mosaic/bootstrap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80c3680ccb3b4175c05ecf4b2d725afbc33f34d8
bootstrap/tools/quality/docs/CI-SETUP.md
Jason Woltje 80c3680ccb feat: rename rails/ to tools/ and add service tool suites 
Rename the `rails/` directory to `tools/` for agent discoverability —
agents frequently failed to locate helper scripts due to the non-intuitive
directory name. Add backward-compat symlink `rails/ → tools/`.

New tool suites:
- Authentik: auth-token, user-list, user-create, group-list, app-list,
  flow-list, admin-status (8 scripts)
- Coolify: team-list, project-list, service-list, service-status, deploy,
  env-set (7 scripts)
- Woodpecker: pipeline-list, pipeline-status, pipeline-trigger (3 stubs)
- GLPI: session-init, computer-list, ticket-list, ticket-create, user-list
  (6 scripts)
- Health: stack-health.sh — stack-wide connectivity check

Infrastructure:
- Shared credential loader at tools/_lib/credentials.sh
- install.sh creates symlink + chmod on tool scripts
- All ~253 rails/ path references updated across 68+ files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 11:51:39 -06:00

175 lines
3.1 KiB
Markdown
Raw Blame History

# CI/CD Configuration Guide
Configure Woodpecker CI, GitHub Actions, or GitLab CI for quality enforcement.
## Woodpecker CI
Quality Rails includes `.woodpecker.yml` template.
### Pipeline Stages
1. **Install** - Dependencies
2. **Security Audit** - npm audit for CVEs
3. **Lint** - ESLint checks
4. **Type Check** - TypeScript compilation
5. **Test** - Jest with coverage thresholds
6. **Build** - Production build
### Configuration
No additional configuration needed. Push to repository and Woodpecker runs automatically.
### Blocking Merges
Configure Woodpecker to block merges on pipeline failure:
1. Repository Settings → Protected Branches
2. Require Woodpecker pipeline to pass
## GitHub Actions
Copy from `templates/typescript-node/.github/workflows/quality.yml`:
```yaml
name: Quality Enforcement
on: [push, pull_request]
jobs:
quality:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- run: npm ci
- run: npm audit --audit-level=high
- run: npm run lint
- run: npm run type-check
- run: npm run test -- --coverage
- run: npm run build
```
### Blocking Merges
1. Repository Settings → Branches → Branch protection rules
2. Require status checks to pass: `quality`
## GitLab CI
Copy from `templates/typescript-node/.gitlab-ci.yml`:
```yaml
stages:
- install
- audit
- quality
- build
install:
stage: install
script:
- npm ci
audit:
stage: audit
script:
- npm audit --audit-level=high
lint:
stage: quality
script:
- npm run lint
typecheck:
stage: quality
script:
- npm run type-check
test:
stage: quality
script:
- npm run test -- --coverage
build:
stage: build
script:
- npm run build
```
## Coverage Enforcement
Configure Jest coverage thresholds in `package.json`:
```json
{
"jest": {
"coverageThreshold": {
"global": {
"branches": 80,
"functions": 80,
"lines": 80,
"statements": 80
}
}
}
}
```
CI will fail if coverage drops below threshold.
## Security Scanning
### npm audit
Runs automatically in CI. Adjust sensitivity:
```bash
npm audit --audit-level=moderate # Block moderate+
npm audit --audit-level=high # Block high+critical only
npm audit --audit-level=critical # Block critical only
```
### Snyk Integration
Add to CI for additional security:
```yaml
- run: npx snyk test
```
Requires `SNYK_TOKEN` environment variable.
## Notification Setup
### Woodpecker
Configure in Woodpecker UI:
- Slack/Discord webhooks
- Email notifications
- Status badges
### GitHub Actions
Add notification step:
```yaml
- name: Notify on failure
if: failure()
run: |
curl -X POST $WEBHOOK_URL -d "Build failed"
```
## Troubleshooting
**Pipeline fails but pre-commit passed:**
- CI runs all packages, pre-commit only checks changed files
- Fix issues in all packages, not just changed files
**npm audit blocks on low-severity:**
- Adjust `--audit-level` to `moderate` or `high`
**Coverage threshold too strict:**
- Lower thresholds in package.json
- Add coverage exceptions for specific files
Reference in New Issue View Git Blame Copy Permalink