Oleksandr Bezdieniezhnykh
510df68bcf
Captures the full output of autodev existing-code Phase A through Step 4 (Code Testability Revision) for the Azaion UI workspace: - Step 1 Document: _docs/02_document/ (FINAL_report, architecture, glossary, components/, modules/, diagrams/, system-flows, module-layout) plus _docs/00_problem/ + _docs/01_solution/ + _docs/legacy/ + _docs/how_to_test + README. - Step 2 Architecture Baseline: architecture_compliance_baseline.md. - Step 3 Test Spec: _docs/02_document/tests/ (environment, test-data, blackbox/performance/resilience/security/ resource-limit tests, traceability-matrix), enum_spec_snapshot, expected_results/results_report.md (98 rows), plus the run-tests.sh + run-performance-tests.sh runners. - Step 4 Code Testability Revision: 01-testability-refactoring/ run dir (list-of-changes C01-C07, deferred_to_refactor, analysis/research_findings + refactoring_roadmap) and the 7 child task specs AZ-448..AZ-454 under _docs/02_tasks/todo/ plus _dependencies_table.md. - _docs/_autodev_state.md pins the cursor at Step 4 / refactor Phase 4 entry so /autodev resumes cleanly. Epic AZ-447 (UI testability gates) tracks the 7 child tasks that will land in subsequent commits. Co-authored-by: Cursor <cursoragent@cursor.com>
2.7 KiB
Azaion UI — CI/CD Pipeline
Synthesis output of
/documentStep 3d (ci_cd_pipeline). Derived from.woodpecker/build-arm.yml.
1. Triggers
| Branch | Triggers | Image tag |
|---|---|---|
dev |
every push | ${REGISTRY_HOST}/azaion/ui:dev-arm |
stage |
every push | ${REGISTRY_HOST}/azaion/ui:stage-arm |
main |
every push | ${REGISTRY_HOST}/azaion/ui:main-arm |
Other branches do NOT build (PR builds, feature-branch builds, tag builds — none configured today).
2. Steps
| # | Step | What | Notes |
|---|---|---|---|
| 1 | Checkout | git clone + git checkout $CI_COMMIT_SHA |
Standard Woodpecker behaviour |
| 2 | Build + Push image | Multi-stage Dockerfile produces nginx:alpine image with dist/ baked in |
Pushes to ${REGISTRY_HOST}/azaion/ui:${branch}-arm with OCI labels (revision, created, source) |
Missing steps (recommended for autodev Steps 5–7):
| Step | Purpose | Tool candidates |
|---|---|---|
bun install --frozen-lockfile smoke |
Catch lockfile drift before build | First few seconds of the build stage cover this |
tsc --noEmit |
Type-check the whole project | Already part of bun run build (tsc -b && vite build) |
bun test (or vitest / jest) |
Run test suite | Required — there is no test runner today |
eslint / biome |
Lint | Not configured today |
| Vulnerability scan | CVE scan on the image | trivy or grype candidates |
| SBOM emission | Software bill of materials | syft candidate |
| Image signing | Supply-chain trust | cosign candidate |
| Multi-arch build | Add AMD64 alongside ARM64 | docker buildx candidates |
These are tracked as Step 4–7 deliverables under autodev; the current pipeline is correct but minimal.
3. Secrets & registry
${REGISTRY_HOST}— provided by Woodpecker secrets at runtime.- Registry credentials — stored as Woodpecker secrets; not in this repo.
- No GPG/TLS signing keys today.
4. Branch model
devis the active development branch (per.cursor/rules/git-workflow.mdc).stageis for pre-production validation.mainis production.- No
release/*long-lived branches. - PR builds are not configured (Woodpecker build only fires on push, not on PR open).
5. Build artifact
The output of the pipeline is exactly one OCI image per push: ${REGISTRY_HOST}/azaion/ui:${branch}-arm. There is no versioned image tag (e.g., 1.2.3-arm); branch tags are mutable. The OCI revision label is the deterministic anchor (= $CI_COMMIT_SHA).
Future: when this UI ships under a versioned suite release, the pipeline should also tag images with vMAJOR.MINOR.PATCH-arm derived from package.json version.