diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c475caf..b50641c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,7 +30,12 @@ jobs: fail-fast: false matrix: include: - - language: javascript-typescript + # k9-validate-action ships only YAML + Bash + Markdown (no JS/TS + # source). The `actions` language scans workflow files; the + # previous `javascript-typescript` entry made CodeQL fail with + # "Only found JavaScript or TypeScript files that were empty + # or contained syntax errors" on every run. + - language: actions build-mode: none steps: diff --git a/.hypatia-ignore b/.hypatia-ignore new file mode 100644 index 0000000..20df4cd --- /dev/null +++ b/.hypatia-ignore @@ -0,0 +1,9 @@ +# Hypatia-honoured exemption file for k9-validate-action. +# Format: /: +# +# SafeDOMExample.res is the recurring estate fixture demonstrating a +# safe-DOM ReScript pattern; it pre-dates the 2026-04-30 ReScript ban and +# stays as a fixture until the .res→.affine migration sweep (affinescript#57 +# Phase 2) reaches it. The standards#168 consolidated language-policy +# check honours this line via the enforce()/is_exempt() helpers. +cicd_rules/banned_language_file:examples/SafeDOMExample.res diff --git a/action.yml b/action.yml index 9f66e1a..655bf0a 100644 --- a/action.yml +++ b/action.yml @@ -39,7 +39,10 @@ inputs: Pattern follows hyperpolymath/hypatia#243 — validators that scan content patterns must distinguish a target file from a fixture / vendored / training-corpus file that legitimately contains the - pattern being checked. + pattern being checked. The vendored-estate-clone carve-out (e.g. + absolute-zero/) follows the convention that a tracked subdirectory + named after an upstream hyperpolymath repo is a vendored copy whose + K9 files belong to the upstream's CI, not the host's. required: false default: | vendor/ @@ -49,6 +52,7 @@ inputs: integration/fixtures/ test/fixtures/ tests/fixtures/ + absolute-zero/ outputs: files-scanned: