feat(catalog-v3.4.0): ci-tools expansion + vale disable_rules (reference-check relocated to reference catalog)

Andrew Dunnrequested to merge
feat/v3.4.0-prep into main

Summary

Scope reduced. reference-check has moved to the gitlab-com/public-sector/reference catalog (Draft MR !13 (merged) there) and no longer ships from this pipeline catalog. What remains here is the infrastructure reference-check depends on at runtime plus an unrelated vale improvement:

  • ci-tools image expansion — stays here because reference-check (now in the reference repo) and other reference-style projects pull pipeline/ci-tools at runtime.
  • vale component disable_rules input — independent voice opt-out feature.

Pairs with the reference repo's reference-check MR (!13 (merged)). Merge this first; ci-tools rebuilds on main with the new deps; the reference component then pins ci-tools:v3.4.0 instead of patching tools in via inline apk add chains.

What lands

ci-tools image expanded

Adds make, nodejs + npm (Node 22), python3 + python3-pip, findutils, and mikefarah yq v4.52.5 (binary release, checksum-verified). The reference's CI was patching these in via inline apk add chains; consumers pulling ci-tools:v3.4.0 get the full set with zero patching. UBI9-minimal base unchanged; image grows ~120MB.

vale component disable_rules input

Space-separated vale rule names get appended to the generated .vale.ini as <rule> = NO lines. Intended for voice-specific opt-outs (em-dash in long prose, "via" in technical writing) a project deliberately chooses against the gitlab-docs default. Defaults to empty (no rules disabled). Mechanical findings should still be fixed rather than disabled.

Renovate

Renovate customManager for pipeline/<component>@vX.Y.Z pins in consumer .gitlab-ci.yml files (generic; not reference-check-specific).

Removed from this MR (relocated)

The reference-check component, its README, the sim-reference-check sim job + fixtures, and the root .gitlab-ci.yml include have been dropped from this branch. That work ships from gitlab-com/public-sector/reference (MR !13 (merged)) so a single component does not ship from two catalogs.

Test plan

  • CI green on MR pipeline (validate:templates:syntax + validate:templates:shape + pipeline-self-validates)
  • On merge to main, ci-tools rebuilds and is signed with the new toolchain
  • After v3.4.0 tag, ci-tools:3.4.0 is published and pullable
  • Reference's reference-check MR (!13 (merged)) successfully pins ci-tools:v3.4.0 for its non-LaTeX jobs
Edited by Andrew Dunn

Merge request reports