ci: restructure Actions pipeline into an event-aware DAG#142
Merged
Conversation
Each check runs once and reports through an aggregate gate, so the workflow
graph reads as a map of what CI validates and when.
quality.yml — 9-stage DAG behind a Quality Gate: preflight (scope
detection) → static-analysis (Node 22), node-compat (unit on 20/22/24),
coverage (global + risk-weighted per-file floors), e2e-chrome (full
14-test Chrome suite), observability-lite, weekly mutation-baseline.
Stages self-select by event via job-level `if:`.
ci.yml "E2E Matrix" — daily cross-browser run, one job per browser binary
(WebKit desktop+mobile grouped), feeding flakiness/SLO trends.
security.yml — Security Gate over dependency review, npm audit, and a
secret-scan effect-proof scoped to security-governing changes.
observability-{lite,full-stack}.yml — reusable OTLP smoke (daily floor)
and weekly seven-service reference-stack validation.
setup-node-cache — one locked install with a content-derived cache key.
Contracts and docs track the new DAG. Required-check migration to
[Quality Gate, Security Gate] is staged for merge-time.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this adds
A single event-aware pipeline where every workflow runs a check once and
reports through an aggregate gate.
quality.yml — 9-stage DAG →
Quality Gatepreflight(path/scope detection) fans out to:static-analysis— lint, typecheck, format, workflow lint on Node 22node-compat— unit suite on Node 20 / 22 / 24coverage— one run enforcing the globalsrc/**floor + risk-weightedper-file floors
e2e-chrome— the full 14-test Chrome suite (smoke + guarded + examples)observability-lite— OTLP export smokemutation-baseline— weekly, advisoryEach stage self-selects by event with job-level
if:, so nothing spins upa runner just to skip.
ci.yml "E2E Matrix" — daily cross-browser validation, one job per
browser binary (WebKit desktop+mobile grouped), feeding flakiness and SLO
trends.
security.yml →
Security Gate— dependency review, npm audit, and asecret-scan effect-proof scoped to security-governing changes.
observability-lite.yml / observability-full-stack.yml — a reusable
OTLP smoke (also a daily floor) and a weekly seven-service reference-stack
validation that never gates a PR.
setup-node-cache — one locked
npm ciwith a content-derived cachekey, shared by every job.
examples.ymlfolds intoe2e-chrome; coverageand
verifycollapse to one canonical run each.Why this shape
Reusable workflows plus an aggregate gate keep the graph legible and let
each check declare its own event/path relevance. Running every unique check
once also trims runner-minutes — ~-41% on a high-risk PR, ~-75% on a main
push, ~-58% on the daily matrix — with no unique validation dropped.