Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

$pwd:

regression-workflow-governance

Name: Regression Workflow Governance
Author: InternationalColorConsortium

// Add or update iccDEV regression gates and tool-test workflow coverage while preserving GitHub Actions governance, sanitizer reporting, and issue traceability.

Ejecutar en Manus

$ git log --oneline --stat

stars:162

forks:47

updated:22 de mayo de 2026, 21:06

SKILL.md

readonly

name	regression-workflow-governance
description	Add or update iccDEV regression gates and tool-test workflow coverage while preserving GitHub Actions governance, sanitizer reporting, and issue traceability.
allowed-tools	["bash","read","grep","glob","shell(git:*)"]

Regression Workflow Governance

Use this skill when adding regression coverage or changing ci-iccdev-tool-tests.yml.

Required Inputs

Issue or PR reference, for example #928.
The exact affected component path.
The smallest reproducible input or generated-profile invariant.
The expected pass/fail signal.

Workflow

Read ../../../docs/regression-workflow-governance.md.
Put reusable checks in .github/scripts/ when the logic is more than a few shell lines or should run in more than one workflow.
Wire the check into the nearest existing regression block:
- ci-iccdev-tool-tests.yml for the main ASAN/UBSAN tool gate.
- Other workflows only when they own the affected platform or feature.
Label the sub-test with the issue number and a short technical purpose.
Keep run: blocks compliant with workflow governance: set -euo pipefail, credential cleanup, no direct ${{ }} in shell, trusted-base helpers for PR workflows, and sanitized summary output.
Update .github/ci/regression/README.md or the relevant docs so future maintainers can find the gate.
If a GitHub Actions run URL is involved, download the full run log archive and audit all jobs, including green jobs, for hidden diagnostics.
Run local script syntax checks and the focused regression before handoff. If the regression is added inside iccdev-tool-coverage-baseline.sh, run the direct script and the CTest wrapper because the CTest suite count should stay unchanged.

Validation

bash -n .github/scripts/<new-regression>.sh
git diff --check
file .github/scripts/<new-regression>.sh

For local tool gates, set paths explicitly:

ICCDEV_TOOLS_DIR=$PWD/Build/Tools \
ICCDEV_TESTING_DIR=$PWD/Testing \
ICCDEV_TEST_OUTDIR=/tmp/iccdev-regression \
  .github/scripts/<new-regression>.sh

For edits to the existing tool coverage script:

ICCDEV_TOOLS_DIR=$PWD/build/Tools \
ICCDEV_TESTING_DIR=$PWD/Testing \
ICCDEV_TEST_OUTDIR=/tmp/iccdev-tool-output \
  .github/scripts/iccdev-tool-coverage-baseline.sh --asan --quick
ctest --test-dir build -R '^iccdev\.tool-coverage$' --output-on-failure

For workflow and packaging changes:

python3 -c "import yaml; [yaml.safe_load(open(p)) for p in ['.github/workflows/ci-pr-action.yml','.github/workflows/ci-iccdev-tool-tests.yml']]; print('YAML parse OK')"
actionlint -no-color .github/workflows/<workflow>.yml
python3 .github/scripts/audit-workflow-permissions.py --workflows-dir .github/workflows --format shell

If CMake or C++ changed, also run:

.github/scripts/run-codeql-local.sh --custom-only

Review Checklist

The test fails on the vulnerable or non-canonical behavior and passes on the patch.
Output names include the issue number or regression name.
Exit codes distinguish graceful tool failure from signal crashes.
ASAN/UBSAN findings are treated as failures except for documented benign suppressions.
Workflow changes follow .github/instructions/workflow-governance.instructions.md.
PR workflow helper trust boundaries follow docs/workflow-security-trust-boundaries.md.
Green workflow runs were checked for hidden log diagnostics, not only failed annotations.
Any duplicate install manifest, missing-file uninstall, vcpkg CRT, vcpkg root, apt cache, Homebrew annotation, or skipped smoke coverage issue has either a hard gate or a documented reason for deferral.

References

../../../docs/regression-workflow-governance.md
../../../docs/workflow-security-trust-boundaries.md
../../instructions/workflow-governance.instructions.md
../../instructions/testing.instructions.md
../../prompts/add-regression-workflow.prompt.md

related-skills.json

mismo repositorio

sanitizer-repro.md

from "InternationalColorConsortium/iccDEV"

Reproduce and triage ASAN/UBSAN findings against iccDEV tools with authoritative exit-code and stack-frame handling.

2026-05-28162

maintainer-ci-ctest.md

from "InternationalColorConsortium/iccDEV"

Maintainer workflow for scoping and updating iccDEV CI, CTest, CPack, sanitizer, workflow, and release-gate infrastructure.

2026-05-28162

pre-pr-security-cycle.md

from "InternationalColorConsortium/iccDEV"

Maintainer workflow for the pre-PR secure loop: code, build/test, SAST/CodeQL, dynamic sanitizer checks, fixes, and concise handoff.

2026-05-22162

maintainer-label-system.md

from "InternationalColorConsortium/iccDEV"

Maintain iccDEV repository labels, path labeler rules, issue triage labels, PR CI status labels, and label workflow governance.

2026-05-16162

vcpkg-export-consumer-debug.md

from "InternationalColorConsortium/iccDEV"

Debug iccDEV vcpkg, install/export, uninstall, and packaged consumer failures, especially Windows static CRT and path quoting regressions.

2026-05-12162

docs-maintenance.md

from "InternationalColorConsortium/iccDEV"

Review and edit iccDEV documentation for signal, accuracy, canonical ownership, and low-noise handoff.

2026-04-28162

package.json

"author": "InternationalColorConsortium"

"repository": "InternationalColorConsortium/iccDEV"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de garantía de calidad de software y probadoresOcupaciones informáticas y matemáticas15-1253L4

name	regression-workflow-governance
description	Add or update iccDEV regression gates and tool-test workflow coverage while preserving GitHub Actions governance, sanitizer reporting, and issue traceability.
allowed-tools	["bash","read","grep","glob","shell(git:*)"]

Regression Workflow Governance

Use this skill when adding regression coverage or changing ci-iccdev-tool-tests.yml.

Required Inputs

Issue or PR reference, for example #928.
The exact affected component path.
The smallest reproducible input or generated-profile invariant.
The expected pass/fail signal.

Workflow

Read ../../../docs/regression-workflow-governance.md.
Put reusable checks in .github/scripts/ when the logic is more than a few shell lines or should run in more than one workflow.
Wire the check into the nearest existing regression block:
- ci-iccdev-tool-tests.yml for the main ASAN/UBSAN tool gate.
- Other workflows only when they own the affected platform or feature.
Label the sub-test with the issue number and a short technical purpose.
Keep run: blocks compliant with workflow governance: set -euo pipefail, credential cleanup, no direct ${{ }} in shell, trusted-base helpers for PR workflows, and sanitized summary output.
Update .github/ci/regression/README.md or the relevant docs so future maintainers can find the gate.
If a GitHub Actions run URL is involved, download the full run log archive and audit all jobs, including green jobs, for hidden diagnostics.
Run local script syntax checks and the focused regression before handoff. If the regression is added inside iccdev-tool-coverage-baseline.sh, run the direct script and the CTest wrapper because the CTest suite count should stay unchanged.

Validation

bash -n .github/scripts/<new-regression>.sh
git diff --check
file .github/scripts/<new-regression>.sh

For local tool gates, set paths explicitly:

ICCDEV_TOOLS_DIR=$PWD/Build/Tools \
ICCDEV_TESTING_DIR=$PWD/Testing \
ICCDEV_TEST_OUTDIR=/tmp/iccdev-regression \
  .github/scripts/<new-regression>.sh

For edits to the existing tool coverage script:

ICCDEV_TOOLS_DIR=$PWD/build/Tools \
ICCDEV_TESTING_DIR=$PWD/Testing \
ICCDEV_TEST_OUTDIR=/tmp/iccdev-tool-output \
  .github/scripts/iccdev-tool-coverage-baseline.sh --asan --quick
ctest --test-dir build -R '^iccdev\.tool-coverage$' --output-on-failure

For workflow and packaging changes:

python3 -c "import yaml; [yaml.safe_load(open(p)) for p in ['.github/workflows/ci-pr-action.yml','.github/workflows/ci-iccdev-tool-tests.yml']]; print('YAML parse OK')"
actionlint -no-color .github/workflows/<workflow>.yml
python3 .github/scripts/audit-workflow-permissions.py --workflows-dir .github/workflows --format shell

If CMake or C++ changed, also run:

.github/scripts/run-codeql-local.sh --custom-only

Review Checklist

The test fails on the vulnerable or non-canonical behavior and passes on the patch.
Output names include the issue number or regression name.
Exit codes distinguish graceful tool failure from signal crashes.
ASAN/UBSAN findings are treated as failures except for documented benign suppressions.
Workflow changes follow .github/instructions/workflow-governance.instructions.md.
PR workflow helper trust boundaries follow docs/workflow-security-trust-boundaries.md.
Green workflow runs were checked for hidden log diagnostics, not only failed annotations.
Any duplicate install manifest, missing-file uninstall, vcpkg CRT, vcpkg root, apt cache, Homebrew annotation, or skipped smoke coverage issue has either a hard gate or a documented reason for deferral.

References

../../../docs/regression-workflow-governance.md
../../../docs/workflow-security-trust-boundaries.md
../../instructions/workflow-governance.instructions.md
../../instructions/testing.instructions.md
../../prompts/add-regression-workflow.prompt.md

regression-workflow-governance

Regression Workflow Governance

Required Inputs

Workflow

Validation

Review Checklist

References

Más de este repositorio

Más de este repositorio

Regression Workflow Governance

Required Inputs

Workflow

Validation

Review Checklist

References