Skip to content

ci: restructure Actions pipeline into an event-aware DAG#142

Merged
jsugg merged 1 commit into
mainfrom
ci/pipeline-dag-optimization
Jul 14, 2026
Merged

ci: restructure Actions pipeline into an event-aware DAG#142
jsugg merged 1 commit into
mainfrom
ci/pipeline-dag-optimization

Conversation

@jsugg

@jsugg jsugg commented Jul 14, 2026

Copy link
Copy Markdown
Owner

What this adds

A single event-aware pipeline where every workflow runs a check once and
reports through an aggregate gate.

quality.yml — 9-stage DAG → Quality Gate
preflight (path/scope detection) fans out to:

  • static-analysis — lint, typecheck, format, workflow lint on Node 22
  • node-compat — unit suite on Node 20 / 22 / 24
  • coverage — one run enforcing the global src/** floor + risk-weighted
    per-file floors
  • e2e-chrome — the full 14-test Chrome suite (smoke + guarded + examples)
  • observability-lite — OTLP export smoke
  • mutation-baseline — weekly, advisory

Each stage self-selects by event with job-level if:, so nothing spins up
a runner just to skip.

ci.yml "E2E Matrix" — daily cross-browser validation, one job per
browser binary (WebKit desktop+mobile grouped), feeding flakiness and SLO
trends.

security.yml → Security Gate — dependency review, npm audit, and a
secret-scan effect-proof scoped to security-governing changes.

observability-lite.yml / observability-full-stack.yml — a reusable
OTLP smoke (also a daily floor) and a weekly seven-service reference-stack
validation that never gates a PR.

setup-node-cache — one locked npm ci with a content-derived cache
key, shared by every job. examples.yml folds into e2e-chrome; coverage
and verify collapse to one canonical run each.

Why this shape

Reusable workflows plus an aggregate gate keep the graph legible and let
each check declare its own event/path relevance. Running every unique check
once also trims runner-minutes — ~-41% on a high-risk PR, ~-75% on a main
push, ~-58% on the daily matrix — with no unique validation dropped.

Each check runs once and reports through an aggregate gate, so the workflow
graph reads as a map of what CI validates and when.

quality.yml — 9-stage DAG behind a Quality Gate: preflight (scope
  detection) → static-analysis (Node 22), node-compat (unit on 20/22/24),
  coverage (global + risk-weighted per-file floors), e2e-chrome (full
  14-test Chrome suite), observability-lite, weekly mutation-baseline.
  Stages self-select by event via job-level `if:`.
ci.yml "E2E Matrix" — daily cross-browser run, one job per browser binary
  (WebKit desktop+mobile grouped), feeding flakiness/SLO trends.
security.yml — Security Gate over dependency review, npm audit, and a
  secret-scan effect-proof scoped to security-governing changes.
observability-{lite,full-stack}.yml — reusable OTLP smoke (daily floor)
  and weekly seven-service reference-stack validation.
setup-node-cache — one locked install with a content-derived cache key.

Contracts and docs track the new DAG. Required-check migration to
[Quality Gate, Security Gate] is staged for merge-time.
@jsugg jsugg merged commit 5eebc25 into main Jul 14, 2026
20 checks passed
@jsugg jsugg deleted the ci/pipeline-dag-optimization branch July 14, 2026 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant