Draft: feat(reference-check): relocate component from pipeline catalog

Andrew Dunnrequested to merge
feat/reference-check-component into main

Relocates the reference-check CI/CD component from the pipeline catalog into this repo (the reference catalog), per the repo owner's decision to co-locate the checker with the standards and make check runner it depends on.

Why

reference-check clones the reference at a consumer's pinned tag and runs that tag's make check over the consumer repo, applying adoption-phase semantics, cross-referencing exemptions, and emitting markdown + JSON conformance reports. When it lived in the pipeline catalog it had a cross-catalog dependency on this repo's standards and make check target -- two catalogs that had to be versioned in lockstep for the checker to stay correct.

Co-locating it here means the checker, the standards, and the make check runner version together in one catalog. No more cross-catalog version coupling.

What changed

Added under templates/reference-check/:

  • template.yml -- ported verbatim from the pipeline branch (byte-identical). Keeps the clone-at-pinned-tag behavior (that is how a consumer's pipeline pulls the standards; it stays correct now that the component ships here). Still pulls the ci-tools image from the pipeline catalog (registry.gitlab.com/gitlab-com/public-sector/pipeline/ci-tools:<ver>) -- cross-catalog image pull is fine and ci-tools was intentionally not moved.
  • README.md -- ported; the three include: examples now point at the reference catalog path (gitlab.com/gitlab-com/public-sector/reference/reference-check@<LATEST>), not the pipeline path. Added a "Standards alignment" note recording that the reference cannot run reference-check against itself (self-exemption, registered in compliance/deviations.yaml) and runs the local make check directly.
  • sim/ -- sim fixtures (ok/ + expired/) and the sim job definition (sim-reference-check.yml), relocated here because this repo has no existing sim harness in .gitlab-ci.yml. Fixture paths and changes: globs were rewritten to the new layout; the pipeline-only containers/ci-tools.Containerfile change-trigger was dropped. A header note in the sim file flags that it is not yet wired into CI.

Updated:

  • CHANGELOG.md -- [Unreleased] / Added entry explaining the relocation and the version-coupling rationale.

Not done here (out of scope / follow-up)

  • Wiring the sim into this repo's CI is a follow-up: .gitlab-ci.yml has no sim stage and does not include: the sim file yet.
  • The pipeline catalog is not touched. Removal of reference-check from pipeline MR !56 is handled separately.

Validation

  • template.yml confirmed byte-identical to the source branch.
  • All YAML (template, sim, fixtures) parses under yq.
  • make validate-templates and scripts/guard-checks.sh pass locally (both are scoped to the lab/docs/paper starter templates and do not regress on the new component dir).

🤖 Generated with Claude Code

Merge request reports