create-qa-architect 5.0.0

package/.github/workflows/quality-progressive.yml.example

@@ -0,0 +1,291 @@
+name: Quality Checks (Progressive)
+
+# This is an EXAMPLE of the progressive quality automation workflow.
+# It demonstrates adaptive checks based on project maturity.
+
+on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
+
+jobs:
+  # Step 1: Detect project maturity level
+  detect-maturity:
+    runs-on: ubuntu-latest
+    outputs:
+      maturity: ${{ steps.detect.outputs.maturity }}
+      source-count: ${{ steps.detect.outputs.source-count }}
+      test-count: ${{ steps.detect.outputs.test-count }}
+      has-deps: ${{ steps.detect.outputs.has-deps }}
+      has-docs: ${{ steps.detect.outputs.has-docs }}
+      has-css: ${{ steps.detect.outputs.has-css }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+
+      - name: Detect Project Maturity
+        id: detect
+        run: |
+          # Use the project maturity detector
+          node lib/project-maturity.js --github-actions >> $GITHUB_OUTPUT
+
+      - name: Display Maturity Report
+        run: |
+          echo "📊 Project Maturity Detection Results"
+          echo "Maturity: ${{ steps.detect.outputs.maturity }}"
+          echo "Source files: ${{ steps.detect.outputs.source-count }}"
+          echo "Test files: ${{ steps.detect.outputs.test-count }}"
+          echo "Has dependencies: ${{ steps.detect.outputs.has-deps }}"
+          echo "Has documentation: ${{ steps.detect.outputs.has-docs }}"
+          echo "Has CSS files: ${{ steps.detect.outputs.has-css }}"
+
+  # Step 2: Core checks - ALWAYS run (all maturity levels)
+  core-checks:
+    runs-on: ubuntu-latest
+    needs: detect-maturity
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          if [ -f package-lock.json ]; then
+            npm ci
+          else
+            npm install
+          fi
+
+      - name: Prettier check
+        run: |
+          echo "✨ Running Prettier formatting check (required for all projects)"
+          npm run format:check
+
+  # Step 3: Linting - run if source files exist (bootstrap+)
+  linting:
+    runs-on: ubuntu-latest
+    needs: detect-maturity
+    if: needs.detect-maturity.outputs.source-count > 0
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          if [ -f package-lock.json ]; then
+            npm ci
+          else
+            npm install
+          fi
+
+      - name: ESLint
+        run: |
+          echo "🔍 Linting ${{ needs.detect-maturity.outputs.source-count }} source files..."
+          npx eslint . --max-warnings=0
+
+      - name: Stylelint
+        if: needs.detect-maturity.outputs.has-css == 'true'
+        run: |
+          echo "🎨 Linting CSS files..."
+          npx stylelint "**/*.{css,scss,sass,less,pcss}" --allow-empty-input
+
+  # Step 4: Security checks - run if dependencies exist
+  security:
+    runs-on: ubuntu-latest
+    needs: detect-maturity
+    if: needs.detect-maturity.outputs.has-deps == 'true'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          if [ -f package-lock.json ]; then
+            npm ci
+          else
+            npm install
+          fi
+
+      - name: Verify dependency integrity
+        run: |
+          echo "🔐 Verifying dependency integrity..."
+          if [ -f package-lock.json ]; then
+            npm ci --dry-run --prefer-offline
+            echo "✅ Dependency integrity verified"
+          else
+            echo "⚠️ No package-lock.json found - skipping integrity verification"
+          fi
+
+          echo "🔍 Checking for vulnerable dependencies..."
+          npm audit --audit-level=moderate || true
+
+      - name: Security audit
+        run: npm audit --audit-level high
+
+      - name: Check for hardcoded secrets
+        run: |
+          echo "🔍 Scanning for hardcoded secrets..."
+          if grep -r -E "(password|secret|key|token).*[=:].*['\"][^'\"]{8,}" . \
+               --exclude-dir=node_modules \
+               --exclude-dir=.git \
+               --exclude-dir=.github \
+               --exclude-dir=tests \
+               --exclude="*.md" \
+               --exclude="package.json" || \
+             grep -r -E "-----BEGIN.*KEY-----" . \
+               --exclude-dir=node_modules \
+               --exclude-dir=.git \
+               --exclude-dir=.github \
+               --exclude-dir=tests; then
+            echo "❌ Potential hardcoded secrets found"
+            exit 1
+          else
+            echo "✅ No hardcoded secrets detected"
+          fi
+
+      - name: Security pattern detection
+        run: |
+          echo "🔍 Scanning for XSS vulnerability patterns..."
+
+          # Check for innerHTML with interpolation
+          if grep -r -E "innerHTML.*\\\$\{" . --include="*.js" --include="*.jsx" --include="*.ts" --include="*.tsx" --exclude-dir=node_modules; then
+            echo "❌ Potential XSS: innerHTML with template literal interpolation found"
+            exit 1
+          fi
+
+          # Check for eval with interpolation
+          if grep -r -E "eval\\\(.*\\\$\{" . --include="*.js" --include="*.jsx" --include="*.ts" --include="*.tsx" --exclude-dir=node_modules; then
+            echo "❌ Potential code injection: eval with interpolation found"
+            exit 1
+          fi
+
+          echo "✅ No XSS vulnerability patterns detected"
+
+  # Step 5: Tests - run if test files exist (development+)
+  tests:
+    runs-on: ubuntu-latest
+    needs: detect-maturity
+    if: needs.detect-maturity.outputs.test-count > 0
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          if [ -f package-lock.json ]; then
+            npm ci
+          else
+            npm install
+          fi
+
+      - name: Run tests
+        run: |
+          echo "🧪 Running ${{ needs.detect-maturity.outputs.test-count }} test files..."
+          npm test
+
+  # Step 6: Documentation - run for production-ready projects
+  documentation:
+    runs-on: ubuntu-latest
+    needs: detect-maturity
+    if: needs.detect-maturity.outputs.maturity == 'production-ready'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          if [ -f package-lock.json ]; then
+            npm ci
+          else
+            npm install
+          fi
+
+      - name: Configuration security check
+        run: |
+          echo "🔍 Running configuration security validation..."
+          npx create-quality-automation@latest --security-config
+
+      - name: Documentation validation
+        run: |
+          echo "📖 Running documentation validation..."
+          npx create-quality-automation@latest --validate-docs
+
+      - name: Lighthouse CI
+        if: hashFiles('.lighthouserc.js', '.lighthouserc.json', 'lighthouserc.js') != ''
+        run: |
+          echo "🚢 Running Lighthouse CI..."
+          npx lhci autorun
+        continue-on-error: true
+
+  # Step 7: Summary - report what checks ran
+  summary:
+    runs-on: ubuntu-latest
+    needs:
+      - detect-maturity
+      - core-checks
+      - linting
+      - security
+      - tests
+      - documentation
+    if: always()
+
+    steps:
+      - name: Generate Check Summary
+        run: |
+          echo "## Quality Checks Summary 📊" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Maturity Level:** ${{ needs.detect-maturity.outputs.maturity }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Project Statistics" >> $GITHUB_STEP_SUMMARY
+          echo "- Source files: ${{ needs.detect-maturity.outputs.source-count }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Test files: ${{ needs.detect-maturity.outputs.test-count }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Has dependencies: ${{ needs.detect-maturity.outputs.has-deps }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Has documentation: ${{ needs.detect-maturity.outputs.has-docs }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Checks Executed" >> $GITHUB_STEP_SUMMARY
+          echo "- ✅ Core checks: Always run" >> $GITHUB_STEP_SUMMARY
+          echo "- ${{ needs.detect-maturity.outputs.source-count > 0 && '✅' || '⏭️' }} Linting: ${{ needs.detect-maturity.outputs.source-count > 0 && 'Enabled' || 'Skipped (no source files)' }}" >> $GITHUB_STEP_SUMMARY
+          echo "- ${{ needs.detect-maturity.outputs.has-deps == 'true' && '✅' || '⏭️' }} Security: ${{ needs.detect-maturity.outputs.has-deps == 'true' && 'Enabled' || 'Skipped (no dependencies)' }}" >> $GITHUB_STEP_SUMMARY
+          echo "- ${{ needs.detect-maturity.outputs.test-count > 0 && '✅' || '⏭️' }} Tests: ${{ needs.detect-maturity.outputs.test-count > 0 && 'Enabled' || 'Skipped (no test files)' }}" >> $GITHUB_STEP_SUMMARY
+          echo "- ${{ needs.detect-maturity.outputs.maturity == 'production-ready' && '✅' || '⏭️' }} Documentation: ${{ needs.detect-maturity.outputs.maturity == 'production-ready' && 'Enabled' || 'Skipped (not production-ready)' }}" >> $GITHUB_STEP_SUMMARY