Skip to content

feat(ci): automated alpha/beta/stable release pipeline#65

Open
plumppig wants to merge 27 commits into
masterfrom
cicd-pipeline-spec
Open

feat(ci): automated alpha/beta/stable release pipeline#65
plumppig wants to merge 27 commits into
masterfrom
cicd-pipeline-spec

Conversation

@plumppig
Copy link
Copy Markdown
Contributor

@plumppig plumppig commented Apr 25, 2026

Summary

  • Implements a fully automated CI/CD pipeline for ryuu.js: every PR merge to master publishes an alpha; soak gates auto-promote alpha→beta→stable; latest is operator-controlled.
  • Soak windows: patch 3d/7d, minor 7d/14d, major 14d/30d. Promotion is blocked while any open Critical/Major Jira ticket carries the version:<base>-<phase> label, or while another beta is already in flight.
  • 7 GitHub Actions workflows + 11 typed helper modules in scripts/ci/ with 42 unit tests. Daily cron at 14:00 UTC drives auto-promotion. promote-latest.yml is the only path to move npm latest and is workflow_dispatch-only.

See docs/superpowers/specs/2026-04-24-cicd-github-actions-design.md for the full design and docs/ci/setup.md for the operator runbook.

Required before merging

These are operator-only Phase 0 setup tasks. The workflows reference them but won't function until they exist:

  • GitHub App ryuu-ci-bot created, installed on this repo, with permissions Contents/PRs/Actions Read+Write, Metadata Read.
  • Repo secrets set: `NPM_TOKEN`, `BOT_APP_ID`, `BOT_APP_PRIVATE_KEY`, `JIRA_BASE_URL`, `JIRA_API_TOKEN`, `JIRA_PROJECT_KEY`.
  • Branch protection rules on `master` and `release/v*`: require `PR Validate / validate` check, add the App to the bypass list.

Test plan

  • `PR Validate` workflow runs green on this PR (no secrets needed — pure tsc/test/build).
  • After merge, confirm `Publish Alpha` runs end-to-end: bumps `package.json`, publishes to npm with `--tag alpha`, bot commit lands on master with `[skip ci]`.
  • Run `Soak Check` manually with `dry_run: true` and verify it logs the master alpha candidate without firing any downstream workflow.
  • (Once an alpha has soaked the right number of days with no critical bugs) verify auto cut-beta + alpha publish at the rolled-forward version + beta publish on the new release branch.
  • Verify `npm dist-tag ls ryuu.js` after a `Publish Stable` run shows the new version under `stable`, with `latest` unchanged. Manually trigger `Promote Latest` and confirm `latest` then moves.

🤖 Generated with Claude Code

JSON and others added 27 commits April 24, 2026 22:39
@claude
docs(ci): add CI/CD pipeline spec and implementation plan
f75fc38 
Designs an automated CI/CD process that publishes alphas on every master
merge, betas on each release-branch merge, and stables after a soak
period gated on Jira-tracked Critical/Major bug counts. The npm `latest`
dist-tag is moved only by an explicit operator workflow.

Spec covers Subsystem 1 (GitHub Actions workflows + helper scripts),
Subsystem 4 (manual `latest` promotion), and the Jira label convention
used for joining. Subsystems 2 (Blue/Green dashboard test apps) and 3
(Jira ticket structure) will get their own specs later.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
chore(ci): bootstrap scripts/ci tooling and Jest project
b99f1fb
feat(ci): add version parsing/incrementing helpers
d01078f
feat(ci): add bump-scale comparator
da24a09
feat(ci): add soak-threshold lookup table
8de3672
feat(ci): add npm registry helper
8a6e648
feat(ci): add git state helpers
18a5b3a
feat(ci): add Jira JQL client
eb6d662
@claude
feat(ci): add soak-check decision logic
6bb0ff1 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
feat(ci): add soak-check runtime entry point
924d021 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
feat(ci): add entry points for cut-beta, publish-stable, promote-latest
ace2232 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(ci): add bump-prerelease script for publish workflows
22f7867
ci: add pr-validate workflow
fa8996d
ci: add publish-alpha workflow
37e1292
ci: add publish-beta workflow
09f0573
ci: add cut-beta workflow
7fb8d6e
ci: add publish-stable workflow
7b1aa3e
ci: add soak-check cron
4fd1cee
ci: add manual promote-latest workflow
0b726c9
docs(ci): add operator runbook
01535b4
docs: link release process from README
2293514
ci: remove obsolete publish-dev placeholder
1779cf4
fix(ci): publish stable with --tag stable, not bare publish
31e3968
fix(ci): run tsc and tests before publishing stable
65f18e4
docs(ci): add cut-beta partial-failure recovery to runbook
a8fa09e
@claude
fix(ci): mint GitHub App token at runtime instead of using PAT secret
f3428bd 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix(ci): switch Jira client to on-prem DC (v2 API + PAT bearer auth)
dbcb88a 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@plumppig
Copy link
Copy Markdown
Contributor Author

plumppig commented Apr 25, 2026

In theory these workflows work great, but our billing is on a legacy plan and therefor we aren't allowed to use Actions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@th3uiguy th3uiguy Awaiting requested review from th3uiguy th3uiguy is a code owner

@seunghankm seunghankm Awaiting requested review from seunghankm seunghankm is a code owner

@k4paul k4paul Awaiting requested review from k4paul k4paul is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@plumppig