit.yml | 6 +-- .github/workflows/release-docs.yml | 6 +-- .github/workflows/release.yml | 6 +-- .github/workflows/secret-scan.yml | 4 +- .github/workflows/security-posture.yml | 7 ++-- .github/workflows/zenzic.yml | 7 ++-- .zenzic.toml | 53 +++++++++++++------------ 10 files changed, 56 insertions(+), 50 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 40d01b5..3f2e7b3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: zenzic-audit +name: Zenzic Docs CI on: pull_request: @@ -46,14 +46,15 @@ concurrency: jobs: verify: - name: Verify (ubuntu-latest, Node LTS) + name: Build runs-on: ubuntu-latest defaults: run: shell: bash steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - name: Checkout Repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2daf9ed..2f95911 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: codeql +name: Zenzic Docs CodeQL on: push: @@ -38,7 +38,7 @@ jobs: - javascript-typescript steps: - - name: Checkout + - name: Checkout Repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Initialize CodeQL diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d92c7fc..1704ce9 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: dependency-review +name: Zenzic Docs Dependency Review on: pull_request: @@ -21,11 +21,11 @@ concurrency: jobs: dependency-review: - name: Dependency review + name: Review runs-on: ubuntu-latest timeout-minutes: 10 steps: - - name: Checkout + - name: Checkout Repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Dependency Review diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index c132f1f..1c582a0 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: npm-audit +name: Zenzic Docs NPM Audit on: push: @@ -26,13 +26,13 @@ permissions: jobs: audit: - name: Dependency audit + name: Audit runs-on: ubuntu-latest env: FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true steps: - - name: Checkout + - name: Checkout Repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node diff --git a/.github/workflows/release-docs.yml b/.github/workflows/release-docs.yml index 61e4901..f60e35b 100644 --- a/.github/workflows/release-docs.yml +++ b/.github/workflows/release-docs.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: release-docs +name: Zenzic Docs Release Docs on: push: @@ -19,13 +19,13 @@ concurrency: jobs: release: - name: Build and publish docs artifact + name: Release runs-on: ubuntu-latest env: FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true steps: - - name: Checkout + - name: Checkout Repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1ffc854..c649d87 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,6 +1,6 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: release +name: Zenzic Docs Release on: push: @@ -16,13 +16,13 @@ concurrency: jobs: release: - name: Build docs and create GitHub Release + name: Release runs-on: ubuntu-latest env: FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true steps: - - name: Checkout + - name: Checkout Repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Node diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml index 76c7b28..6db0e29 100644 --- a/.github/workflows/secret-scan.yml +++ b/.github/workflows/secret-scan.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: Secret Scan +name: Zenzic Docs Secret Scan on: push: branches: [ main ] @@ -13,7 +13,7 @@ permissions: jobs: secret-scan: - name: Native GitHub Secret Scan Proxy + name: Scan runs-on: ubuntu-latest steps: - name: Info diff --git a/.github/workflows/security-posture.yml b/.github/workflows/security-posture.yml index bc70c18..c43d9b9 100644 --- a/.github/workflows/security-posture.yml +++ b/.github/workflows/security-posture.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: Security Posture +name: Zenzic Docs Security Posture on: push: @@ -11,13 +11,14 @@ on: jobs: check-posture: - name: Evaluate Repository Security Posture + name: Audit runs-on: ubuntu-latest permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - name: Checkout Repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Check for SECURITY.md run: | diff --git a/.github/workflows/zenzic.yml b/.github/workflows/zenzic.yml index b4a9fda..036e790 100644 --- a/.github/workflows/zenzic.yml +++ b/.github/workflows/zenzic.yml @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2026 PythonWoods # SPDX-License-Identifier: Apache-2.0 -name: zenzic-action-dogfood +name: Zenzic Docs Quality Gate on: push: @@ -15,10 +15,11 @@ permissions: jobs: quality-gate: - name: Run Zenzic Quality Gate + name: Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout Repository + uses: actions/checkout@v4 - name: Run Zenzic Quality Gate uses: PythonWoods/zenzic-action@v1 diff --git a/.zenzic.toml b/.zenzic.toml index b9ab3d1..b697208 100644 --- a/.zenzic.toml +++ b/.zenzic.toml @@ -4,30 +4,8 @@ # Precedence: .zenzic.toml is shared baseline; .zenzic.local.toml overrides locally. # Keep secrets and workstation-only values in .zenzic.local.toml. -# --- PROJECT IDENTITY --- -# [project] -# name = "zenzic-doc" # Used for personalized CLI Governance headers - -# --- CORE SETTINGS --- -# --------------------------------------------------------------------------- -# docs_dir -# --------------------------------------------------------------------------- -# The relative path to your documentation root. -# -# BEHAVIOR: -# - If commented out (default), Zenzic uses Auto-Discovery to find your -# docs based on the engine (reads docusaurus.config.ts, mkdocs.yml…). -# - Set to "." to scan the entire repository (L1 system exclusions apply). -# -# DEFAULT: Auto-discovered -# -# docs_dir = "docs" - strict = true fail_under = 90 -# exit_zero = false -# respect_vcs_ignore = true -# validate_same_page_anchors = true # External URLs excluded from the broken-link check (applies only with --strict) excluded_external_urls = [ @@ -58,13 +36,38 @@ excluded_external_urls = [ #"https://zenzic.dev/developers", ] +# Placeholder checks disabled: the documentation describes placeholder patterns +# by example, which would cause false positives. +placeholder_patterns = [] + +# --- PROJECT IDENTITY --- +# [project] +# name = "zenzic-doc" # Used for personalized CLI Governance headers + +# --- CORE SETTINGS --- +# --------------------------------------------------------------------------- +# docs_dir +# --------------------------------------------------------------------------- +# The relative path to your documentation root. +# +# BEHAVIOR: +# - If commented out (default), Zenzic uses Auto-Discovery to find your +# docs based on the engine (reads docusaurus.config.ts, mkdocs.yml…). +# - Set to "." to scan the entire repository (L1 system exclusions apply). +# +# DEFAULT: Auto-discovered +# +# docs_dir = "docs" + +# exit_zero = false +# respect_vcs_ignore = true +# validate_same_page_anchors = true + + # Z204 Privacy Gate — terms that must never appear in published docs. # forbidden_patterns = [] # --- PLACEHOLDERS & CODE SNIPPETS (Optional) --- -# Placeholder checks disabled: the documentation describes placeholder patterns -# by example, which would cause false positives. -placeholder_patterns = [] placeholder_max_words = 0 # --- ENGINE CONTEXT --- From 973406425ce3baf3ecab9d8b8c1ff59da6ddfd51 Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sun, 7 Jun 2026 17:08:08 +0200 Subject: [PATCH 6/6] chore: trigger CI pipeline