Skip to content

feat: add emoji status indicators to markdown report for CI step summary#708

Open
em-redhat wants to merge 2 commits into
complytime:mainfrom
em-redhat:opsx/ci-step-summary-report
Open

feat: add emoji status indicators to markdown report for CI step summary#708
em-redhat wants to merge 2 commits into
complytime:mainfrom
em-redhat:opsx/ci-step-summary-report

Conversation

@em-redhat

Copy link
Copy Markdown
Contributor

Summary

Add emoji status indicators to the --format pretty Markdown compliance
report so it can be used directly as a GitHub Actions Step Summary,
replacing ~55 lines of custom Python in org-infra's
reusable_compliance.yml.

Changes

  • resultEmoji() helper (internal/output/markdown.go): Maps
    gemara.Result to complytime.Status* emoji constants
    (Passed→✅, Failed→❌, NotApplicable/NotRun→⏭️,
    Unknown/NeedsReview⚠️)
  • Controls table: Each control and requirement row prefixed with
    emoji in the Result column
  • Summary counts headers: Emoji-prefixed column headers
    (✅ Passed | ❌ Failed | ⚠️ Needs Review | ...)
  • Findings group headers: Emoji-prefixed section headers
    (### ❌ Failed, ### ⚠️ Needs Review, etc.)

Testing

  • Table-driven TestResultEmoji unit test (7 cases including default)
  • 3 new integration tests with section-scoped assertions:
    TestMarkdown_ControlsTableStatusIndicators,
    TestMarkdown_SummaryCountsTableHeaders,
    TestMarkdown_FindingsGroupHeaderEmoji
  • 6 existing tests updated for emoji presence
  • All 76 tests pass in internal/output

Downstream

Enables complytime/org-infra to simplify CI by replacing custom
Python summary generation with:

cat report-*.md >> $GITHUB_STEP_SUMMARY

Spec Artifacts

OpenSpec change: openspec/changes/ci-step-summary-report/

Closes #697

@em-redhat em-redhat requested a review from a team as a code owner July 9, 2026 13:52
@em-redhat em-redhat requested review from hbraswelrh and jpower432 July 9, 2026 13:52
@em-redhat em-redhat force-pushed the opsx/ci-step-summary-report branch from ca99169 to d7a0b60 Compare July 9, 2026 15:28
@em-redhat em-redhat moved this from Backlog to In Review 👀 in ComplyTime planning Jul 9, 2026
@em-redhat em-redhat self-assigned this Jul 9, 2026
trevor-vaughan added a commit that referenced this pull request Jul 9, 2026
- Harden ci_dependencies.yml against template injection: move PR number
  and repository to env vars, sanitize dep name/version with tr, validate
  comment ID as integer, pass jq marker via --arg
- Add persist-credentials: false to release.yml preflight checkout with
  a separate git credential step to keep tokens out of artifacts
- Scope pull-requests: write in ci_crapload.yml to the post-comment job
  only (was workflow-level)
- Replace peter-evans/create-or-update-comment with gh CLI in
  ci_dependencies.yml to drop a third-party action
- Document every permissions entry with inline comments across all 13
  workflow files (22 previously undocumented)
- Add concurrency groups to 10 workflows; disable cancel-in-progress for
  behavioral_assessment (SARIF uploads), ci_sonarcloud (coverage pipeline),
  and ci_dependencies (auto-merge protection)
- Name 5 anonymous jobs: Buf Lint, Unit Tests, End-to-End Tests,
  Integration Tests, Behavioral Assessment
- Update REQUIRED_CHECKS in release.yml to match new job name: values
  (Unit Tests, End-to-End Tests, Integration Tests); old job-key strings
  would have blocked every release
- Grant contents: read to ci_sonarcloud generate-coverage job, which
  inherited contents: none from the workflow level and could not check
  out code

zizmor --pedantic now reports zero findings across all 13 workflows.

Fixes: #708

Assisted-by: Claude Sonnet 4.6
Signed-off-by: Trevor Vaughan <tvaughan@redhat.com>
trevor-vaughan added a commit that referenced this pull request Jul 9, 2026
- Harden ci_dependencies.yml against template injection: move PR number
  and repository to env vars, sanitize dep name/version with tr, validate
  comment ID as integer, pass jq marker via --arg
- Add persist-credentials: false to release.yml preflight checkout with
  a separate git credential step to keep tokens out of artifacts
- Scope pull-requests: write in ci_crapload.yml to the post-comment job
  only (was workflow-level)
- Replace peter-evans/create-or-update-comment with gh CLI in
  ci_dependencies.yml to drop a third-party action
- Document every permissions entry with inline comments across all 13
  workflow files (22 previously undocumented)
- Add concurrency groups to 10 workflows; disable cancel-in-progress for
  behavioral_assessment (SARIF uploads), ci_sonarcloud (coverage pipeline),
  and ci_dependencies (auto-merge protection)
- Name 5 anonymous jobs: Buf Lint, Unit Tests, End-to-End Tests,
  Integration Tests, Behavioral Assessment
- Update REQUIRED_CHECKS in release.yml to match new job name: values
  (Unit Tests, End-to-End Tests, Integration Tests); old job-key strings
  would have blocked every release
- Grant contents: read to ci_sonarcloud generate-coverage job, which
  inherited contents: none from the workflow level and could not check
  out code

zizmor --pedantic now reports zero findings across all 13 workflows.

Fixes: #708

Assisted-by: Claude Sonnet 4.6
Signed-off-by: Trevor Vaughan <tvaughan@redhat.com>
Comment thread .github/agents/speckit.analyze.agent.md Outdated
@@ -0,0 +1,249 @@
---

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these files intended to be committed?

@em-redhat em-redhat force-pushed the opsx/ci-step-summary-report branch from d7a0b60 to 9e814c4 Compare July 10, 2026 13:40
@em-redhat

Copy link
Copy Markdown
Contributor Author

Cleaned up the PR -- removed 28 unintentionally included files (.github/agents/, .github/prompts/, .opencode/commands/dewey-*, .uf/dewey/, .github/copilot-instructions.md) that leaked in from a merge commit. The PR now contains only the 10 intended files:

  • internal/output/markdown.go -- resultEmoji() helper + 3 call sites
  • internal/output/markdown_internal_test.go -- table-driven TestResultEmoji
  • internal/output/markdown_test.go -- 3 new tests + 7 updated tests
  • CHANGELOG.md / AGENTS.md -- documentation updates
  • openspec/changes/ci-step-summary-report/ -- spec artifacts (5 files)

Rebased onto latest upstream/main (f61e943). All tests pass.

@em-redhat em-redhat removed their assignment Jul 10, 2026
- Add resultEmoji() helper mapping gemara.Result to complytime.Status*
  emoji constants (StatusPassed, StatusFailed, StatusSkipped, StatusError)
- Prefix Controls table Result column with emoji for control and
  requirement rows in writeControlsTable()
- Prefix summary counts table headers with emoji in writeSummary()
- Prefix findings group headers with emoji in writeFindings()
- Add table-driven TestResultEmoji unit test covering all 6 result
  types plus default case
- Add 3 new integration tests with section-scoped assertions
- Update 6 existing tests for emoji presence
- Update upstream TestMarkdown_NeedsReviewInFindings for emoji prefix
- Add OpenSpec change artifacts (proposal, design, spec, tasks)

Closes complytime#697
@em-redhat em-redhat force-pushed the opsx/ci-step-summary-report branch from 9e814c4 to 2d819ff Compare July 10, 2026 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

enhancement: make Markdown report suitable for direct use as CI Step Summary

2 participants