Skip to content

chore: close the 10 declarative coverage gaps found by the deploy/ coverage guardΒ #115

Description

@devantler

πŸ€– Generated by the Daily AI Engineer

Evidence

The coverage guard added in #114 found 14 (dimension, repository) pairs that are not declared in
deploy/. They are exempted there β€” explicitly and with a pointer to this issue β€” so the guard
could land green and ratchet. This issue closes them.

dimension repositories missing
repositories/ (Repository CRs) actions, .github, monorepo
repository-permissions/ aws, kyverno-policies, monorepo, provider-upjet-unifi
team-repositories/grant-maintainers-on-* agent-plugins, agent-skills, ascoachingogvaner, .github, fleet-gitops, maintenance, wedding-app

For contrast, labels/ and grant-admins-on-* are both 21/21 β€” completeness is achievable
here, which is the evidence that the above is drift rather than a designed boundary.

Problem

Each gap means a repository whose settings, collaborator permissions, or team access are not
reconciled from Git. The state is whatever it happens to be, and it can be changed by hand without
anything reverting it β€” the exact failure the declarative model exists to prevent.

Notes before starting

Acceptance criteria

  • Each of the 14 pairs is either declared in deploy/, or kept as an exemption whose reason
    states the deliberate intent.
  • tests/declarative-coverage.sh passes with its exemption list reduced accordingly (the guard
    already fails on a stale exemption, so this is self-enforcing).
  • No net-new resource claims Delete or an external name.

Split per dimension if it reviews better. Part of #56.

Metadata

Metadata

Assignees

No one assigned

    Type

    Fields

    No fields configured for Chore.

    Projects

    Status
    πŸ“₯ Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions