diff --git a/.github/workflows/agent-label-sync.yml b/.github/workflows/agent-label-sync.yml deleted file mode 100644 index 290e09f0..00000000 --- a/.github/workflows/agent-label-sync.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Agent Label Sync - -on: - workflow_dispatch: - push: - paths: - - '.github/workflows/agent-label-sync.yml' - -permissions: - contents: read - issues: write - -jobs: - sync: - runs-on: ubuntu-latest - steps: - - name: Create or update agent labels - uses: actions/github-script@v7 - with: - script: | - const labels = [ - { name: "agent:ready", color: "0E8A16", description: "Task is ready to be picked up by an agent." }, - { name: "agent:in-progress", color: "1D76DB", description: "Agent is actively implementing this task." }, - { name: "agent:blocked", color: "B60205", description: "Agent cannot proceed without human decision/input." }, - { name: "risk:low", color: "0E8A16", description: "Low-risk change with small regression surface." }, - { name: "risk:medium", color: "FBCA04", description: "Medium-risk change requiring careful review." }, - { name: "risk:high", color: "D93F0B", description: "High-risk change; strict human gate required." }, - { name: "area:frontend", color: "5319E7", description: "Frontend/UI related work." }, - { name: "area:backend", color: "0052CC", description: "Backend/runtime logic related work." }, - { name: "area:infra", color: "0366D6", description: "Infrastructure/CI/tooling related work." }, - { name: "area:docs", color: "0075CA", description: "Documentation/process related work." }, - { name: "area:security", color: "B60205", description: "Security hardening or vulnerability-related work." }, - { name: "area:release", color: "C2E0C6", description: "Release/build/distribution related work." }, - { name: "kpi-digest", color: "D4C5F9", description: "Weekly KPI digest issue for tracking team metrics." }, - { name: "escaped-regression", color: "E99695", description: "Bug that escaped to production/main post-merge." } - ]; - - for (const label of labels) { - try { - await github.rest.issues.updateLabel({ - owner: context.repo.owner, - repo: context.repo.repo, - name: label.name, - new_name: label.name, - color: label.color, - description: label.description - }); - } catch (error) { - if (error.status === 404) { - await github.rest.issues.createLabel({ - owner: context.repo.owner, - repo: context.repo.repo, - name: label.name, - color: label.color, - description: label.description - }); - } else { - throw error; - } - } - } diff --git a/.github/workflows/agent-task-queue.yml b/.github/workflows/agent-task-queue.yml deleted file mode 100644 index 1c8b5227..00000000 --- a/.github/workflows/agent-task-queue.yml +++ /dev/null @@ -1,136 +0,0 @@ -name: Agent Task Queue - -on: - issues: - types: [opened, labeled] - -permissions: - contents: read - issues: write - -jobs: - queue: - if: >- - ${{ github.event.issue.pull_request == null && ((github.event.action == 'labeled' && github.event.label.name == 'agent:ready') || (github.event.action == 'opened' && contains(github.event.issue.labels.*.name, 'agent:ready'))) }} - runs-on: ubuntu-latest - env: - VERIFY_COMMAND: bash scripts/verify - steps: - - name: Build agent task packet and notify Copilot - uses: actions/github-script@v7 - with: - script: | - const issue = context.payload.issue; - const owner = context.repo.owner; - const repo = context.repo.repo; - const issue_number = issue.number; - - const currentLabels = (issue.labels || []).map(l => typeof l === "string" ? l : l.name); - const hadReady = currentLabels.includes("agent:ready"); - const hadInProgress = currentLabels.includes("agent:in-progress"); - - if (!hadReady && context.payload.action === "opened") { - core.info("Issue opened without agent:ready; skipping queue."); - return; - } - - const comments = await github.paginate(github.rest.issues.listComments, { - owner, - repo, - issue_number, - per_page: 100, - }); - - const existingContract = comments.find(c => - c.body?.includes("### Execution Contract") && - c.body?.includes(`- #${issue_number}:`) - ); - - let addedInProgress = false; - let removedReady = false; - - try { - if (!hadInProgress) { - await github.rest.issues.addLabels({ - owner, - repo, - issue_number, - labels: ["agent:in-progress"], - }); - addedInProgress = true; - } - - if (hadReady) { - try { - await github.rest.issues.removeLabel({ - owner, - repo, - issue_number, - name: "agent:ready", - }); - removedReady = true; - } catch (error) { - if (error.status === 404) { - core.info("agent:ready was already removed."); - } else { - throw error; - } - } - } - - if (existingContract) { - core.info("Execution contract already exists; transition applied without duplicate enqueue."); - return; - } - - const lines = [ - "@copilot Please implement this task using repository guardrails.", - "", - "### Execution Contract", - "1. Keep the change minimal and in scope.", - "2. Run deterministic verification before requesting review.", - `3. Required verification command: \`${process.env.VERIFY_COMMAND}\`.`, - "4. Include PR sections: Summary, Risk, Evidence, Rollback, Scope Guard.", - "5. Do not merge; maintainers perform final human review.", - "", - "### Source Issue", - `- #${issue_number}: ${issue.title}`, - ]; - - await github.rest.issues.createComment({ - owner, - repo, - issue_number, - body: lines.join("\n"), - }); - } catch (error) { - core.warning(`Queue transition failed: ${error.message}`); - - if (addedInProgress && !hadInProgress) { - try { - await github.rest.issues.removeLabel({ - owner, - repo, - issue_number, - name: "agent:in-progress", - }); - } catch (rollbackError) { - core.warning(`Rollback remove agent:in-progress failed: ${rollbackError.message}`); - } - } - - if (removedReady && hadReady) { - try { - await github.rest.issues.addLabels({ - owner, - repo, - issue_number, - labels: ["agent:ready"], - }); - } catch (rollbackError) { - core.warning(`Rollback add agent:ready failed: ${rollbackError.message}`); - } - } - - throw error; - } diff --git a/.github/workflows/applitools-visual.yml b/.github/workflows/applitools-visual.yml deleted file mode 100644 index 1d50d454..00000000 --- a/.github/workflows/applitools-visual.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Applitools Visual - -on: - push: - branches: [main] - pull_request: - branches: [main] - workflow_dispatch: - -permissions: - contents: read - -jobs: - applitools-visual: - name: Applitools Visual - runs-on: ubuntu-latest - defaults: - run: - working-directory: frontend/webcoder_ui - env: - APPLITOOLS_PR_ORIGIN: ${{ (github.actor == 'dependabot[bot]') || (github.event.pull_request.user.login == 'dependabot[bot]') }} - HAS_APPLITOOLS_KEY: ${{ secrets.APPLITOOLS_API_KEY != '' }} - E2E_BASE_URL: http://127.0.0.1:3100 - APPLITOOLS_RESULTS_PATH: applitools/results.json - APPLITOOLS_BATCH_NAME: GitHub-${{ github.workflow }}-${{ github.ref_name }} - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - with: - persist-credentials: false - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: "24" - cache: "npm" - cache-dependency-path: frontend/webcoder_ui/package-lock.json - - - name: Validate Applitools credentials - id: applitools - env: - APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }} - run: | - set -euo pipefail - if [ -z "${APPLITOOLS_API_KEY}" ]; then - if [ "${APPLITOOLS_PR_ORIGIN}" = "true" ]; then - echo "available=false" >> "$GITHUB_OUTPUT" - echo "Applitools was skipped because APPLITOOLS_API_KEY is unavailable in this Dependabot context." - exit 0 - fi - echo "APPLITOOLS_API_KEY is not configured for this repository." >&2 - exit 1 - fi - - status="$(curl -sS -o /tmp/applitools-renderinfo.json -w '%{http_code}' \ - -H "X-Api-Key: ${APPLITOOLS_API_KEY}" \ - "https://eyesapi.applitools.com/api/sessions/renderinfo")" - if [ "${status}" = "200" ]; then - echo "available=true" >> "$GITHUB_OUTPUT" - exit 0 - fi - - if [ "${APPLITOOLS_PR_ORIGIN}" = "true" ]; then - echo "available=false" >> "$GITHUB_OUTPUT" - echo "Applitools was skipped because credentials validation failed with HTTP ${status} in this Dependabot context." - exit 0 - fi - - echo "Applitools credentials validation failed with HTTP ${status}." >&2 - exit 1 - - - name: Install dependencies - if: steps.applitools.outputs.available == 'true' - run: npm ci - - - name: Install Playwright browser - if: steps.applitools.outputs.available == 'true' - run: npx playwright install --with-deps chromium - - - name: Run Applitools snapshots - if: steps.applitools.outputs.available == 'true' - env: - APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }} - run: npm run e2e:applitools - - - name: Note skipped Applitools run - if: steps.applitools.outputs.available != 'true' - run: echo "Applitools visual validation was skipped because credentials are unavailable in this Dependabot context." diff --git a/.github/workflows/chromatic-playwright.yml b/.github/workflows/chromatic-playwright.yml deleted file mode 100644 index 5cabe681..00000000 --- a/.github/workflows/chromatic-playwright.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: Chromatic Playwright - -on: - push: - branches: [main] - pull_request: - branches: [main] - workflow_dispatch: - -permissions: - contents: read - -concurrency: - group: chromatic-playwright-${{ github.ref }} - cancel-in-progress: true - -jobs: - chromatic: - name: Chromatic Playwright - runs-on: ubuntu-latest - defaults: - run: - working-directory: frontend/webcoder_ui - env: - CHROMATIC_ARCHIVE_LOCATION: test-results - CHROMATIC_PR_ORIGIN: ${{ (github.actor == 'dependabot[bot]') || (github.event.pull_request.user.login == 'dependabot[bot]') }} - HAS_CHROMATIC_TOKEN: ${{ secrets.CHROMATIC_PROJECT_TOKEN != '' }} - E2E_BASE_URL: http://127.0.0.1:3100 - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - with: - fetch-depth: 0 - persist-credentials: false - - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: "24" - cache: "npm" - cache-dependency-path: frontend/webcoder_ui/package-lock.json - - - name: Fail when Chromatic token is missing for a maintained branch - if: ${{ env.HAS_CHROMATIC_TOKEN != 'true' && env.CHROMATIC_PR_ORIGIN != 'true' }} - run: | - echo "CHROMATIC_PROJECT_TOKEN is not configured for this repository." - exit 1 - - - name: Install dependencies - if: ${{ env.HAS_CHROMATIC_TOKEN == 'true' }} - run: npm ci - - - name: Install Playwright browser - if: ${{ env.HAS_CHROMATIC_TOKEN == 'true' }} - run: npx playwright install --with-deps chromium - - - name: Generate Playwright archives - if: ${{ env.HAS_CHROMATIC_TOKEN == 'true' }} - run: npm run e2e:chromatic - - - name: Upload to Chromatic (dependency/tooling auto-accept) - if: ${{ env.HAS_CHROMATIC_TOKEN == 'true' && env.CHROMATIC_PR_ORIGIN == 'true' }} - uses: chromaui/action@5ec258af08deb3e8c36653bd618cb7fe52090031 # v15.2.0 - with: - projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} - playwright: true - workingDir: frontend/webcoder_ui - autoAcceptChanges: true - env: - CHROMATIC_ARCHIVE_LOCATION: test-results - - - name: Upload to Chromatic - if: ${{ env.HAS_CHROMATIC_TOKEN == 'true' && env.CHROMATIC_PR_ORIGIN != 'true' }} - uses: chromaui/action@5ec258af08deb3e8c36653bd618cb7fe52090031 # v15.2.0 - with: - projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} - playwright: true - workingDir: frontend/webcoder_ui - env: - CHROMATIC_ARCHIVE_LOCATION: test-results - - - name: Note skipped Chromatic run - if: ${{ env.HAS_CHROMATIC_TOKEN != 'true' && env.CHROMATIC_PR_ORIGIN == 'true' }} - run: echo "Chromatic Playwright was skipped because CHROMATIC_PROJECT_TOKEN is unavailable in this Dependabot context." diff --git a/.github/workflows/codecov-analytics.yml b/.github/workflows/codecov-analytics.yml deleted file mode 100644 index 959abc1e..00000000 --- a/.github/workflows/codecov-analytics.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Codecov Analytics - -permissions: - contents: read - id-token: write - -on: - push: - branches: [main, master] - pull_request: - branches: [main, master] - merge_group: - types: [checks_requested] - workflow_dispatch: - -jobs: - shared-codecov-analytics: - permissions: - contents: read - id-token: write - uses: Prekzursil/quality-zero-platform/.github/workflows/reusable-codecov-analytics.yml@d7a94db4ab57df42940832cf67b730c673af7da6 - with: - repo_slug: ${{ github.repository }} - event_name: ${{ github.event_name }} - sha: ${{ github.event.pull_request.head.sha || github.sha }} - platform_repository: Prekzursil/quality-zero-platform - platform_ref: main - secrets: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/kpi-weekly-digest.yml b/.github/workflows/kpi-weekly-digest.yml deleted file mode 100644 index 4f8b8697..00000000 --- a/.github/workflows/kpi-weekly-digest.yml +++ /dev/null @@ -1,113 +0,0 @@ -name: KPI Weekly Digest - -on: - workflow_dispatch: - schedule: - - cron: '15 6 * * 1' - -permissions: - contents: read - issues: write - pull-requests: read - -jobs: - digest: - runs-on: ubuntu-latest - steps: - - name: Publish weekly KPI digest issue - uses: actions/github-script@v7 - with: - script: | - const owner = context.repo.owner; - const repo = context.repo.repo; - - const now = new Date(); - const since = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000); - const sinceIso = since.toISOString(); - - const requiredLabels = [ - { name: "area:infra", color: "0366D6", description: "Infrastructure/CI/tooling related work." }, - { name: "risk:low", color: "0E8A16", description: "Low-risk change with small regression surface." }, - { name: "kpi-digest", color: "D4C5F9", description: "Weekly KPI digest issue for tracking team metrics." }, - ]; - - for (const label of requiredLabels) { - try { - await github.rest.issues.updateLabel({ - owner, - repo, - name: label.name, - new_name: label.name, - color: label.color, - description: label.description, - }); - } catch (error) { - if (error.status === 404) { - await github.rest.issues.createLabel({ - owner, - repo, - name: label.name, - color: label.color, - description: label.description, - }); - } else { - throw error; - } - } - } - - const pulls = await github.paginate(github.rest.pulls.list, { - owner, - repo, - state: "all", - sort: "updated", - direction: "desc", - per_page: 100, - }); - - const mergedLast7d = pulls.filter(pr => pr.merged_at && new Date(pr.merged_at) >= since).length; - const openedLast7d = pulls.filter(pr => new Date(pr.created_at) >= since).length; - - const openIssues = await github.paginate(github.rest.issues.listForRepo, { - owner, - repo, - state: "open", - per_page: 100, - }); - - const openAgentIssues = openIssues.filter( - i => - !i.pull_request && - (i.labels || []).some(l => ["agent:ready", "agent:in-progress", "agent:blocked"].includes(l.name)) - ).length; - - const title = `Weekly KPI Digest - ${now.toISOString().slice(0, 10)}`; - const body = [ - "## Summary", - `- Window start: ${sinceIso}`, - `- Window end: ${now.toISOString()}`, - "", - "## Automated Snapshot", - `- PRs opened (7d): ${openedLast7d}`, - `- PRs merged (7d): ${mergedLast7d}`, - `- Open agent-tracked issues: ${openAgentIssues}`, - "", - "## KPI Fields (fill/verify)", - "- Intake-to-PR lead time:", - "- PR cycle time:", - "- Queue failure rate:", - "- Agent rework rate:", - "- Evidence completeness rate:", - "- Regression incident count:", - "", - "## Notes", - "- Add blockers, regressions, and remediation actions.", - ].join("\n"); - - await github.rest.issues.create({ - owner, - repo, - title, - body, - labels: ["area:infra", "risk:low", "kpi-digest"], - }); diff --git a/.github/workflows/quality-zero-backlog.yml b/.github/workflows/quality-zero-backlog.yml deleted file mode 100644 index 7f76f63d..00000000 --- a/.github/workflows/quality-zero-backlog.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Quality Zero Backlog - -permissions: {} - -on: - schedule: - - cron: "0 3 * * *" - workflow_dispatch: - -jobs: - backlog-sweep: - permissions: - contents: write - pull-requests: write - uses: Prekzursil/quality-zero-platform/.github/workflows/reusable-backlog-sweep.yml@7268fee30f1cf796938d97fe460259f27386a8cd - with: - repo_slug: ${{ github.repository }} - lane: quality - secrets: - CODEX_AUTH_JSON: ${{ secrets.CODEX_AUTH_JSON }} diff --git a/.github/workflows/quality-zero-gate.yml b/.github/workflows/quality-zero-gate.yml deleted file mode 100644 index 6fece530..00000000 --- a/.github/workflows/quality-zero-gate.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Quality Zero Gate - -permissions: - contents: read - -on: - push: - branches: [main, master] - pull_request: - branches: [main, master] - merge_group: - types: [checks_requested] - workflow_dispatch: - -jobs: - aggregate-gate: - permissions: - contents: read - uses: Prekzursil/quality-zero-platform/.github/workflows/reusable-quality-zero-gate.yml@d7a94db4ab57df42940832cf67b730c673af7da6 - with: - repo_slug: ${{ github.repository }} - event_name: ${{ github.event_name }} - sha: ${{ github.event.pull_request.head.sha || github.sha }} - platform_repository: Prekzursil/quality-zero-platform - platform_ref: main diff --git a/.github/workflows/quality-zero-platform.yml b/.github/workflows/quality-zero-platform.yml deleted file mode 100644 index a99c1ac6..00000000 --- a/.github/workflows/quality-zero-platform.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Quality Zero Platform - -permissions: - contents: read - id-token: write - pull-requests: write - -on: - push: - branches: [main, master] - pull_request: - branches: [main, master] - merge_group: - types: [checks_requested] - workflow_dispatch: - -jobs: - shared-scanner-matrix: - permissions: - contents: read - id-token: write - pull-requests: write - uses: Prekzursil/quality-zero-platform/.github/workflows/reusable-scanner-matrix.yml@d7a94db4ab57df42940832cf67b730c673af7da6 - with: - repo_slug: ${{ github.repository }} - event_name: ${{ github.event_name }} - branch_name: ${{ github.head_ref || github.ref_name }} - pull_request_number: ${{ github.event.pull_request.number || '' }} - pull_request_author: ${{ github.event.pull_request.user.login || '' }} - pull_request_head_ref: ${{ github.event.pull_request.head.ref || github.head_ref || '' }} - sha: ${{ github.event.pull_request.head.sha || github.sha }} - platform_repository: Prekzursil/quality-zero-platform - platform_ref: main - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - CODACY_API_TOKEN: ${{ secrets.CODACY_API_TOKEN }} - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - DEEPSCAN_API_TOKEN: ${{ secrets.DEEPSCAN_API_TOKEN }} diff --git a/.github/workflows/quality-zero-remediation.yml b/.github/workflows/quality-zero-remediation.yml deleted file mode 100644 index 40193de2..00000000 --- a/.github/workflows/quality-zero-remediation.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Quality Zero Remediation - -permissions: {} - -on: - workflow_run: # zizmor: ignore[dangerous-triggers] -- trusted private runner remediation only responds to internal gate failures. - workflows: ["Quality Zero Gate"] - types: [completed] - workflow_dispatch: - -jobs: - remediate: - if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'failure' - permissions: - contents: write - pull-requests: write - uses: Prekzursil/quality-zero-platform/.github/workflows/reusable-remediation-loop.yml@7268fee30f1cf796938d97fe460259f27386a8cd - with: - repo_slug: ${{ github.repository }} - failure_context: Quality Zero Gate - sha: ${{ github.event.workflow_run.head_sha || github.sha }} - secrets: - CODEX_AUTH_JSON: ${{ secrets.CODEX_AUTH_JSON }} diff --git a/codecov.yml b/codecov.yml deleted file mode 100644 index 1404be97..00000000 --- a/codecov.yml +++ /dev/null @@ -1,47 +0,0 @@ -codecov: - require_ci_to_pass: true - -coverage: - precision: 2 - round: down - range: "100...100" - status: - project: - default: - target: 100% - threshold: 0% - patch: - default: - target: 100% - threshold: 0% - -comment: - layout: "reach,diff,flags,files" - -flags: - backend: - paths: - - backend/ - frontend: - paths: - - frontend/webcoder_ui/ - -component_management: - default_rules: - statuses: - - type: project - target: 100% - threshold: 0% - individual_components: - - component_id: backend - name: backend - paths: - - backend/ - - component_id: frontend - name: frontend - paths: - - frontend/webcoder_ui/ - -bundle_analysis: - warning_threshold: "0%" - status: informational