Commit Graph

1 Commits

Author SHA1 Message Date
Julien Gautier 043a7c2027 ci(gitlab): land .gitlab-ci.yml alongside gitea workflow (ADR-0028 phase 2)
Port .gitea/workflows/ci.yml job-by-job to GitLab CI per ADR-0028
section Migration sequence Phase 2. Architectural principles from
ADR-0015 preserved verbatim (thin YAML, gates as package.json
scripts, defense-in-depth on conventional commits).

Job parity:
- check / commits / perf / a11y -> 1:1 port; Gitea variable names
  rewritten to GitLab equivalents.
- scan -> sast + secret_detection (built-in GitLab includes) + audit
  (pnpm audit kept for npm-advisory defense in depth). The manual
  Trivy + gitleaks install plus the two paywalled-action workarounds
  documented in the Gitea workflow go away per ADR-0028 section
  What changes.

Notable adaptations: explicit cache block keyed on pnpm-lock.yaml,
no default:image (would override analyzer images), Playwright image
for perf to dovetail with the upcoming ADR-0016 axe-core e2e.

Phase 2 keeps both pipelines green for ~1 calendar week per
ADR-0028 section Confirmation. Phase 3 deletes .gitea/workflows
and tightens the push rule to main only.
2026-05-27 14:27:28 +02:00