mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Codex repository guidance and validation
lint / shell-yaml-ansible (push) Failing after 17s
Details

Browse Source
This commit is contained in:
Mateusz Suski
2026-05-10 11:11:03 +00:00
parent 0d3905b8a1
commit a527022518
17 changed files with 935 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/codex/review-checklist.md
+52
View File
@@ -0,0 +1,52 @@
# Review Checklist
Use this checklist for repository reviews and pull requests.
## Safety
- Destructive actions default to dry-run or read-only.
- Real changes require explicit `--execute` and operator confirmation.
- Inputs are validated before use.
- Paths, service names, disks, volumes, and inventory targets are constrained.
- Rollback or recovery thinking is documented where the operation can change state.
## Bash
- Uses `#!/usr/bin/env bash`.
- Uses `set -o errexit`, `set -o nounset`, and `set -o pipefail`.
- Missing commands return a clear warning or invalid-input/dependency exit.
- Output uses `OK`, `WARNING`, and `CRITICAL` consistently.
- Exit codes follow repo convention: `0` OK, `1` operational issue, `2` invalid input or missing dependency.
- Help output exists for scripts that accept arguments.
## Ansible
- Target hosts are explicit and appropriate for the role.
- Modules are preferred over `shell` or `command`.
- Check mode and diff mode are considered.
- Tasks are idempotent or clearly documented when a check is inherently read-only or platform-specific.
- Handlers, tags, defaults, and validation tasks are used where useful.
- Inventory, vars, and role defaults do not contain secrets or real environment data.
## Documentation
- README files explain current state without overstating completeness.
- Runbooks include scope, pre-checks, execution controls, post-checks, and evidence.
- Docs avoid tutorial filler and fake enterprise complexity.
- Important limitations are linked or documented.
- `CHANGELOG.md` is updated for meaningful repo changes.
## Operational Realism
- The change reflects RHEL/Oracle Linux, Debian/Ubuntu, AIX, Veritas, GPFS, Zabbix, ELK, Docker, Kubernetes/K3s, Terraform, VMware, or Proxmox operations accurately.
- Examples remain sanitized.
- Placeholder projects are identified as placeholders.
- There is no unnecessary abstraction or invented complexity.
## Validation
- Changed Bash scripts pass `bash -n`.
- `shellcheck` was run if available, or its absence was reported.
- Ansible syntax/lint checks were run if available and relevant.
- YAML/Markdown sanity checks were run if available.
- Failures and skipped checks are visible in the final summary.