openalice-ci
Shared GitHub Actions workflows for all OpenAlice repos.
Architecture rating
This repo IS the consistency substrate — centralizes rust-ci/node-ci/npm-publish as reusable workflows for ~60 OpenAlice repos. Manifest valid, drift 100, activity 100. Strong convention authority; capped by lack of evidence of org-wide adoption breadth.
Manifest present+valid (100/100) with clear summary of all 3 workflows; AGENTS.md and README both present; readme states purpose plainly. Solid for a small config repo, but features 44/100 and terse README excerpt cap it short of exemplary.
N/A by design — owns no tables, zero runtime deps, no migrations or persistence. Score reflects correct absence of a data layer for a CI-config repo, not a positive control.
Pure CI config repo (no runtime/authn surface); npm-publish workflow touches GitHub Packages tokens — no evidence of pinned action SHAs, least-privilege `permissions:` blocks, or secret-scanning, which are the real risks for reusable workflows. Graded conservatively as token/permission hardening is unverified.
No analyzable source; reliability rests on the 3 reusable workflows (rust-ci fmt+clippy+test, node-ci ci+lint+build, npm-publish). No visible timeout-minutes, concurrency/cancel-in-progress, or retry config evidenced — standard CI robustness signals unconfirmed.
Inherent to CI: observability = GitHub Actions run logs/status only. No metrics, tracing, or health probes (Atlas health probe returns up:false, 'no https endpoint' — expected for non-service). Nothing beyond default Actions UI.
Inspector found no analyzable source and no test dirs — correct, as this repo contains CI definitions not testable code. It orchestrates downstream tests (clippy/test, lint/build) but has no self-tests (e.g. workflow-lint via act); unverifiable in isolation.
source · auto-grader-2026-06-16
Ecosystem manifest
.atlas-deps.ymlShared GitHub Actions reusable workflows — rust-ci, node-ci, npm-publish. Pure CI config, no runtime service.
- other: .github/workflows/rust-ci.yml (reusable workflow — fmt + clippy + test)
- other: .github/workflows/node-ci.yml (reusable workflow — npm ci + lint + build)
- other: .github/workflows/npm-publish.yml (reusable workflow — publish to GitHub Packages)
Roadmap · what's planned next
- docker-build-workflowplanned1%Add a reusable docker-build.yml workflow that builds + tags + pushes images to GHCR for every microservice repo so per-repo Dockerfile CI is no longer hand-written.
- security-audit-workflowplanned0%Add a reusable security-audit.yml workflow running cargo-audit + npm audit so all repos get a weekly vulnerability scan from one central job.
- rust-ci-baselinedone100%Ship rust-ci.yml reusable workflow with fmt + clippy + test + rust-cache so every Rust repo in the org gets identical lint and test gates from a single import.
- node-ci-baselinedone100%Ship node-ci.yml reusable workflow with npm ci + lint + build on Node 22 so every TypeScript repo shares the same toolchain version.
Code composition
tokei · locNo LOC stats yet — the next ingestor sweep will populate this.
| Language | % code | code | comments | blanks | files |
|---|---|---|---|---|---|
| Markdown | 0.0% | 0 | 19 | 12 | 2 |
Telemetry ribbon · last 90 days
1 eventci/workflows
3 features- ci.workflows.node.github/workflows/node-ci.yml:1Reusable Node CI workflow — installs deps via npm ci with npm cache, then runs lint and build steps (both optional via --if-present) against a configurable Node version (default 22).workflow:.github/workflows/node-ci.ymlsince 0.1.0
- ci.workflows.npm-publish.github/workflows/npm-publish.yml:1Reusable npm publish workflow — authenticates to GitHub Packages (npm.pkg.github.com) using a caller-supplied NPM_TOKEN secret and publishes the package with Node 22.workflow:.github/workflows/npm-publish.ymlsince 0.1.0
- ci.workflows.rust.github/workflows/rust-ci.yml:1Reusable Rust CI workflow — runs stable toolchain fmt, clippy (-D warnings), and cargo test with Swatinem rust-cache for fast incremental builds.workflow:.github/workflows/rust-ci.ymlsince 0.1.0