[plan] Split permissions_validation.go — separate data loading from validation logic #21480
Description
Objective
Split pkg/workflow/permissions_validation.go (477 lines — 59% over the 300-line limit) by separating its data-loading layer from its active validation logic.
Context
From discussion #21398 (Repository Quality Improvement Report - Validator File Size Compliance). This file mixes two distinct responsibilities: loading/indexing the embedded github_toolsets_permissions.json data, and the active validation/formatting logic. Separating these concerns also makes the data-loading layer independently testable.
Approach
Step 1: Create pkg/workflow/permissions_toolset_data.go. Move these elements into it:
- The
//go:embed data/github_toolsets_permissions.jsondirective andgithubToolsetsPermissionsJSONvar GitHubToolsetPermissionsstructGitHubToolsetsDatastructtoolsetPermissionsMapvarValidatableToolinterface (if defined here)GitHubToolConfigstruct and its methods (GetToolsets,IsReadOnly)- The
init()function that loads the JSON collectRequiredPermissionsfunctionisPermissionSufficientfunction
Step 2: Keep in permissions_validation.go:
PermissionsValidationResultstruct (if defined here)ValidatePermissionsfunctioncheckMissingPermissionsfunctionFormatValidationMessagefunctionformatMissingPermissionsMessagefunctionValidateIncludedPermissionsfunction
Step 3: Fix imports in both files.
Step 4: Run make fmt && make lint && make test-unit — all must pass.
⚠️ Do NOT change any function logic. This is a pure reorganization.
Files to Modify
- Reduce:
pkg/workflow/permissions_validation.go - Create:
pkg/workflow/permissions_toolset_data.go
Acceptance Criteria
-
permissions_toolset_data.gocontains the data layer (embed, types, init, lookup helpers) -
permissions_validation.goretains only the active validation logic - Both files are under 300 lines
-
make test-unitpasses -
make fmt && make lintpass
Generated by Plan Command for issue #discussion #21398 · ◷
- expires on Mar 19, 2026, 11:46 PM UTC