CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-07 05:56:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add distribution pipeline checks across skill workflow

Browse Source 
When designing CLI tools, libraries, or other standalone artifacts, the
workflow now checks whether a build/publish pipeline exists at every stage:

- /office-hours: Phase 3 premise challenge asks "how will users get it?"
  Design doc templates include a "Distribution Plan" section.

- /plan-eng-review: Step 0 Scope Challenge adds distribution check (#6).
  Architecture Review checks distribution architecture for new artifacts.

- /ship: New Step 1.5 detects new cmd/main.go additions and verifies a
  release workflow exists. Offers to add one or defer to TODOS.md.

- /review checklist: New "Distribution & CI/CD Pipeline" category in
  Pass 2 (INFORMATIONAL) covers CI version pins, cross-platform builds,
  publish idempotency, and version tag consistency.

Motivation: In a real project, we designed and shipped a complete CLI tool
(design doc, eng review, implementation, deployment) but forgot the CI/CD
release pipeline. The binary was built locally but never published — users
couldn't download it. This gap was invisible because no skill in the chain
asked "how does the artifact reach users?"

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
John Doe
2026-03-22 22:19:29 +08:00
parent dbd98aff32
commit 024fc5fea3
4 changed files with 59 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
review/checklist.md
+14 -1
View File
@@ -125,6 +125,18 @@ To do this: use Grep to find all references to the sibling values (e.g., grep fo
- Small utility additions (<5KB gzipped)
- Server-side-only dependencies
#### Distribution & CI/CD Pipeline
- CI/CD workflow changes (`.github/workflows/`): verify build tool versions match project requirements, artifact names/paths are correct, secrets use `${{ secrets.X }}` not hardcoded values
- New artifact types (CLI binary, library, package): verify a publish/release workflow exists and targets correct platforms
- Cross-platform builds: verify CI matrix covers all target OS/arch combinations, or documents which are untested
- Version tag format consistency: `v1.2.3` vs `1.2.3` — must match across VERSION file, git tags, and publish scripts
- Publish step idempotency: re-running the publish workflow should not fail (e.g., `gh release delete` before `gh release create`)
**DO NOT flag:**
- Web services with existing auto-deploy pipelines (Docker build + K8s deploy)
- Internal tools not distributed outside the team
- Test-only CI changes (adding test steps, not publish steps)
---
## Severity Classification
@@ -141,7 +153,8 @@ CRITICAL (highest severity): INFORMATIONAL (lower severity):
├─ Time Window Safety
├─ Type Coercion at Boundaries
├─ View/Frontend
─ Performance & Bundle Impact
─ Performance & Bundle Impact
└─ Distribution & CI/CD Pipeline
All findings are actioned via Fix-First Review. Severity determines
presentation order and classification of AUTO-FIX vs ASK — critical