- Remove `if: always()` from integration-gate, coverage-gate, codecov-gate, pipeline-gate
- Gates now naturally skip when their upstream dependencies are skipped (fork PR behavior)
- Prevents confusing "complete" status when nothing actually ran
- Fork PRs will show "skipped" in UI instead of obscuring behavior behind gate success
- Aligns with GitHub Actions standard job dependency semantics
- Fixed github.head_ref actionlint error by passing via environment variable
instead of direct shell interpolation in ci-pipeline.yml
- Aligned E2E coverage artifact handling to shard artifacts and updated
Codecov upload to use glob pattern for multi-shard merge
- Added workflow_run trigger to security-pr.yml for docker-build integration
while retaining workflow_dispatch for manual runs
- Added workflow_run trigger to supply-chain-pr.yml for docker-build integration
while retaining workflow_dispatch for manual runs
- All individual workflows now support both automatic (workflow_run) and manual
(workflow_dispatch) triggering, maintaining design intent
- Audited remaining workflows; no additional blockers found
- All actionlint and pre-commit validations now passing
- Full pipeline trigger chain now functional
- Updated environment variable assignments in multiple workflow files to use double quotes for consistency and to prevent potential issues with variable expansion.
- Refactored echo commands to group multiple lines into a single block for improved readability in the following workflows:
- release-goreleaser.yml
- renovate_prune.yml
- security-pr.yml
- security-weekly-rebuild.yml
- supply-chain-pr.yml
- supply-chain-verify.yml
- update-geolite2.yml
- waf-integration.yml
- weekly-nightly-promotion.yml
- Updated quality-checks.yml to support manual dispatch with frontend checks.
- Modified rate-limit-integration.yml to remove workflow_run triggers and adjust conditions for execution.
- Removed pull request triggers from repo-health.yml, retaining only scheduled and manual dispatch.
- Adjusted security-pr.yml and supply-chain-pr.yml to eliminate workflow_run dependencies and refine execution conditions.
- Cleaned up supply-chain-verify.yml by removing workflow_run triggers and ensuring proper execution conditions.
- Updated waf-integration.yml to remove workflow_run triggers, allowing manual dispatch only.
- Revised current_spec.md to reflect the consolidation of CI workflows into a single pipeline, detailing objectives, research findings, and implementation plans.
Fixed syntax errors in playwright.config.js (duplicate identifiers)
Verified all E2E and Integration workflows have correct push triggers
Confirmed immediate feedback loop for feature/hotfix branches
Validated E2E environment by running core test suite (100% pass)
- Added push and pull_request triggers to integration test workflows (waf, cerberus, crowdsec, rate-limit)
- Added push and pull_request triggers to security scan workflows (security-pr, supply-chain-pr)
- Implemented logic to locate build artifacts when triggered directly via push/PR
- Ensured consistent testing coverage across main, development, feature, and hotfix branches
