Files
plex-playlist/docs
Xlorep DarkHelm 549469f105
All checks were successful
CICD Start / Sanity and Base Decision (push) Successful in 24s
CI: Establish source-first quality gate and simplify pipeline flow (#71)
This PR establishes a deterministic source-level quality gate before any build promotion and removes redundant post-build quality checks.

The new flow makes local developer workflow and CI behavior align:
- Developers run pre-commit locally (with auto-fix where appropriate)
- CI runs a check-only smoke gate to validate pre-commit cleanliness
- Build/test promotion only proceeds after source checks pass

## What Changed

### 1. Added a source-first quality gate

- Added a dedicated source gate workflow:
  - `.gitea/workflows/cicd-source-checks.yaml`
- Gate now:
  - Checks out target SHA
  - Bootstraps backend/frontend toolchains
  - Installs dependencies (`backend` via `uv`, `frontend` via `yarn`)
  - Runs `pre-commit --all-files` as the quality smoke test
- Downstream build dispatch only occurs if this gate passes.

### 2. Updated pipeline routing

- `cicd-start.yaml` now dispatches the source gate first.
- `cicd-start.yaml` push trigger now includes all branches so feature branches run the same gate.
- Added explicit routing logs in dispatch steps (route decision, SHA, trace id) for easier debugging.

### 3. Removed redundant checks workflow

- Removed:
  - `.gitea/workflows/cicd-checks.yaml`
- Updated:
  - `.gitea/workflows/docker-build-main.yaml` now dispatches `cicd-tests.yaml` directly after successful main build.

### 4. CI check-only behavior vs local auto-fix behavior

Updated `.pre-commit-config.yaml` so hooks that can auto-fix behave as:

- **Local developer pre-commit**: auto-fix enabled
- **CI source gate**: check-only (no auto-fix)

Applied to:
- `ruff` / `ruff-format`
- `eslint`
- `prettier`
- `tsdoc-lint`
- `markdownlint`
- `pretty-format-toml`

This keeps CI as a true smoke validation of local pre-commit compliance.

### 5. Renovate workflow hardening

- Improved auth/token handling and diagnostics in:
  - `.gitea/workflows/renovate.yml`
- Added support for internal/self-signed TLS endpoints used by this environment.

## Why

- Faster, earlier feedback on source quality failures
- Avoid expensive build/test progression when source hygiene fails
- Align CI with developer habits for predictable outcomes
- Remove duplicated quality checks and reduce pipeline complexity

## New Effective CI Flow

1. `cicd-start.yaml`
2. `cicd-source-checks.yaml` (pre-commit smoke gate)
3. `docker-build-base.yaml` / `docker-build-main.yaml`
4. `cicd-tests.yaml`

## Acceptance Criteria Mapping (Issue #60)

- Source-level lane runs independently and consistently: **Implemented**
- Source-lane failure blocks promotion: **Implemented**
- Outputs/logging are clear and actionable: **Implemented**

## Notes

- Source gate is intentionally check-only in CI.
- Developers should continue running local pre-commit before pushing.
- Any remaining failures in source gate indicate local pre-commit was not fully clean.

Co-authored-by: copilotcoder <copilotcoder@darkhelm.org>
Reviewed-on: #71
2026-07-02 07:21:18 -04:00
..