From b173afae711a9abfe27f950eb517a3f1e32d64ff Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 8 Jan 2026 18:11:51 +0000 Subject: [PATCH] Complete merge: Remove gated-ci-atomic.yml and update documentation Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com> --- .github/workflows/README.md | 34 +- .github/workflows/gated-ci-atomic.yml | 1048 ------------------------- GATE_1.2_IMPLEMENTATION_SUMMARY.md | 21 +- PLAYWRIGHT_CI_FIX_SUMMARY.md | 5 +- 4 files changed, 20 insertions(+), 1088 deletions(-) delete mode 100644 .github/workflows/gated-ci-atomic.yml diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 9cfe6a0fa..c099efbb4 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -69,24 +69,7 @@ This workflow runs alongside the existing PR management jobs to keep triage ligh **Triggered on:** Push to main/master/develop branches, Pull requests **Structure:** -- **Gate 1:** Code Quality (Prisma, TypeScript, Lint, Security) -- **Gate 2:** Testing (Unit, E2E, DBAL Daemon) -- **Gate 3:** Build & Package (Build, Quality Metrics) -- **Gate 4:** Review & Approval (Human review required) - -**Features:** -- Sequential gate execution for efficiency -- Clear gate status reporting on PRs -- Automatic progression through gates -- Summary report with all gate results - -**Best for:** Small to medium teams, straightforward workflows - -#### 1a. Enterprise Gated CI/CD Pipeline - Atomic (`gated-ci-atomic.yml`) 🆕 -**Triggered on:** Push to main/master/develop branches, Pull requests - -**Structure:** -- **Gate 1:** Code Quality - 7 atomic steps +- **Gate 1:** Code Quality - 7 validation steps - 1.1 Prisma Validation - 1.2 TypeScript Check (+ strict mode analysis) - 1.3 ESLint (+ any-type detection + ts-ignore detection) @@ -94,27 +77,26 @@ This workflow runs alongside the existing PR management jobs to keep triage ligh - 1.5 File Size Check - 1.6 Code Complexity Analysis - 1.7 Stub Implementation Detection -- **Gate 2:** Testing - 3 atomic steps +- **Gate 2:** Testing - 3 validation steps - 2.1 Unit Tests (+ coverage analysis) - 2.2 E2E Tests - 2.3 DBAL Daemon Tests -- **Gate 3:** Build & Package - 2 atomic steps +- **Gate 3:** Build & Package - 2 validation steps - 3.1 Application Build (+ bundle analysis) - 3.2 Quality Metrics - **Gate 4:** Review & Approval (Human review required) +- **Gate 5:** Deployment (post-merge, automatic staging) **Features:** -- **Atomic validation steps** for superior visualization -- Each tool from `/tools` runs as separate job +- Individual validation steps for superior visualization - **Gate artifacts** persisted between steps (30-day retention) - Granular failure detection - Parallel execution within gates - Complete audit trail with JSON artifacts - Individual step timing and status - -**Best for:** Large teams, enterprise compliance, audit requirements - -**Documentation:** See [Atomic Gated Workflow Architecture](../../docs/ATOMIC_GATED_WORKFLOW.md) +- Sequential gate execution for efficiency +- Clear gate status reporting on PRs +- Summary report with all gate results #### 2. Enterprise Gated Deployment (`gated-deployment.yml`) **Triggered on:** Push to main/master, Releases, Manual workflow dispatch diff --git a/.github/workflows/gated-ci-atomic.yml b/.github/workflows/gated-ci-atomic.yml deleted file mode 100644 index cca1d517d..000000000 --- a/.github/workflows/gated-ci-atomic.yml +++ /dev/null @@ -1,1048 +0,0 @@ -name: Enterprise Gated CI/CD Pipeline (Atomic) - -on: - push: - branches: [ main, master, develop ] - pull_request: - branches: [ main, master, develop ] - -permissions: - contents: read - pull-requests: write - checks: write - statuses: write - -# Enterprise Gated Tree Workflow with Atomic Steps -# Each validation tool runs as a separate step for better visualization -# Gate artifacts are persisted between stages using GitHub Actions artifacts -# Changes must pass through 5 gates before merge: -# Gate 1: Code Quality (lint, typecheck, security) -# Gate 2: Testing (unit, E2E) -# Gate 3: Build & Package -# Gate 4: Review & Approval -# Gate 5: Deployment (staging → production with manual approval) - -jobs: - # ============================================================================ - # GATE 1: Code Quality Gates - Atomic Steps - # ============================================================================ - - gate-1-start: - name: "Gate 1: Code Quality - Starting" - runs-on: ubuntu-latest - steps: - - name: Gate 1 checkpoint - run: | - echo "🚦 GATE 1: CODE QUALITY VALIDATION" - echo "================================================" - echo "Running atomic validation steps..." - echo "Status: IN PROGRESS" - - - name: Create gate artifacts directory - run: | - mkdir -p gate-artifacts/gate-1 - echo "started" > gate-artifacts/gate-1/status.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/start-time.txt - - - name: Upload gate start marker - uses: actions/upload-artifact@v4 - with: - name: gate-1-start - path: gate-artifacts/gate-1/ - - # Atomic Step 1.1: Prisma Validation - prisma-check: - name: "Gate 1.1: Validate Prisma Schema" - runs-on: ubuntu-latest - needs: gate-1-start - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Validate Prisma Schema - run: npx prisma validate --schema=../../prisma/schema.prisma - env: - DATABASE_URL: file:./dev.db - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-1 - echo "${{ job.status }}" > gate-artifacts/gate-1/prisma-check.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/prisma-check-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-1-prisma-result - path: gate-artifacts/gate-1/ - - # Atomic Step 1.2: TypeScript Check - typecheck: - name: "Gate 1.2: TypeScript Type Check" - runs-on: ubuntu-latest - needs: prisma-check - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install root dependencies - run: | - cd ../.. - npm install - - - name: Install DBAL dependencies - run: | - cd ../../dbal/development - npm install - - - name: Generate DBAL types from YAML schemas - run: | - cd ../../dbal/development - npx tsx ../shared/tools/codegen/generate-types.ts - - - name: Install frontend dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Run TypeScript type check - run: npm run typecheck - - - name: Run atomic TypeScript strict checker - run: | - cd ../.. - echo "skipping tools-based TypeScript strict check (tools/ removed)" > gate-artifacts/typescript-strict.json || true - continue-on-error: true - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-1 - echo "${{ job.status }}" > gate-artifacts/gate-1/typecheck.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/typecheck-time.txt - cp gate-artifacts/typescript-strict.json gate-artifacts/gate-1/ || true - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-1-typecheck-result - path: gate-artifacts/gate-1/ - - # Atomic Step 1.3: ESLint - lint: - name: "Gate 1.3: Lint Code" - runs-on: ubuntu-latest - needs: prisma-check - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Run ESLint - run: npm run lint - - - name: Run atomic lint tools - run: | - mkdir -p ../../gate-artifacts/gate-1 - cd ../.. - - # Find any types (skipped - tools/ removed) - echo "skipping tools-based find-any-types" > gate-artifacts/gate-1/any-types.json || true - - # Find ts-ignore comments (skipped - tools/ removed) - echo "skipping tools-based find-ts-ignores" > gate-artifacts/gate-1/ts-ignores.json || true - continue-on-error: true - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-1 - echo "${{ job.status }}" > gate-artifacts/gate-1/lint.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/lint-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-1-lint-result - path: gate-artifacts/gate-1/ - - # Atomic Step 1.4: Security Scan - security-scan: - name: "Gate 1.4: Security Scan" - runs-on: ubuntu-latest - needs: prisma-check - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Run atomic security scanner - run: | - mkdir -p ../../gate-artifacts/gate-1 - cd ../.. - echo "skipping tools-based security scanner" > gate-artifacts/gate-1/security-scan.json || true - continue-on-error: true - - - name: Run dependency audit - run: | - npm audit --json > ../../gate-artifacts/gate-1/audit-results.json 2>&1 || true - echo "Security audit completed" - continue-on-error: true - - - name: Parse audit results - run: | - cd ../.. - echo "skipping tools-based npm-audit parsing" > gate-artifacts/gate-1/audit-summary.json || true - continue-on-error: true - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-1 - echo "${{ job.status }}" > gate-artifacts/gate-1/security-scan.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/security-scan-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-1-security-result - path: gate-artifacts/gate-1/ - - # Atomic Step 1.5: File Size Check - file-size-check: - name: "Gate 1.5: File Size Check" - runs-on: ubuntu-latest - needs: prisma-check - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Run atomic file size checker - run: | - mkdir -p ../../gate-artifacts/gate-1 - cd ../.. - echo "skipping tools-based file size check" > gate-artifacts/gate-1/file-sizes.json || true - continue-on-error: true - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-1 - echo "${{ job.status }}" > gate-artifacts/gate-1/file-size-check.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/file-size-check-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-1-filesize-result - path: gate-artifacts/gate-1/ - - # Atomic Step 1.6: Code Complexity Check - code-complexity-check: - name: "Gate 1.6: Code Complexity Check" - runs-on: ubuntu-latest - needs: prisma-check - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Run atomic code complexity checker - run: | - mkdir -p ../../gate-artifacts/gate-1 - cd ../.. - echo "skipping tools-based code complexity check" > gate-artifacts/gate-1/complexity.json || true - continue-on-error: true - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-1 - echo "${{ job.status }}" > gate-artifacts/gate-1/complexity-check.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/complexity-check-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-1-complexity-result - path: gate-artifacts/gate-1/ - - # Atomic Step 1.7: Stub Detection - stub-detection: - name: "Gate 1.7: Detect Stub Implementations" - runs-on: ubuntu-latest - needs: prisma-check - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Run atomic stub detector - run: | - mkdir -p ../../gate-artifacts/gate-1 - cd ../.. - echo "skipping tools-based stub detection" > gate-artifacts/gate-1/stubs.json || true - continue-on-error: true - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-1 - echo "${{ job.status }}" > gate-artifacts/gate-1/stub-detection.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/stub-detection-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-1-stub-result - path: gate-artifacts/gate-1/ - - gate-1-complete: - name: "Gate 1: Code Quality - Passed ✅" - runs-on: ubuntu-latest - needs: [prisma-check, typecheck, lint, security-scan, file-size-check, code-complexity-check, stub-detection] - steps: - - name: Download all gate 1 artifacts - uses: actions/download-artifact@v4 - with: - pattern: gate-1-* - path: gate-artifacts/ - merge-multiple: true - - - name: Generate Gate 1 summary - run: | - echo "✅ GATE 1 PASSED: CODE QUALITY" - echo "================================================" - echo "Atomic validation steps completed:" - echo "✓ 1.1 Prisma schema validated" - echo "✓ 1.2 TypeScript types checked" - echo "✓ 1.3 Code linted" - echo "✓ 1.4 Security scan completed" - echo "✓ 1.5 File sizes checked" - echo "✓ 1.6 Code complexity analyzed" - echo "✓ 1.7 Stub implementations detected" - echo "" - echo "Gate artifacts preserved for audit trail" - echo "Proceeding to Gate 2: Testing..." - - - name: Create consolidated gate report - run: | - mkdir -p gate-artifacts/gate-1 - echo "completed" > gate-artifacts/gate-1/status.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-1/end-time.txt - - # List all validation results - ls -la gate-artifacts/gate-1/ || true - - - name: Upload consolidated gate 1 report - uses: actions/upload-artifact@v4 - with: - name: gate-1-complete-report - path: gate-artifacts/ - - # ============================================================================ - # GATE 2: Testing Gates - Atomic Steps - # ============================================================================ - - gate-2-start: - name: "Gate 2: Testing - Starting" - runs-on: ubuntu-latest - needs: gate-1-complete - steps: - - name: Gate 2 checkpoint - run: | - echo "🚦 GATE 2: TESTING VALIDATION" - echo "================================================" - echo "Running atomic test steps..." - echo "Status: IN PROGRESS" - - - name: Create gate artifacts directory - run: | - mkdir -p gate-artifacts/gate-2 - echo "started" > gate-artifacts/gate-2/status.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-2/start-time.txt - - - name: Upload gate start marker - uses: actions/upload-artifact@v4 - with: - name: gate-2-start - path: gate-artifacts/gate-2/ - - # Atomic Step 2.1: Unit Tests - test-unit: - name: "Gate 2.1: Unit Tests" - runs-on: ubuntu-latest - needs: gate-2-start - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Run unit tests - run: npm run test:unit - env: - DATABASE_URL: file:./dev.db - - - name: Generate test coverage report - run: | - mkdir -p ../../gate-artifacts/gate-2 - cd ../.. - echo "skipping tools-based test coverage report generation" > gate-artifacts/gate-2/coverage-report.json || true - continue-on-error: true - - - name: Check function coverage - run: | - cd ../.. - echo "skipping tools-based function coverage check" > gate-artifacts/gate-2/function-coverage.json || true - continue-on-error: true - - - name: Upload coverage report - if: always() - uses: actions/upload-artifact@v4 - with: - name: coverage-report - path: frontends/nextjs/coverage/ - retention-days: 7 - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-2 - echo "${{ job.status }}" > gate-artifacts/gate-2/test-unit.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-2/test-unit-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-2-unit-result - path: gate-artifacts/gate-2/ - - # Atomic Step 2.2: E2E Tests - test-e2e: - name: "Gate 2.2: E2E Tests" - runs-on: ubuntu-latest - needs: gate-2-start - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Install Playwright Browsers - run: npx playwright install --with-deps chromium - - - name: Run Playwright tests - run: npm run test:e2e - env: - DATABASE_URL: file:./dev.db - - - name: Upload test results - if: always() - uses: actions/upload-artifact@v4 - with: - name: playwright-report - path: frontends/nextjs/playwright-report/ - retention-days: 7 - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-2 - echo "${{ job.status }}" > gate-artifacts/gate-2/test-e2e.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-2/test-e2e-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-2-e2e-result - path: gate-artifacts/gate-2/ - - # Atomic Step 2.3: DBAL Daemon Tests - test-dbal-daemon: - name: "Gate 2.3: DBAL Daemon E2E" - runs-on: ubuntu-latest - needs: gate-2-start - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Install Playwright Browsers - run: npx playwright install --with-deps chromium - - - name: Run DBAL daemon suite - run: npm run test:e2e:dbal-daemon - env: - DATABASE_URL: file:./dev.db - - - name: Upload daemon test report - if: always() - uses: actions/upload-artifact@v4 - with: - name: playwright-report-dbal-daemon - path: frontends/nextjs/playwright-report/ - retention-days: 7 - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-2 - echo "${{ job.status }}" > gate-artifacts/gate-2/test-dbal-daemon.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-2/test-dbal-daemon-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-2-dbal-result - path: gate-artifacts/gate-2/ - - gate-2-complete: - name: "Gate 2: Testing - Passed ✅" - runs-on: ubuntu-latest - needs: [test-unit, test-e2e, test-dbal-daemon] - steps: - - name: Download all gate 2 artifacts - uses: actions/download-artifact@v4 - with: - pattern: gate-2-* - path: gate-artifacts/ - merge-multiple: true - - - name: Generate Gate 2 summary - run: | - echo "✅ GATE 2 PASSED: TESTING" - echo "================================================" - echo "Atomic test steps completed:" - echo "✓ 2.1 Unit tests passed" - echo "✓ 2.2 E2E tests passed" - echo "✓ 2.3 DBAL daemon tests passed" - echo "" - echo "Gate artifacts preserved for audit trail" - echo "Proceeding to Gate 3: Build & Package..." - - - name: Create consolidated gate report - run: | - mkdir -p gate-artifacts/gate-2 - echo "completed" > gate-artifacts/gate-2/status.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-2/end-time.txt - ls -la gate-artifacts/gate-2/ || true - - - name: Upload consolidated gate 2 report - uses: actions/upload-artifact@v4 - with: - name: gate-2-complete-report - path: gate-artifacts/ - - # ============================================================================ - # GATE 3: Build & Package Gates - Atomic Steps - # ============================================================================ - - gate-3-start: - name: "Gate 3: Build & Package - Starting" - runs-on: ubuntu-latest - needs: gate-2-complete - steps: - - name: Gate 3 checkpoint - run: | - echo "🚦 GATE 3: BUILD & PACKAGE VALIDATION" - echo "================================================" - echo "Running atomic build steps..." - echo "Status: IN PROGRESS" - - - name: Create gate artifacts directory - run: | - mkdir -p gate-artifacts/gate-3 - echo "started" > gate-artifacts/gate-3/status.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-3/start-time.txt - - - name: Upload gate start marker - uses: actions/upload-artifact@v4 - with: - name: gate-3-start - path: gate-artifacts/gate-3/ - - # Atomic Step 3.1: Build Application - build: - name: "Gate 3.1: Build Application" - runs-on: ubuntu-latest - needs: gate-3-start - defaults: - run: - working-directory: frontends/nextjs - outputs: - build-success: ${{ steps.build-step.outcome }} - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Build - id: build-step - run: npm run build - env: - DATABASE_URL: file:./dev.db - - - name: Analyze bundle size - run: | - mkdir -p ../../gate-artifacts/gate-3 - cd ../.. - echo "skipping tools-based bundle analysis" > gate-artifacts/gate-3/bundle-size.json || true - continue-on-error: true - - - name: Upload build artifacts - uses: actions/upload-artifact@v4 - with: - name: dist - path: frontends/nextjs/.next/ - retention-days: 7 - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-3 - echo "${{ job.status }}" > gate-artifacts/gate-3/build.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-3/build-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-3-build-result - path: gate-artifacts/gate-3/ - - # Atomic Step 3.2: Quality Metrics - quality-check: - name: "Gate 3.2: Code Quality Metrics" - runs-on: ubuntu-latest - needs: gate-3-start - if: github.event_name == 'pull_request' - defaults: - run: - working-directory: frontends/nextjs - steps: - - name: Checkout code - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Generate Prisma Client - run: npm run db:generate - env: - DATABASE_URL: file:./dev.db - - - name: Check for console.log statements - run: | - if git diff origin/${{ github.base_ref }}...HEAD -- '*.ts' '*.tsx' '*.js' '*.jsx' | grep -E '^\+.*console\.(log|debug|info)'; then - echo "⚠️ Found console.log statements in the changes" - echo "Please remove console.log statements before merging" - exit 1 - fi - continue-on-error: true - - - name: Check for TODO comments - run: | - TODO_COUNT=$(git diff origin/${{ github.base_ref }}...HEAD -- '*.ts' '*.tsx' '*.js' '*.jsx' | grep -E '^\+.*TODO|FIXME' | wc -l) - if [ $TODO_COUNT -gt 0 ]; then - echo "⚠️ Found $TODO_COUNT TODO/FIXME comments in the changes" - echo "Please address TODO comments before merging or create issues for them" - fi - continue-on-error: true - - - name: Generate quality summary - run: | - mkdir -p ../../gate-artifacts/gate-3 - cd ../.. - echo "skipping tools-based quality summary generation" > gate-artifacts/gate-3/quality-summary.json || true - continue-on-error: true - - - name: Record validation result - if: always() - run: | - mkdir -p gate-artifacts/gate-3 - echo "${{ job.status }}" > gate-artifacts/gate-3/quality-check.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-3/quality-check-time.txt - - - name: Upload validation result - if: always() - uses: actions/upload-artifact@v4 - with: - name: gate-3-quality-result - path: gate-artifacts/gate-3/ - - gate-3-complete: - name: "Gate 3: Build & Package - Passed ✅" - runs-on: ubuntu-latest - needs: [build, quality-check] - if: always() && needs.build.result == 'success' && (needs.quality-check.result == 'success' || needs.quality-check.result == 'skipped') - steps: - - name: Download all gate 3 artifacts - uses: actions/download-artifact@v4 - with: - pattern: gate-3-* - path: gate-artifacts/ - merge-multiple: true - - - name: Generate Gate 3 summary - run: | - echo "✅ GATE 3 PASSED: BUILD & PACKAGE" - echo "================================================" - echo "Atomic build steps completed:" - echo "✓ 3.1 Application built successfully" - echo "✓ 3.2 Quality metrics validated" - echo "" - echo "Gate artifacts preserved for audit trail" - echo "Proceeding to Gate 4: Review & Approval..." - - - name: Create consolidated gate report - run: | - mkdir -p gate-artifacts/gate-3 - echo "completed" > gate-artifacts/gate-3/status.txt - echo "$(date -Iseconds)" > gate-artifacts/gate-3/end-time.txt - ls -la gate-artifacts/gate-3/ || true - - - name: Upload consolidated gate 3 report - uses: actions/upload-artifact@v4 - with: - name: gate-3-complete-report - path: gate-artifacts/ - - # ============================================================================ - # GATE 4: Review & Approval Gate (PR only) - # ============================================================================ - - gate-4-review-required: - name: "Gate 4: Review & Approval Required" - runs-on: ubuntu-latest - needs: gate-3-complete - if: github.event_name == 'pull_request' - steps: - - name: Check PR approval status - uses: actions/github-script@v7 - with: - script: | - const { data: reviews } = await github.rest.pulls.listReviews({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number - }); - - const latestReviews = {}; - for (const review of reviews) { - latestReviews[review.user.login] = review.state; - } - - const hasApproval = Object.values(latestReviews).includes('APPROVED'); - const hasRequestChanges = Object.values(latestReviews).includes('CHANGES_REQUESTED'); - - console.log('Review Status:'); - console.log('=============='); - console.log('Approvals:', Object.values(latestReviews).filter(s => s === 'APPROVED').length); - console.log('Change Requests:', Object.values(latestReviews).filter(s => s === 'CHANGES_REQUESTED').length); - - if (hasRequestChanges) { - core.setFailed('❌ Changes requested - PR cannot proceed to deployment'); - } else if (!hasApproval) { - core.notice('⏳ PR approval required before merge - this gate will pass when approved'); - } else { - console.log('✅ PR approved - gate passed'); - } - - gate-4-complete: - name: "Gate 4: Review & Approval - Status" - runs-on: ubuntu-latest - needs: gate-4-review-required - if: always() && github.event_name == 'pull_request' - steps: - - name: Gate 4 status - run: | - echo "🚦 GATE 4: REVIEW & APPROVAL" - echo "================================================" - echo "Note: This gate requires human approval" - echo "PR must be approved by reviewers before auto-merge" - echo "" - if [ "${{ needs.gate-4-review-required.result }}" == "success" ]; then - echo "✅ Review approval received" - echo "Proceeding to Gate 5: Deployment (post-merge)..." - else - echo "⏳ Awaiting review approval" - echo "Gate will complete when PR is approved" - fi - - # ============================================================================ - # GATE 5: Deployment Gate (post-merge, main branch only) - # ============================================================================ - - gate-5-deployment-ready: - name: "Gate 5: Deployment Ready" - runs-on: ubuntu-latest - needs: gate-3-complete - if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master') - steps: - - name: Deployment gate checkpoint - run: | - echo "🚦 GATE 5: DEPLOYMENT VALIDATION" - echo "================================================" - echo "Code merged to main branch" - echo "Ready for staging deployment" - echo "" - echo "✅ ALL GATES PASSED" - echo "================================================" - echo "✓ Gate 1: Code Quality (7 atomic steps)" - echo "✓ Gate 2: Testing (3 atomic steps)" - echo "✓ Gate 3: Build & Package (2 atomic steps)" - echo "✓ Gate 4: Review & Approval" - echo "✓ Gate 5: Ready for Deployment" - echo "" - echo "Note: Production deployment requires manual approval" - echo "Use workflow_dispatch with environment='production'" - - # ============================================================================ - # Summary Report with Gate Artifacts - # ============================================================================ - - gates-summary: - name: "🎯 Gates Summary with Audit Trail" - runs-on: ubuntu-latest - needs: [gate-1-complete, gate-2-complete, gate-3-complete] - if: always() - steps: - - name: Download all gate artifacts - uses: actions/download-artifact@v4 - with: - pattern: gate-*-complete-report - path: all-gate-artifacts/ - merge-multiple: true - - - name: Generate comprehensive gates report - uses: actions/github-script@v7 - with: - script: | - const fs = require('fs'); - const gates = [ - { name: 'Gate 1: Code Quality (Atomic)', status: '${{ needs.gate-1-complete.result }}', steps: 7 }, - { name: 'Gate 2: Testing (Atomic)', status: '${{ needs.gate-2-complete.result }}', steps: 3 }, - { name: 'Gate 3: Build & Package (Atomic)', status: '${{ needs.gate-3-complete.result }}', steps: 2 } - ]; - - let summary = '## 🚦 Enterprise Gated CI/CD Pipeline Summary (Atomic)\n\n'; - summary += '### Gate Results\n\n'; - - for (const gate of gates) { - const icon = gate.status === 'success' ? '✅' : - gate.status === 'failure' ? '❌' : - gate.status === 'skipped' ? '⏭️' : '⏳'; - summary += `${icon} **${gate.name}**: ${gate.status} (${gate.steps} atomic steps)\n`; - } - - summary += '\n### Atomic Step Visualization\n\n'; - summary += 'Each gate consists of individual atomic validation steps for better visibility:\n\n'; - summary += '**Gate 1 Steps:**\n'; - summary += '- 1.1 Prisma Validation\n'; - summary += '- 1.2 TypeScript Check\n'; - summary += '- 1.3 ESLint\n'; - summary += '- 1.4 Security Scan\n'; - summary += '- 1.5 File Size Check\n'; - summary += '- 1.6 Code Complexity\n'; - summary += '- 1.7 Stub Detection\n\n'; - - summary += '**Gate 2 Steps:**\n'; - summary += '- 2.1 Unit Tests\n'; - summary += '- 2.2 E2E Tests\n'; - summary += '- 2.3 DBAL Daemon Tests\n\n'; - - summary += '**Gate 3 Steps:**\n'; - summary += '- 3.1 Application Build\n'; - summary += '- 3.2 Quality Metrics\n\n'; - - summary += '### Gate Artifacts\n\n'; - summary += 'All validation results are preserved as artifacts for audit trail:\n'; - summary += '- Security scan results\n'; - summary += '- Code complexity analysis\n'; - summary += '- Test coverage reports\n'; - summary += '- Bundle size analysis\n'; - summary += '- Quality metrics\n\n'; - - if (context.eventName === 'pull_request') { - summary += '### Next Steps\n'; - summary += '- ✅ All CI gates passed with atomic validation\n'; - summary += '- ⏳ Awaiting PR approval (Gate 4)\n'; - summary += '- 📋 Once approved, PR will auto-merge\n'; - summary += '- 🚀 Deployment gates (Gate 5) run after merge to main\n'; - } - - console.log(summary); - - // Post comment on PR if applicable - if (context.eventName === 'pull_request') { - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - body: summary - }); - } - - - name: Upload complete audit trail - uses: actions/upload-artifact@v4 - with: - name: complete-gate-audit-trail - path: all-gate-artifacts/ - retention-days: 30 diff --git a/GATE_1.2_IMPLEMENTATION_SUMMARY.md b/GATE_1.2_IMPLEMENTATION_SUMMARY.md index 5ecd2c2b0..fe09c4e11 100644 --- a/GATE_1.2_IMPLEMENTATION_SUMMARY.md +++ b/GATE_1.2_IMPLEMENTATION_SUMMARY.md @@ -51,8 +51,8 @@ export interface Session { } ``` -### 4. Updated CI/CD Workflows -Both `gated-ci.yml` and `gated-ci-atomic.yml` now: +### 4. Updated CI/CD Workflow +The `gated-ci.yml` workflow now: 1. Install root dependencies 2. Install DBAL dependencies 3. **Run DBAL codegen** ← NEW STEP @@ -107,17 +107,16 @@ While fixing Gate 1.2, also implemented comprehensive container image support: ## Files Changed -### Core Fixes (8 files, +682 lines) +### Core Fixes (7 files, +682 lines) 1. `dbal/shared/tools/codegen/generate-types.ts` - Fixed multi-document parsing, added index signatures -2. `.github/workflows/gated-ci-atomic.yml` - Added DBAL codegen step -3. `.github/workflows/gated-ci.yml` - Added DBAL codegen step +2. `.github/workflows/gated-ci.yml` - Added DBAL codegen step -### Container Support (5 files) -4. `frontends/nextjs/Dockerfile` - Production-ready multi-stage build -5. `.github/workflows/container-build.yml` - Automated image publishing -6. `docker-compose.ghcr.yml` - Easy deployment -7. `.dockerignore` - Optimized builds -8. `docs/CONTAINER_IMAGES.md` - Usage documentation +### Container Support (4 files) +3. `frontends/nextjs/Dockerfile` - Production-ready multi-stage build +4. `.github/workflows/container-build.yml` - Automated image publishing +5. `docker-compose.ghcr.yml` - Easy deployment +6. `.dockerignore` - Optimized builds +7. `docs/CONTAINER_IMAGES.md` - Usage documentation ## Verification diff --git a/PLAYWRIGHT_CI_FIX_SUMMARY.md b/PLAYWRIGHT_CI_FIX_SUMMARY.md index 09fc73ed4..10f93f6f8 100644 --- a/PLAYWRIGHT_CI_FIX_SUMMARY.md +++ b/PLAYWRIGHT_CI_FIX_SUMMARY.md @@ -6,11 +6,10 @@ ## Investigation Results ### The Blocker -The CI workflows defined in: +The CI workflow defined in: - `.github/workflows/gated-ci.yml` -- `.github/workflows/gated-ci-atomic.yml` -Were **failing** because they execute test commands from the `frontends/nextjs` working directory: +Was **failing** because it executes test commands from the `frontends/nextjs` working directory: ```yaml defaults: