Taskdeck/.github/workflows/ci-extended.yml at main · Chris0Jeky/Taskdeck · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# =============================================================================
# CI Extended — optional PR lane for heavier checks.
# Runs on PR path changes, label triggers, and manual dispatch.
# Non-blocking: does not gate PR merges.
# Topology context documented in ci-required.yml header.
# =============================================================================

name: CI Extended

on:
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
      - labeled
      - ready_for_review
    paths:
      - .github/workflows/**
      - backend/**
      - frontend/**
      - deploy/**
      - scripts/**
      - '**/*.csproj'
  workflow_dispatch:

permissions:
  contents: read

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  workflow-lint:
    name: Workflow Lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Run actionlint
        uses: rhysd/actionlint@v1.7.12

  dependency-review:
    name: Dependency Review
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Run dependency review
        uses: actions/dependency-review-action@v4

  dependency-security-signals:
    name: Dependency Security Signals
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'security'))
    uses: ./.github/workflows/reusable-dependency-security-signals.yml
    with:
      dotnet-version: 8.0.x
      node-version: 24.13.1
      artifact-name: ci-extended-dependency-security-signals
      retention-days: 14
      summary-title: CI Extended Dependency Security Summary
      workflow-context: ci-extended

  openapi-guardrail:
    name: OpenAPI Guardrail
    uses: ./.github/workflows/reusable-openapi-guardrail.yml
    with:
      dotnet-version: 8.0.x

  developer-portal:
    name: Developer Portal
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'api'))
    uses: ./.github/workflows/reusable-developer-portal.yml
    with:
      dotnet-version: 8.0.x
      node-version: 24.13.1

  backend-solution:
    name: Backend Solution Regression
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'testing'))
    uses: ./.github/workflows/reusable-backend-solution.yml
    with:
      dotnet-version: 8.0.x

  e2e-smoke:
    name: E2E Smoke
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'testing'))
    needs:
      - backend-solution
    uses: ./.github/workflows/reusable-e2e-smoke.yml
    with:
      dotnet-version: 8.0.x
      node-version: 24.13.1

  demo-director-smoke:
    name: Demo Director Smoke
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'automation'))
    uses: ./.github/workflows/reusable-demo-director-smoke.yml
    with:
      dotnet-version: 8.0.x
      node-version: 24.13.1

  e2e-cross-browser:
    name: E2E Cross-Browser Matrix
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'testing'))
    needs:
      - backend-solution
    uses: ./.github/workflows/reusable-e2e-cross-browser.yml
    with:
      dotnet-version: 8.0.x
      node-version: 24.13.1

  visual-regression:
    name: Visual Regression
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && (contains(github.event.pull_request.labels.*.name, 'testing') || contains(github.event.pull_request.labels.*.name, 'visual')))
    needs:
      - backend-solution
    uses: ./.github/workflows/reusable-visual-regression.yml
    with:
      dotnet-version: 8.0.x
      node-version: 24.13.1

  load-concurrency-harness:
    name: Load and Concurrency Harness
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'testing'))
    needs:
      - backend-solution
    uses: ./.github/workflows/reusable-load-concurrency-harness.yml
    with:
      dotnet-version: 8.0.x
      node-version: 24.13.1
      k6-vus: "20"
      k6-duration: "90s"
      k6-user-pool: "6"

  container-integration:
    name: Container Integration (Testcontainers)
    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'testing'))
    uses: ./.github/workflows/reusable-container-integration.yml
    with:
      dotnet-version: 8.0.x