fix(ci): correct image digest separator

2026-04-30 12:20:26 +02:00
parent 339de0769d
commit 6652303b3e
232 changed files with 22956 additions and 2 deletions
--- a/.wave/pipelines/audit-dead-code-review.yaml
+++ b/.wave/pipelines/audit-dead-code-review.yaml
@@ -0,0 +1,186 @@
+kind: WavePipeline
+metadata:
+  name: audit-dead-code-review
+  description: "Scan PR-changed files for dead code and post a review comment"
+  release: true
+
+requires:
+  tools:
+    - go
+    - gh
+
+skills:
+  - software-design
+
+input:
+  source: cli
+  example: "https://github.com/re-cinq/wave/pull/42"
+
+steps:
+  - id: scan
+    persona: navigator
+    model: claude-haiku
+    workspace:
+      mount:
+        - source: ./
+          target: /project
+          mode: readonly
+    exec:
+      type: prompt
+      source: |
+        Scan for dead or redundant code in the files changed by: {{ input }}
+
+        ## Scope
+
+        Only scan files changed in the given pull request. Use `{{ forge.cli_tool }} {{ forge.pr_command }} diff` to
+        identify the changed files, then analyze only those files for dead code.
+
+        ## What to Look For
+
+        1. **Unused exports**: Exported functions, types, constants, or variables
+           that are never referenced outside their package.
+
+        2. **Unreachable code**: Code after return/panic, impossible branches,
+           dead switch cases.
+
+        3. **Orphaned files**: Files not imported by any other file in the project.
+
+        4. **Redundant code**: Duplicate functions, copy-paste blocks,
+           wrappers that add no value.
+
+        5. **Stale tests**: Tests for functions that no longer exist,
+           or tests that test nothing meaningful.
+
+        6. **Unused dependencies**: Imports that are no longer needed.
+
+        7. **Commented-out code**: Large blocks of commented code that
+           should be deleted (git has history).
+
+        8. **Duplicate signatures**: Functions with identical signatures across
+           packages that could be consolidated.
+
+        ## Verification
+
+        For each finding, verify it's truly dead:
+        - Grep for all references across the entire codebase
+        - Check for reflect-based or string-based usage
+        - Check if it's part of an interface implementation
+        - Check for build tag conditional compilation
+
+        Produce a structured JSON result matching the contract schema.
+        Only include findings with high or medium confidence. Skip low confidence.
+    output_artifacts:
+      - name: scan_results
+        path: .wave/output/dead-code-scan.json
+        type: json
+    retry:
+      policy: patient
+      max_attempts: 2
+    handover:
+      contract:
+        type: json_schema
+        source: .wave/output/dead-code-scan.json
+        schema_path: .wave/contracts/dead-code-scan.schema.json
+        on_failure: retry
+
+  - id: compose
+    persona: summarizer
+    model: claude-haiku
+    dependencies: [scan]
+    memory:
+      inject_artifacts:
+        - step: scan
+          artifact: scan_results
+          as: findings
+    exec:
+      type: prompt
+      source: |
+        Compose a dead code review comment from the scan findings.
+
+        Read the injected findings and produce a markdown summary suitable for
+        posting as a PR review comment.
+
+        ## Format
+
+        If zero findings:
+        ```
+        No dead code found in the changed files.
+        ```
+
+        If findings exist:
+        ```
+        ## Dead Code Review
+
+        **Findings**: <total_count> items found in changed files
+
+        ### Summary by Type
+        | Type | Count |
+        |------|-------|
+        | ... | N |
+
+        ### Findings
+
+        For each finding (sorted by confidence, high first):
+        - **[DC-001]** (`type`) `location` — description
+          Suggested action: `suggested_action`
+
+        ---
+        *Generated by [Wave](https://github.com/re-cinq/wave) dead-code-review pipeline*
+        ```
+
+        Do NOT include a title/header line — the publish step adds one.
+    output_artifacts:
+      - name: review_comment
+        path: .wave/output/review-comment.md
+        type: markdown
+    handover:
+      contract:
+        type: non_empty_file
+        source: .wave/output/review-comment.md
+
+  - id: publish
+    persona: "gitea-commenter"
+    dependencies: [compose]
+    memory:
+      inject_artifacts:
+        - step: compose
+          artifact: review_comment
+          as: review_summary
+    exec:
+      type: prompt
+      source: |
+        Post the dead code review as a PR comment.
+
+        The original input was: {{ input }}
+        Extract the PR number or URL from the input.
+
+        1. Write the review content to a temp file, then post it as a PR comment:
+           cat > /tmp/dead-code-review-comment.md <<'REVIEW_EOF'
+           ## Dead Code Review (Wave Pipeline)
+
+           <review content>
+
+           ---
+           *Generated by [Wave](https://github.com/re-cinq/wave) dead-code-review pipeline*
+           REVIEW_EOF
+           {{ forge.cli_tool }} {{ forge.pr_command }} comment <PR_NUMBER_OR_URL> --body-file /tmp/dead-code-review-comment.md
+
+    output_artifacts:
+      - name: publish-result
+        path: .wave/output/publish-result.json
+        type: json
+    retry:
+      policy: aggressive
+      max_attempts: 2
+    handover:
+      contract:
+        type: json_schema
+        source: .wave/output/publish-result.json
+        schema_path: .wave/contracts/gh-pr-comment-result.schema.json
+        must_pass: true
+        on_failure: retry
+    outcomes:
+      - type: url
+        extract_from: .wave/output/publish-result.json
+        json_path: .comment_url
+        label: "Dead Code Review Comment"