feat(0.2): CI onboarding — GitHub Action template + trust ladder + init pointer (Tracks 8.4/8.5/8.6)#142
Open
feat(0.2): CI onboarding — GitHub Action template + trust ladder + init pointer (Tracks 8.4/8.5/8.6)#142
Conversation
…it pointer (Tracks 8.4/8.5/8.6)
Three small deliverables that close the install → CI gate journey
the launch-readiness review flagged as missing.
Track 8.5 — `docs/examples/gate/github-action.yml`
The ONE recommended GitHub Action config for 0.2.0. Drops into
`.github/workflows/terrain-pr.yml` and gives adopters:
- per-PR `terrain analyze --write-snapshot --json`
- per-PR `terrain report pr --base ... --new-findings-only --baseline ...`
posting a unified comment via the `body-includes` marker so
successive runs update the same thread
- SARIF upload to GitHub code scanning (Security tab)
- **safe-default mode**: warn-only by default; --fail-on
critical is one uncomment away
- --new-findings-only --baseline baked in by default so
adopters with existing debt don't brick CI on day one
Concurrency group + cancel-in-progress so a force-push doesn't
pile up runs. Permissions list documents what each step needs.
Track 8.6 — `docs/product/trust-ladder.md`
The four-rung adoption path: Inventory → Warnings → CI annotations
→ Blocking gates. Each rung says what you do, what you get, what
it doesn't do, and when to move up.
The fundamental pattern this addresses: teams that jump from
Rung 1 to Rung 4 in one step have CI bricking on day one against
inherited debt. The ladder makes "see signals first, gate later"
the recommended path, with the recommended config matching it.
Cross-links: vision.md, feature-status.md, policy/examples/,
github-action.yml. Closes the loop so an adopter who lands on
any one of those docs can navigate to the rest.
Track 8.4 — `terrain init` CI pointer
Existing `terrain init` walks through "next steps" (run analyze,
generate coverage, generate runtime artifacts, edit policy). Added:
- Step (n+1) "Wire Terrain into CI (warn-only by default):"
with copy-this-file pointer to the github-action.yml template
and a pointer to the trust ladder for which mode to run when.
- Policy step now references the three starter policies
(minimal/balanced/strict) instead of the implicit "uncomment
stuff" workflow.
The flow from `terrain init` to a working CI gate is now four
bullet points instead of five separate doc trails.
Pillar parity impact: lifts area 12 (Distribution / install) P4
(Onboarding) from 2 → 3 (with the suspended Node 22 prominence
work being the remaining gap). All three deliverables also lift
"Examples" axes across multiple areas via the cross-cutting reach
of the recommended config + trust ladder.
Verification:
go test ./... — full suite green
go test ./internal/engine/ -run TestRunInit — all 9 init tests green
Manual: read trust-ladder.md end-to-end; cross-references resolve
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Terrain AI Risk Review
Decision: PASS — AI surfaces are covered. |
[INFO] Terrain — Informational only
Coverage gaps in changed code
Pre-existing issues (1)
Recommended tests18 test(s) selected via structural heuristics. 1 unit(s) remain uncovered. 1 impacted unit(s) have no covering tests in the selected set.
Limitations
Generated by Terrain · Targeted Test ResultsTerrain selected 18 test(s) instead of the full suite.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the install → CI gate journey. Three small deliverables that work together: the recommended workflow file, the doc that explains when to flip on each rung, and the `terrain init` step that points at both.
Track 8.5 — `docs/examples/gate/github-action.yml`
The ONE recommended GitHub Action config for 0.2.0. Drops into `.github/workflows/terrain-pr.yml`. Gives adopters:
Concurrency group + cancel-in-progress so force-pushes don't pile up runs.
Track 8.6 — `docs/product/trust-ladder.md`
The four-rung adoption path: Inventory → Warnings → CI annotations → Blocking gates. Each rung says what you do, what you get, what it doesn't do, and when to move up.
The fundamental pattern this addresses: teams that jump from Rung 1 to Rung 4 in one step have CI bricking on day one against inherited debt. The ladder makes "see signals first, gate later" the recommended path, with the recommended config matching it.
Cross-links to vision.md, feature-status.md, policy/examples/, github-action.yml. An adopter who lands on any one of those docs can navigate to the rest.
Track 8.4 — `terrain init` CI pointer
`terrain init`'s "Next steps" output now includes a final step pointing at the recommended workflow + trust ladder. Policy step references the three starter policies instead of the "uncomment stuff" workflow. Flow from `terrain init` to a working CI gate is now four bullet points instead of five separate doc trails.
Pillar parity impact
Test plan
Plan link
`/Users/pzachary/.claude/plans/kind-mapping-turing.md` (Tracks 8.4 / 8.5 / 8.6).
🤖 Generated with Claude Code