Parent Issue: #50 – Update Repository Compliance Overview Workflow
Problem
The updated Repository Compliance Overview workflow requires precise machine-readable definitions of all checks, their applicability, and severity levels. Today only high‑level categories exist. To implement the workflow consistently, we need a single authoritative specification.
Scope
Define all compliance checks through one YAML file:
1. Check Categories
Repository Configuration – topics, description, license, branch protection, visibility
Governance Files – CODEOWNERS, MAINTAINERS, GOVERNANCE.md reference, LICENSE
Documentation Structure – README, CHANGELOG, required directories
Process Templates – issue/PR templates, required workflows
Activity & Health – stale items, activity thresholds, responsiveness
2. Machine‑readable Specification (compliance-checks.yaml)
All checks will be defined in a single YAML file stored in project-administration. It will serve as the authoritative source for:
- check IDs and descriptions
- category assignment
- applicability rules per repository type
- severity levels (Critical / High / Medium / Low)
- technical parameters (e.g., required files, topic patterns)
- inline comments explaining rationale where helpful
The workflow will consume this YAML directly — no separate Markdown requirements document is needed.
3. Applicability & Severity
Applicability and severity are represented directly as YAML fields (e.g., applies_to: [api-incubating, api-graduated], severity: high). No separate matrix files are required.
4. Community Input
Feedback requested on:
- completeness of checks
- category-specific applicability
- severity rules
- exception handling
- required fields or patterns
Alternative
Start with Phase 1 (governance + configuration checks) and extend iteratively.
Deliverables
compliance-checks.yaml (authoritative machine‑readable specification)- Example YAML snippets per repository category
- Updated Repository Compliance Overview workflow consuming this YAML
Parent Issue: #50 – Update Repository Compliance Overview Workflow
Problem
The updated Repository Compliance Overview workflow requires precise machine-readable definitions of all checks, their applicability, and severity levels. Today only high‑level categories exist. To implement the workflow consistently, we need a single authoritative specification.
Scope
Define all compliance checks through one YAML file:
1. Check Categories
Repository Configuration – topics, description, license, branch protection, visibility
Governance Files – CODEOWNERS, MAINTAINERS, GOVERNANCE.md reference, LICENSE
Documentation Structure – README, CHANGELOG, required directories
Process Templates – issue/PR templates, required workflows
Activity & Health – stale items, activity thresholds, responsiveness
2. Machine‑readable Specification (
compliance-checks.yaml)All checks will be defined in a single YAML file stored in
project-administration. It will serve as the authoritative source for:The workflow will consume this YAML directly — no separate Markdown requirements document is needed.
3. Applicability & Severity
Applicability and severity are represented directly as YAML fields (e.g.,
applies_to: [api-incubating, api-graduated],severity: high). No separate matrix files are required.4. Community Input
Feedback requested on:
Alternative
Start with Phase 1 (governance + configuration checks) and extend iteratively.
Deliverables
compliance-checks.yaml(authoritative machine‑readable specification)