Files
Reza Rezvani dd6a6c24d7 feat(ci): implement comprehensive CI/CD workflows and quality gates
Phase 1: Core GitHub Workflows Implementation

Composite Actions (4):
- setup-python-deps: Cache Python dependencies for faster runs
- fork-safety: Detect fork PRs and prevent malicious write operations
- rate-limit-check: Circuit breaker pattern for GitHub API exhaustion
- quality-gates: Python syntax, Markdown lint, Bash validation, secret scanning

Workflows (5):
- bootstrap.yml: One-time repository setup (labels, milestones, settings)
- reusable-pr-checks.yml: DRY quality gate orchestrator
- pr-into-dev.yml: Feature PR validation (branch names, conventional commits, linked issues)
- dev-to-main.yml: Release gate validation (source branch, CHANGELOG, production readiness)
- release.yml: Manual release creation with GitHub releases and auto-generated notes

Branch Strategy: Standard (feature/* → dev → main)
Quality Gates: Python, Markdown, Bash, Secrets
Release Trigger: Manual via /release command or workflow_dispatch

Implements comprehensive CI/CD system adapted from blueprint:
- Fork safety and rate limiting for security
- Conventional commits enforcement
- Automated quality validation
- Production release gates
- GitHub release automation

Next: Phase 2 (templates, CODEOWNERS, dependabot)
2025-11-12 12:51:48 +01:00

128 lines
4.1 KiB
YAML

name: 'Reusable PR Quality Checks'
on:
workflow_call:
inputs:
python-version:
description: 'Python version to use'
required: false
default: '3.11'
type: string
skip-python:
description: 'Skip Python validation'
required: false
default: false
type: boolean
skip-markdown:
description: 'Skip Markdown validation'
required: false
default: false
type: boolean
skip-bash:
description: 'Skip Bash validation'
required: false
default: false
type: boolean
skip-secrets:
description: 'Skip secret scanning'
required: false
default: false
type: boolean
permissions:
contents: read
pull-requests: write
jobs:
quality-gates:
name: Quality Gates
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Fork safety check
id: fork-check
uses: ./.github/actions/fork-safety
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Rate limit check
uses: ./.github/actions/rate-limit-check
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
minimum-remaining: 50
- name: Run quality gates
id: quality
uses: ./.github/actions/quality-gates
with:
python-version: ${{ inputs.python-version }}
skip-python: ${{ inputs.skip-python }}
skip-markdown: ${{ inputs.skip-markdown }}
skip-bash: ${{ inputs.skip-bash }}
skip-secrets: ${{ inputs.skip-secrets }}
- name: Quality check summary
run: |
echo "## 🔍 Quality Gates Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
PYTHON_PASSED="${{ steps.quality.outputs.python-passed }}"
MARKDOWN_PASSED="${{ steps.quality.outputs.markdown-passed }}"
BASH_PASSED="${{ steps.quality.outputs.bash-passed }}"
SECRETS_PASSED="${{ steps.quality.outputs.secrets-passed }}"
ALL_PASSED="${{ steps.quality.outputs.all-passed }}"
echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
if [[ "${{ inputs.skip-python }}" != "true" ]]; then
if [[ "$PYTHON_PASSED" == "true" ]]; then
echo "| Python Syntax | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Python Syntax | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
fi
if [[ "${{ inputs.skip-markdown }}" != "true" ]]; then
if [[ "$MARKDOWN_PASSED" == "true" ]]; then
echo "| Markdown Lint | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Markdown Lint | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
fi
if [[ "${{ inputs.skip-bash }}" != "true" ]]; then
if [[ "$BASH_PASSED" == "true" ]]; then
echo "| Bash Scripts | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Bash Scripts | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
fi
if [[ "${{ inputs.skip-secrets }}" != "true" ]]; then
if [[ "$SECRETS_PASSED" == "true" ]]; then
echo "| Secret Scan | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Secret Scan | ⚠️ Warnings |" >> $GITHUB_STEP_SUMMARY
fi
fi
echo "" >> $GITHUB_STEP_SUMMARY
if [[ "$ALL_PASSED" == "true" ]]; then
echo "### ✅ All quality gates passed!" >> $GITHUB_STEP_SUMMARY
else
echo "### ❌ Some quality gates failed" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Please review the errors above and fix them before merging." >> $GITHUB_STEP_SUMMARY
fi
- name: Fail if quality gates failed
if: steps.quality.outputs.all-passed != 'true'
run: |
echo "::error::Quality gates failed. Please review and fix the issues."
exit 1