DevilsDev
diff --git a/‎.github/branch-protection.yml‎
Lines changed: 48 additions & 0 deletions b/‎.github/branch-protection.yml‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎.github/workflows/consolidated-ci.yml‎
Lines changed: 97 additions & 0 deletions b/‎.github/workflows/consolidated-ci.yml‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎.github/workflows/consolidated-docs.yml‎
Lines changed: 62 additions & 0 deletions b/‎.github/workflows/consolidated-docs.yml‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎.github/workflows/consolidated-roadmap.yml‎
Lines changed: 38 additions & 0 deletions b/‎.github/workflows/consolidated-roadmap.yml‎
Lines changed: 38 additions & 0 deletions
@@ -0,0 +1,48 @@
+# Branch Protection Configuration
+# This file defines branch protection rules for GitHub repository
+# Apply using GitHub CLI: gh api repos/:owner/:repo/branches/main/protection --method PUT --input branch-protection.yml
+
+main:
+  required_status_checks:
+    strict: true
+    contexts:
+      - "ci/test"
+      - "ci/lint" 
+      - "ci/security"
+      - "ci/build"
+  enforce_admins: true
+  required_pull_request_reviews:
+    required_approving_review_count: 2
+    dismiss_stale_reviews: true
+    require_code_owner_reviews: true
+    require_last_push_approval: true
+  restrictions:
+    users: []
+    teams: ["core-maintainers", "senior-developers"]
+  allow_force_pushes: false
+  allow_deletions: false
+  block_creations: false
+
+develop:
+  required_status_checks:
+    strict: true
+    contexts:
+      - "ci/test"
+      - "ci/lint"
+  enforce_admins: false
+  required_pull_request_reviews:
+    required_approving_review_count: 1
+    dismiss_stale_reviews: true
+    require_code_owner_reviews: true
+    require_last_push_approval: false
+  restrictions:
+    users: []
+    teams: ["developers", "core-maintainers"]
+  allow_force_pushes: false
+  allow_deletions: false
+  block_creations: false
+
+# Commands to apply protection rules:
+# gh api repos/DevilsDev/rag-pipeline-utils/branches/main/protection --method PUT --field required_status_checks='{"strict":true,"contexts":["ci/test","ci/lint","ci/security","ci/build"]}' --field enforce_admins=true --field required_pull_request_reviews='{"required_approving_review_count":2,"dismiss_stale_reviews":true,"require_code_owner_reviews":true}' --field restrictions='{"users":[],"teams":["core-maintainers"]}' --field allow_force_pushes=false --field allow_deletions=false
+
+# gh api repos/DevilsDev/rag-pipeline-utils/branches/develop/protection --method PUT --field required_status_checks='{"strict":true,"contexts":["ci/test","ci/lint"]}' --field enforce_admins=false --field required_pull_request_reviews='{"required_approving_review_count":1,"dismiss_stale_reviews":true,"require_code_owner_reviews":true}' --field restrictions='{"users":[],"teams":["developers","core-maintainers"]}' --field allow_force_pushes=false --field allow_deletions=false
@@ -0,0 +1,97 @@
+name: Consolidated CI/CD Pipeline
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+  workflow_dispatch:
+
+env:
+  NODE_VERSION: '18'
+  CACHE_VERSION: v1
+
+jobs:
+  # Security and validation checks
+  security:
+    name: Security & Validation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Security audit
+        run: npm audit --audit-level=moderate
+      
+      - name: License check
+        run: npx license-checker --onlyAllow 'MIT;Apache-2.0;BSD-3-Clause'
+      
+      - name: Dependency review
+        uses: actions/dependency-review-action@v4
+        if: github.event_name == 'pull_request'
+
+  # Code quality and testing
+  test:
+    name: Test & Quality
+    runs-on: ubuntu-latest
+    needs: security
+    strategy:
+      matrix:
+        test-type: [unit, integration, contract]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: ESLint
+        run: npm run lint:strict
+      
+      - name: Run tests
+        run: |
+          case "${{ matrix.test-type }}" in
+            unit) npm run test:unit ;;
+            integration) npm run test:integration ;;
+            contract) npm run test -- __tests__/ci/contract-schema-validation.test.js ;;
+          esac
+      
+      - name: Upload coverage
+        uses: codecov/codecov-action@v4
+        if: matrix.test-type == 'unit'
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  # Build and deployment
+  build:
+    name: Build & Deploy
+    runs-on: ubuntu-latest
+    needs: [security, test]
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Build documentation
+        run: npm run build:docs
+      
+      - name: Semantic release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npx semantic-release
@@ -0,0 +1,62 @@
+name: Documentation & Release
+
+on:
+  push:
+    branches: [main]
+    paths: ['docs/**', 'README.md', '*.md']
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  # Documentation build and deployment
+  docs:
+    name: Build & Deploy Docs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Build documentation
+        run: npm run build:docs
+      
+      - name: Deploy to GitHub Pages
+        uses: peaceiris/actions-gh-pages@v3
+        if: github.ref == 'refs/heads/main'
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: ./docs-site/build
+
+  # Release blog generation
+  release-blog:
+    name: Generate Release Blog
+    runs-on: ubuntu-latest
+    if: github.event_name == 'release'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Generate release blog
+        run: npm run release:tag
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Commit blog post
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git add docs-site/blog/
+          git commit -m "docs: add release blog for ${{ github.event.release.tag_name }}" || exit 0
+          git push
@@ -0,0 +1,38 @@
+name: Roadmap & Project Management
+
+on:
+  schedule:
+    - cron: '0 9 * * 1' # Weekly on Monday
+  issues:
+    types: [opened, closed, labeled]
+  workflow_dispatch:
+
+jobs:
+  # Roadmap maintenance and label sync
+  roadmap-sync:
+    name: Roadmap Synchronization
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Sync roadmap labels
+        run: npm run labels:sync
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Close completed roadmap items
+        run: npm run roadmap:close
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Update roadmap maintenance
+        run: node scripts/roadmap-maintenance.js
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}