From 55fa346ef2f9a3c13af188d01046af9df9150a6a Mon Sep 17 00:00:00 2001 From: DJ Date: Sun, 5 Apr 2026 20:06:18 -0700 Subject: [PATCH 1/3] feat: require GitHub Discussions on all repos with standard categories Elevate Discussions from optional community feature to required org standard. Add Discussions Configuration section defining required categories (Ideas, General) and automated ideation workflow integration. Promote has_discussions audit check from warning to error via REQUIRED_SETTINGS_BOOL. Co-Authored-By: Claude Opus 4.6 (1M context) --- scripts/compliance-audit.sh | 9 +------ standards/github-settings.md | 47 +++++++++++++++++++++++++++++++++++- 2 files changed, 47 insertions(+), 9 deletions(-) diff --git a/scripts/compliance-audit.sh b/scripts/compliance-audit.sh index 381dd1f..6edb006 100755 --- a/scripts/compliance-audit.sh +++ b/scripts/compliance-audit.sh @@ -41,6 +41,7 @@ REQUIRED_SETTINGS_BOOL=( "delete_branch_on_merge:true:Automatically delete head branches must be enabled" "has_wiki:false:Wiki should be disabled โ€” documentation lives in the repo" "has_issues:true:Issue tracking must be enabled" + "has_discussions:true:Discussions must be enabled for ideation and community engagement" ) # --------------------------------------------------------------------------- @@ -276,14 +277,6 @@ check_repo_settings() { "standards/github-settings.md#general" fi - # Discussions - local has_discussions - has_discussions=$(echo "$settings" | jq -r '.has_discussions') - if [ "$has_discussions" != "true" ]; then - add_finding "$repo" "settings" "has-discussions" "warning" \ - "Discussions should be enabled for community engagement" \ - "standards/github-settings.md#general" - fi } # --------------------------------------------------------------------------- diff --git a/standards/github-settings.md b/standards/github-settings.md index e16e94d..31a37b3 100644 --- a/standards/github-settings.md +++ b/standards/github-settings.md @@ -31,7 +31,7 @@ SHOULD be audited and brought into compliance. | **Has Issues** | `true` | Issue tracking enabled on all repos | | **Has Projects** | `true` | Currently enabled on all repos | | **Has Wiki** | `false` | Disabled โ€” documentation lives in the repo | -| **Has Discussions** | `true` | Enabled for community engagement | +| **Has Discussions** | `true` | **Required** โ€” enables Discussions for ideation, feedback, and community engagement (see [Discussions Configuration](#discussions-configuration)) | ### Merge Settings @@ -51,6 +51,51 @@ SHOULD be audited and brought into compliance. --- +## Discussions Configuration + +GitHub Discussions MUST be enabled on all repositories. Discussions serve as the +durable, threaded home for feature ideation, design proposals, and community +feedback โ€” distinct from Issues (which track actionable work). + +### Required Discussion Categories + +All repositories MUST have the following categories configured: + +| Category | Format | Emoji | Description | +|----------|--------|-------|-------------| +| **Ideas** | Open-ended | `๐Ÿ’ก` | Feature proposals, ideation threads, and innovation exploration | +| **General** | Open-ended | `๐Ÿ’ฌ` | General project discussions and questions | + +Additional categories MAY be added per project needs (e.g., "Q&A", "Show and Tell", +"Polls"). The two above are the required minimum. + +### Automated Ideation Workflow + +Repositories with the `feature-ideation.yml` workflow use the **Ideas** category +to post and maintain feature proposal Discussions. Each proposal is a separate +Discussion thread, updated by subsequent workflow runs as market signals and +project context evolve. + +### Setup + +To enable and configure Discussions on an existing repository: + +```bash +# Enable Discussions +gh api -X PATCH repos// -f has_discussions=true + +# Discussion categories are managed via the GitHub UI: +# Settings โ†’ General โ†’ Features โ†’ Discussions โ†’ Set up discussions +# Or via GraphQL after initial setup. +``` + +> **Note:** Discussion categories cannot currently be created via the REST API. +> Use the GitHub UI or GraphQL `createDiscussionCategory` mutation. The compliance +> audit checks that Discussions are enabled; category configuration is verified +> manually during onboarding. + +--- + ## Repository Rulesets Rulesets are the primary enforcement mechanism for branch policies. All From accd91d27099498de0b8b3939dd7edcb687e3bd6 Mon Sep 17 00:00:00 2001 From: DJ Date: Sun, 5 Apr 2026 20:11:34 -0700 Subject: [PATCH 2/3] feat: require feature-ideation workflow for BMAD Method repos Add bmad-method ecosystem detection (looks for _bmad/ directory) and conditionally require feature-ideation.yml workflow. Add CI Standards section 8 documenting the conditional workflow. Update ecosystem table in github-settings.md to include bmad-method. Co-Authored-By: Claude Opus 4.6 (1M context) --- scripts/compliance-audit.sh | 12 ++++++++++++ standards/ci-standards.md | 29 +++++++++++++++++++++++++++++ standards/github-settings.md | 12 ++++++++---- 3 files changed, 49 insertions(+), 4 deletions(-) diff --git a/scripts/compliance-audit.sh b/scripts/compliance-audit.sh index 6edb006..e2dfa12 100755 --- a/scripts/compliance-audit.sh +++ b/scripts/compliance-audit.sh @@ -125,6 +125,9 @@ detect_ecosystems() { if echo "$tree" | grep -qE '\.github/workflows/.*\.yml$'; then ECOSYSTEMS+=("github-actions") fi + if echo "$tree" | grep -qE '(^|/)_bmad/'; then + ECOSYSTEMS+=("bmad-method") + fi } # --------------------------------------------------------------------------- @@ -140,6 +143,15 @@ check_required_workflows() { "standards/ci-standards.md#required-workflows" fi done + + # Conditional: bmad-method repos must have feature-ideation workflow + if [[ " ${ECOSYSTEMS[*]} " == *" bmad-method "* ]]; then + if ! gh_api "repos/$ORG/$repo/contents/.github/workflows/feature-ideation.yml" --jq '.name' > /dev/null 2>&1; then + add_finding "$repo" "ci-workflows" "missing-feature-ideation.yml" "warning" \ + "BMAD Method repo should have \`feature-ideation.yml\` workflow for automated ideation" \ + "standards/ci-standards.md#8-feature-ideation-feature-ideationyml-bmad-method-repos" + fi + fi } # --------------------------------------------------------------------------- diff --git a/standards/ci-standards.md b/standards/ci-standards.md index 57b58cd..7aceb10 100644 --- a/standards/ci-standards.md +++ b/standards/ci-standards.md @@ -219,6 +219,35 @@ See [`workflows/agent-shield.yml`](workflows/agent-shield.yml) and the --- +## Conditional Workflows + +These workflows are required only when a specific ecosystem is detected. + +### 8. Feature Ideation (`feature-ideation.yml`) โ€” BMAD Method repos + +**Condition:** Repository contains a `_bmad/` directory (BMAD Method installed). + +Scheduled weekly workflow that uses Claude Code Action as the BMAD Analyst +(Mary) to research market trends, analyze project signals, and create per-idea +Discussion threads in the **Ideas** category. Each proposal is a separate +Discussion, updated by subsequent runs as the market and project evolve. + +| Setting | Value | +|---------|-------| +| **Schedule** | Weekly (recommended: Friday early morning) | +| **Output** | GitHub Discussions in the Ideas category | +| **Inputs** | `focus_area` (optional), `research_depth` (quick/standard/deep) | +| **Permissions** | `contents: read`, `discussions: write`, `id-token: write` | +| **Required secrets** | `CLAUDE_CODE_OAUTH_TOKEN` (org-level) | + +**Prerequisite:** Discussions must be enabled with an "Ideas" category +(see [Discussions Configuration](github-settings.md#discussions-configuration)). + +See the [TalkTerm implementation](https://github.com/petry-projects/TalkTerm/blob/main/.github/workflows/feature-ideation.yml) +as the reference template. + +--- + ## Workflow Patterns by Tech Stack ### TypeScript / Node.js (npm) diff --git a/standards/github-settings.md b/standards/github-settings.md index 31a37b3..7b80abb 100644 --- a/standards/github-settings.md +++ b/standards/github-settings.md @@ -71,10 +71,13 @@ Additional categories MAY be added per project needs (e.g., "Q&A", "Show and Tel ### Automated Ideation Workflow -Repositories with the `feature-ideation.yml` workflow use the **Ideas** category -to post and maintain feature proposal Discussions. Each proposal is a separate -Discussion thread, updated by subsequent workflow runs as market signals and -project context evolve. +Repositories with the [BMAD Method](https://github.com/bmad-code-org/BMAD-METHOD) +installed (`_bmad/` directory) SHOULD have the `feature-ideation.yml` workflow, +which uses the **Ideas** category to post and maintain feature proposal +Discussions. Each proposal is a separate Discussion thread, updated by subsequent +workflow runs as market signals and project context evolve. See +[CI Standards ยง Feature Ideation](ci-standards.md#8-feature-ideation-feature-ideationyml-bmad-method-repos) +for requirements. ### Setup @@ -151,6 +154,7 @@ in the relevant checks: | `pyproject.toml` / `requirements.txt` | `python` | Python analysis | pytest, coverage | `pip-audit` | | `.github/workflows/*.yml` | `actions` | โ€” | โ€” | โ€” | | `*.tf` (Terraform) | โ€” | โ€” | `terraform validate` | Dependabot security updates | +| `_bmad/` (BMAD Method) | โ€” | โ€” | `feature-ideation.yml` (weekly) | โ€” | Multi-language repos (e.g., TypeScript + Go) MUST configure all applicable ecosystems in each check. From ad03f1495d3515514e66b6a9018f21261cf70805 Mon Sep 17 00:00:00 2001 From: DJ Date: Sun, 5 Apr 2026 20:23:46 -0700 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20address=20review=20comments=20?= =?UTF-8?q?=E2=80=94=20severity=20levels=20and=20requirement=20language?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Extend REQUIRED_SETTINGS_BOOL tuple format to include per-entry severity (key:expected:severity:detail) instead of hardcoding all as warning - Set has_discussions and has_issues to error severity; others remain warning - Change feature-ideation.yml finding from warning to error for BMAD repos - Change SHOULD to MUST for BMAD ideation workflow requirement in standards Addresses CodeRabbit and Copilot review comments on PR #53. Co-Authored-By: Claude Opus 4.6 (1M context) --- scripts/compliance-audit.sh | 18 +++++++++--------- standards/github-settings.md | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/scripts/compliance-audit.sh b/scripts/compliance-audit.sh index e2dfa12..60288d0 100755 --- a/scripts/compliance-audit.sh +++ b/scripts/compliance-audit.sh @@ -37,11 +37,11 @@ REQUIRED_WORKFLOWS=(ci.yml codeql.yml sonarcloud.yml claude.yml dependabot-autom REQUIRED_LABELS=(security dependencies scorecard bug enhancement documentation) REQUIRED_SETTINGS_BOOL=( - "allow_auto_merge:true:Allow auto-merge must be enabled for Dependabot workflow" - "delete_branch_on_merge:true:Automatically delete head branches must be enabled" - "has_wiki:false:Wiki should be disabled โ€” documentation lives in the repo" - "has_issues:true:Issue tracking must be enabled" - "has_discussions:true:Discussions must be enabled for ideation and community engagement" + "allow_auto_merge:true:warning:Allow auto-merge must be enabled for Dependabot workflow" + "delete_branch_on_merge:true:warning:Automatically delete head branches must be enabled" + "has_wiki:false:warning:Wiki should be disabled โ€” documentation lives in the repo" + "has_issues:true:error:Issue tracking must be enabled" + "has_discussions:true:error:Discussions must be enabled for ideation and community engagement" ) # --------------------------------------------------------------------------- @@ -147,8 +147,8 @@ check_required_workflows() { # Conditional: bmad-method repos must have feature-ideation workflow if [[ " ${ECOSYSTEMS[*]} " == *" bmad-method "* ]]; then if ! gh_api "repos/$ORG/$repo/contents/.github/workflows/feature-ideation.yml" --jq '.name' > /dev/null 2>&1; then - add_finding "$repo" "ci-workflows" "missing-feature-ideation.yml" "warning" \ - "BMAD Method repo should have \`feature-ideation.yml\` workflow for automated ideation" \ + add_finding "$repo" "ci-workflows" "missing-feature-ideation.yml" "error" \ + "BMAD Method repo must have \`feature-ideation.yml\` workflow for automated ideation" \ "standards/ci-standards.md#8-feature-ideation-feature-ideationyml-bmad-method-repos" fi fi @@ -270,11 +270,11 @@ check_repo_settings() { # Boolean settings checks for entry in "${REQUIRED_SETTINGS_BOOL[@]}"; do - IFS=':' read -r key expected detail <<< "$entry" + IFS=':' read -r key expected severity detail <<< "$entry" local actual actual=$(echo "$settings" | jq -r ".$key // \"null\"") if [ "$actual" != "$expected" ]; then - add_finding "$repo" "settings" "$key" "warning" \ + add_finding "$repo" "settings" "$key" "$severity" \ "$detail (current: \`$actual\`, expected: \`$expected\`)" \ "standards/github-settings.md#repository-settings--standard-defaults" fi diff --git a/standards/github-settings.md b/standards/github-settings.md index 7b80abb..ef8507f 100644 --- a/standards/github-settings.md +++ b/standards/github-settings.md @@ -72,7 +72,7 @@ Additional categories MAY be added per project needs (e.g., "Q&A", "Show and Tel ### Automated Ideation Workflow Repositories with the [BMAD Method](https://github.com/bmad-code-org/BMAD-METHOD) -installed (`_bmad/` directory) SHOULD have the `feature-ideation.yml` workflow, +installed (`_bmad/` directory) MUST have the `feature-ideation.yml` workflow, which uses the **Ideas** category to post and maintain feature proposal Discussions. Each proposal is a separate Discussion thread, updated by subsequent workflow runs as market signals and project context evolve. See