diff --git a/.github/workflows/qa-matrix.yml b/.github/workflows/qa-matrix.yml index 82adbd7..8e569d1 100644 --- a/.github/workflows/qa-matrix.yml +++ b/.github/workflows/qa-matrix.yml @@ -39,6 +39,9 @@ jobs: - name: Lint run: npm run lint + - name: Verify clean working tree after lint + run: git diff --name-status --exit-code + - name: Unit and integration tests run: npm test -- --runInBand diff --git a/docs/plan/cicd_security.md b/docs/plan/cicd_security.md index e090271..e19c254 100644 --- a/docs/plan/cicd_security.md +++ b/docs/plan/cicd_security.md @@ -13,6 +13,7 @@ This document defines the CI/CD security and quality baseline for `ai-code-fusio ## Security and Quality Layers 1. Source and policy gates +- Prettier formatter drift gate (`npm run format:check`, non-mutating). - ESLint gate for `src/` and `tests/`. - Markdown integrity lint (`scripts/lint-markdown-links.js`) for broken docs links/assets. - Markdown style lint (`markdownlint-cli`) with `.markdownlint.json`. @@ -44,12 +45,14 @@ This document defines the CI/CD security and quality baseline for `ai-code-fusio ### Lint and Changelog Gates - `npm run lint` now runs: + - Prettier check (`format:check`) - ESLint (`src/`, `tests/`) - Markdown lint (`lint:md`) - Changelog lint (`changelog:validate`) - `lint:md` runs both: - Markdown link/asset checks - Markdown style policy checks +- QA matrix enforces a clean repository state after lint with `git diff --name-status --exit-code`. ### SBOM Push to GitHub Security diff --git a/package.json b/package.json index ee91c89..915847b 100644 --- a/package.json +++ b/package.json @@ -17,13 +17,14 @@ "predev": "npm run build:ts && node scripts/clean-dev-assets.js", "dev": "node scripts/index.js dev", "clear-assets": "rimraf src/renderer/bundle.js src/renderer/bundle.js.map src/renderer/bundle.js.LICENSE.txt src/renderer/output.css", - "lint": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint src tests --ext .js,.jsx,.ts,.tsx --cache && npm run lint:md && npm run changelog:validate", + "lint": "npm run format:check && cross-env ESLINT_USE_FLAT_CONFIG=false eslint src tests --ext .js,.jsx,.ts,.tsx --cache && npm run lint:md && npm run changelog:validate", "lint:md": "npm run lint:md:links && npm run lint:md:style", "lint:md:links": "node scripts/lint-markdown-links.js", "lint:md:style": "markdownlint \"**/*.{md,mdx}\" --config .markdownlint.json --ignore node_modules --ignore dist", "changelog:validate": "node scripts/validate-changelog.js", "lint:tests": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint tests --ext .js,.jsx,.ts,.tsx --cache", "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,md,html,css}\"", + "format:check": "prettier --check --end-of-line auto \"**/*.{json,md,html,css}\"", "test": "jest --config jest.config.js --passWithNoTests", "test:watch": "jest --watch --config jest.config.js --passWithNoTests", "test:stress": "jest --config jest.config.js --runInBand --testMatch=\"**/tests/stress/**/*.{js,jsx,ts,tsx}\" --verbose", diff --git a/tests/catalog.md b/tests/catalog.md index 9d67dbf..b09f303 100644 --- a/tests/catalog.md +++ b/tests/catalog.md @@ -9,6 +9,7 @@ Purpose: quick map of what is covered, why it exists, and which command to run. - Stress publish verification in Prometheus: `npm run prometheus:verify` - End-to-end perf metrics job (`TOOLS_DOMAIN` aware): `npm run perf:test` or `make perf-test` - Lint: `npm run lint` +- Formatter drift check (non-mutating): `npm run format:check` - Markdown docs lint (links/images/icons): `npm run lint:md` - Changelog format validation: `npm run changelog:validate` - Electron E2E (Playwright): `npm run e2e:playwright` @@ -105,5 +106,8 @@ Stress benchmark outputs: - `tests/unit/utils/token-counter.test.ts` - Actions/workflow freshness automation changes: - `tests/unit/scripts/actions-freshness.test.js` +- CI quality gate/workflow changes: + - `npm run lint` + - `npm test -- --runInBand` - XML export end-to-end: - `tests/integration/main-process/xml-export-e2e.test.ts`