-
Notifications
You must be signed in to change notification settings - Fork 1
ci(lean-proof): add CI gate for DbspChainRule.lean type-check (closes A1+A2 → A-with-CI) #1394
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| name: lean-proof | ||
|
|
||
| # Type-checks the Lean 4 / Mathlib formalization of DBSP at | ||
| # tools/lean4/Lean4/DbspChainRule.lean. Per the math-proofs | ||
| # honest assessment (docs/research/2026-05-03-math-proofs- | ||
| # honest-assessment.md) the Lean proof is A-grade today | ||
| # hand-run (chain_rule_proposition_3_2 + Dop_LTI_commute) but | ||
| # was MISSING CI gating — peer reviewers expect "runs in CI" | ||
| # as the line for an A-grade artifact. This workflow closes | ||
| # that gap. | ||
| # | ||
| # Path-filtered to only run on changes that affect the Lean | ||
| # proof (the Lean source, the lake-manifest, the toolchain | ||
| # version pin, or this workflow itself). Runs out-of-band | ||
| # from gate.yml because Mathlib's lake cache is multi-GB and | ||
| # Lean toolchain setup is heavier than the existing | ||
| # build-and-test surface. | ||
| # | ||
| # Composes with: | ||
| # - tools/lean4/Lean4/DbspChainRule.lean (the artifact) | ||
| # - docs/research/verification-registry.md (the registry | ||
| # rows for chain_rule_proposition_3_2 + Dop_LTI_commute) | ||
| # - docs/research/2026-05-03-math-proofs-honest-assessment.md | ||
| # (this workflow closes the A-with-CI upgrade for A1+A2) | ||
| # - .claude/skills/verification-drift-auditor/SKILL.md | ||
| # (every CI fire is implicit drift-check input) | ||
| # | ||
| # Safe-pattern compliance (per FACTORY-HYGIENE row #43): | ||
| # - SHA-pinned actions/checkout + actions/cache | ||
| # - Explicit minimum permissions: contents: read | ||
| # - No user-authored context; purely repo-file reads | ||
| # - Concurrency group + pinned runs-on | ||
| # - Path-filter narrows the trigger surface | ||
|
|
||
| on: | ||
| pull_request: | ||
| paths: | ||
| - "tools/lean4/**" | ||
| - ".github/workflows/lean-proof.yml" | ||
| push: | ||
| branches: [main] | ||
| paths: | ||
| - "tools/lean4/**" | ||
| - ".github/workflows/lean-proof.yml" | ||
| workflow_dispatch: {} | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| # Workflow-level env: exposes GITHUB_TOKEN to every step so mise's | ||
| # aqua: backend (used by tools/setup/install.sh during toolchain | ||
| # install) can authenticate its GitHub API calls. Without a token, | ||
| # mise hits the unauthenticated rate limit (60 requests per hour | ||
| # per IP, shared across all GitHub Actions runners) and fails to | ||
| # fetch release tags with a 403. With the token, the limit is | ||
| # 5000/hr per token. Same pattern as gate.yml (see workflow-level | ||
| # env: block there); inherits the workflow's permissions: | ||
| # contents: read — no write escalation. | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| concurrency: | ||
| group: lean-proof-${{ github.ref }} | ||
| cancel-in-progress: false | ||
|
|
||
| jobs: | ||
| type-check: | ||
| name: type-check Lean DbspChainRule | ||
| runs-on: ubuntu-24.04 | ||
| # Mathlib's lake cache get + the actual type-check is fast | ||
| # (~2-5 min) on warm cache; cold cache (cache miss on first | ||
| # run after lean-toolchain bump) can take 15-25 min. | ||
| timeout-minutes: 30 | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| # Mathlib's lake build cache. Keyed on lean-toolchain (which | ||
| # binds the Mathlib version via lakefile.toml + lake-manifest) | ||
| # so the cache busts cleanly when either changes. Without this | ||
| # cache, every PR fetches + builds Mathlib from scratch which | ||
| # is hours of CI time. | ||
| - name: Cache lake (Mathlib oleans) | ||
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | ||
| with: | ||
| path: tools/lean4/.lake | ||
| key: lake-${{ runner.os }}-${{ hashFiles('tools/lean4/lean-toolchain', 'tools/lean4/lakefile.toml', 'tools/lean4/lake-manifest.json') }} | ||
| # Restore-keys allow falling back to a partial cache on | ||
| # cache-miss; lake exe cache get fills the gap. Faster than | ||
| # cold-build of Mathlib. | ||
| restore-keys: | | ||
| lake-${{ runner.os }}- | ||
|
|
||
| # elan toolchain. Same key shape as gate.yml's elan cache so | ||
| # the two workflows share cache space efficiently. | ||
| - name: Cache elan (Lean 4 toolchain) | ||
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | ||
| with: | ||
| path: ~/.elan | ||
| key: elan-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('tools/setup/common/elan.sh') }} | ||
|
|
||
| - name: Install toolchain via three-way-parity script (GOVERNANCE §24) | ||
| # Single source of truth for toolchain state. Installs elan | ||
| # which provides lake + lean. Same pattern as gate.yml. | ||
| run: ./tools/setup/install.sh | ||
|
AceHack marked this conversation as resolved.
|
||
|
|
||
| - name: Fetch Mathlib pre-built oleans | ||
| # Mathlib's CLI downloads pre-compiled .olean files from S3; | ||
| # this skips the multi-hour Mathlib build. After cache get, | ||
| # lake env lean type-checks the proof in ~30s. | ||
| working-directory: tools/lean4 | ||
| run: lake exe cache get | ||
|
|
||
| - name: Type-check DbspChainRule.lean | ||
| # Silence on success = pass. Any error / warning fails the | ||
| # build per Lean's exit code. Per the verification-registry | ||
| # rows for chain_rule_proposition_3_2 + Dop_LTI_commute: | ||
| # this is the gate that converts both rows from A-grade- | ||
| # hand-run to A-grade-with-CI. | ||
| working-directory: tools/lean4 | ||
| run: lake env lean Lean4/DbspChainRule.lean | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.