Context
During the 2026-03-30 merge wave (PRs #588–#607), 16 post-merge fix commits were needed across 13 PRs. The SBOM workflow alone required 4 fixes (shellcheck glob, GitHub expressions placement, frontend CLI flags, provenance JSON generation). Property-based tests needed 2 fixes (parameterless tests, missing using directive). Batch triage needed 3 fixes.
Analysis: docs/analysis/2026-03-31_changelog-audit.md
Problem
The required CI gate (ci-required.yml) catches most regressions, but PRs that touch CI workflows, infrastructure config, or cross-cutting backend/frontend contracts often break in ways that only surface in ci-extended or downstream release workflows. Currently, ci-extended only runs when the testing label is applied or on manual dispatch.
Proposal
- Auto-trigger
ci-extended for infrastructure-touching PRs: When a PR modifies .github/workflows/**, deploy/**, scripts/**, or *.csproj files, ci-extended should run automatically (not just on label/manual dispatch).
- Add a non-blocking "extended CI recommended" comment or check for PRs with 5+ changed files touching both backend and frontend, as a nudge to apply the
testing label.
- Document the expectation in
AGENTS.md and PR template: PRs touching CI workflows should have ci-extended green before merge.
Acceptance Criteria
Context
During the 2026-03-30 merge wave (PRs #588–#607), 16 post-merge fix commits were needed across 13 PRs. The SBOM workflow alone required 4 fixes (shellcheck glob, GitHub expressions placement, frontend CLI flags, provenance JSON generation). Property-based tests needed 2 fixes (parameterless tests, missing using directive). Batch triage needed 3 fixes.
Analysis:
docs/analysis/2026-03-31_changelog-audit.mdProblem
The required CI gate (
ci-required.yml) catches most regressions, but PRs that touch CI workflows, infrastructure config, or cross-cutting backend/frontend contracts often break in ways that only surface inci-extendedor downstream release workflows. Currently,ci-extendedonly runs when thetestinglabel is applied or on manual dispatch.Proposal
ci-extendedfor infrastructure-touching PRs: When a PR modifies.github/workflows/**,deploy/**,scripts/**, or*.csprojfiles,ci-extendedshould run automatically (not just on label/manual dispatch).testinglabel.AGENTS.mdand PR template: PRs touching CI workflows should haveci-extendedgreen before merge.Acceptance Criteria
ci-extended.ymlpath filters expanded to auto-trigger on workflow/deploy/script changesAGENTS.mdcontributor protocol updated