feat(ci): adopt @quality-gate/core for multi-metric merge gate#47
Merged
Conversation
🚦 Quality Gate — ⚙️ BOOTSTRAP
⚙️ Bootstrap pending — baseline will be created on first merge to default branch. Critical security issues still block. |
… drop unused QG_MODE - Cache /tmp/qg-core keyed on the pinned upstream SHA so subsequent CI runs skip the ~25s clone+install+build on hit. - _meta.json reads adapter.name / adapter.version from quality-gate.config.json (jq) so the snapshot the engine stores in baseline.json cannot drift from what the adapter reports. - Drop QG_MODE env from both workflows: the adapter never reads it and the contract didn't document it.
Collaborator
Author
Code reviewNo issues found. Checked for bugs and CLAUDE.md compliance. 🤖 Generated with Claude Code - If this code review was useful, please react with 👍. Otherwise, react with 👎. |
…tion - Split actions/cache into restore + conditional save so a crashed install/build never persists a partial /tmp/qg-core (missing dist/cli.js) under the fixed-SHA key. With the prior single-action cache, the post-step saved on job failure too, poisoning the cache for every later run until manual eviction or a pin bump. - Add src/app/landing + src/components/landing to the jscpd --ignore list so the duplication metric matches the coverage and file_size exclusions. Landing is a presentation-heavy marketing surface whose repeated section markup inflated the metric without signalling real duplication debt.
The endpoint cropped a screenshot using pinCoords. After the comment-only annotation flow landed in PR #44, no new annotation row has either field set — the endpoint was unreachable for anything created after the cutover. Removing the route, the sharp-backed cropRegion helper, the unit test, sharp's pnpm "built-dependencies" entry, and every doc cross-reference (agent-loop endpoints + INDEX, api INDEX, feature catalog, stack, storage, routes, ci, frontend INDEX, task-rules, testing). Legacy annotation rows with screenshotPath + pinCoords populated will no longer be reachable through this URL — orchestrators relying on it should fetch the full screenshot via /api/annotations/[id]/screenshot.
5 tasks
…scpd Extract the shared prelude + engine clone/build into .github/actions/quality-gate-prepare so the PR and baseline workflows no longer duplicate ~50 lines and the engine SHA lives in one place. Run jscpd from a pinned devDependency instead of re-downloading via npx each run, write adapter scratch files to a mktemp dir (keeping the repo clean and out of jscpd's own scan), and count file lines with awk so a missing trailing newline can't slip a file past the size gate.
Collaborator
Author
Code reviewNo issues found. Checked for bugs and CLAUDE.md compliance. 🤖 Generated with Claude Code |
…n; restore git clone for engine
GitHub validates ${{ }} expressions everywhere in an action manifest,
including the top-level description, where the runner context is not
available — this failed the workflow at load time. State the path in
plain prose instead.
Also revert the engine fetch to the proven `git clone --depth 1` form
rather than `git init` + fetch-by-SHA, which is not equivalent on a cold
runner.
…omment file If the suite or engine build fails, the adapter never writes pr-comment.md, and the always() comment step would itself fail and bury the real error. Gate it on an explicit existence check instead.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
scripts/coverage-ratchet.ts+coverage-dataorphan branch with the upstreamalkg-cloud/quality-gateengine, pinned at commit192fcaf3.quality-metricsreplacescoverage-data(latter to be deleted post-merge).docs/quality-gate.mdfor the full contract.What's in this PR
quality-gate.config.json.quality-gate/adapter.sh,.quality-gate/README.md.github/workflows/quality-gate-pr.yml,.github/workflows/quality-gate-main.ymlscripts/coverage-ratchet.ts,scripts/lib/coverage-compare.ts,tests/unit/scripts/coverage-compare.test.ts, ratchet step in.github/workflows/test.ymldocs/quality-gate.md(new),docs/ci.md,docs/testing.md,docs/INDEX.md,README.md(badges)epsilon: 0.1(preserves the 0.10pp drift tolerance from the bespoke ratchet)Why we clone+build the upstream engine
@quality-gate/coreis not published to npm (E404) and the upstream repo has no GitHub releases/tags + does not commitdist/. Both workflows clone the upstream at the pinned SHA192fcaf3and runpnpm install && pnpm run buildbefore invokingnode /tmp/qg-core/dist/cli.js. To bump the pin, edit the SHA in both workflow files.Bootstrap behaviour (this PR's CI)
The first PR runs without a baseline. The engine returns
bootstrap: true, skips ratchet comparisons, and only blocks oncriticalaudit vulnerabilities. Local dry-run confirms:```json
{ "gate_passed": true, "bootstrap": true, "regressions": 0, "warnings": 0 }
```
Current snapshot: coverage 58.99%, duplication 18.75%, lint 0 errors, 9 files >500 lines, security 0 critical / 0 high / 3 moderate / 0 low.
Merging this PR populates
quality-metricson first push; subsequent PRs are ratcheted normally.Required follow-up after merge (user-driven, NOT in this PR)
Test plan