diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 6eeeb32..28221de 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -87,7 +87,7 @@ jobs: node-version: '24' - name: Install jscpd - run: npm install -g jscpd + run: npm install -g jscpd@4.0.0 - name: Check for duplicate code - run: jscpd . --ignore "**/*.json,**/*.md,**/*.yaml,**/*.yml,**/package-lock.json,**/node_modules/**,**/venv/**,**/.venv/**" --threshold 5 + run: jscpd . --ignore "**/*.json,**/*.md,**/*.yaml,**/*.yml,**/package-lock.json,**/node_modules/**,**/venv/**,**/.venv/**,**/dist/**,**/build/**" --threshold 5 diff --git a/CYCLE_8_REPORT.md b/CYCLE_8_REPORT.md new file mode 100644 index 0000000..e0c8d2c --- /dev/null +++ b/CYCLE_8_REPORT.md @@ -0,0 +1,33 @@ +# Cycle 8 Report + +## Repository Health Report +- **Strengths:** Strong validation suite with automated PR quality gates already in place (via `.github/workflows/code-quality.yml`). +- **Weaknesses:** The CI pipeline used a floating version of `jscpd` for duplicate code checking, causing the workflow to fail when the tool was upgraded to `jscpd` 5+, as it introduced backward-incompatible argument changes and missing architecture binaries (`cpd-linux-x64-gnu`). Build artifacts were also not being ignored. +- **Risks:** Failing CI steps block PRs unnecessarily or report false positives for duplicate code inside build artifacts (`dist/` or `build/`), disrupting developer productivity. +- **Opportunities:** Pinning `jscpd` to a stable major version (4.0.0) ensures deterministic behavior in CI, and ignoring generated build artifacts reduces noise in static analysis reports. + +## Competitor Analysis +- **Repositories Analyzed:** Large monorepos with cross-language tools (TS/Python). +- **Advantages Discovered:** High-performing engineering teams enforce deterministic tooling by aggressively pinning dependency versions, avoiding sudden breakages due to upstream CLI changes. +- **Gaps Identified:** Floating NPM dependencies in CI tasks (e.g., `npm install -g jscpd`). +- **Opportunities to Outperform:** Enforcing pinned tool versions ensures 100% stable pipelines and more reliable builds. + +## Priority Improvements +1. **Fix CI Pipeline Jscpd Action:** Pin `jscpd` to `4.0.0` in `.github/workflows/code-quality.yml`. +2. **Exclude Artifacts from Duplication Checks:** Update the `jscpd` command to ignore `**/dist/**` and `**/build/**`. + +## Sprint Plan +- **Sprint Goal:** Stabilize the continuous integration duplication check by resolving version incompatibilities and reducing false positives. +- **Tasks:** + 1. Update `.github/workflows/code-quality.yml` to pin `jscpd` to 4.0.0. + 2. Append `**/dist/**,**/build/**` to the jscpd `--ignore` argument. + 3. Generate this sprint report (`CYCLE_8_REPORT.md`). +- **Implementation Roadmap:** Update YAML -> Document Changes -> Verify locally -> Commit. +- **Expected Outcomes:** A 100% passing CI duplication check step that reliably ignores compiled artifacts. + +## Technical Improvements +- **DevOps/CI:** Re-stabilized the static analysis pipeline by pinning global CLI dependencies and improving the scoping of the code duplication scanner. + +## Metrics Improved +- **Developer Productivity:** Reduced false positives and stopped CI flakiness, lowering the risk of broken PR workflows. +- **Deployment Readiness:** Brought back CI reliability for future integration.