[plan] improve ci/cd pipeline and quality gates

[github-actions]

Overview

This tracking issue covers improvements to the CI/CD pipeline based on the gap assessment in discussion #345.

Source: Discussion #345 - CI/CD Pipeline & Integration Tests Gap Assessment

Current State

• ✅ 13 active workflows with good security scanning (CodeQL, Trivy, npm audit)
• ✅ Test coverage tracking with regression detection (38% coverage)
• ❌ No branch protection configuration in code
• ❌ No CODEOWNERS file for automatic reviews
• ❌ npm audit lacks GitHub Security integration
• ❌ Low coverage in critical files (cli.ts: 0%, docker-manager.ts: 18%)

Planned Tasks

The sub-issues below implement high-priority improvements identified in the assessment:

1. Add branch protection configuration - Codify required status checks and review requirements
2. Create CODEOWNERS file - Enable automatic reviewer assignment
3. Add SARIF output to npm audit - Integrate dependency vulnerabilities with Security tab
4. Add markdown linting workflow - Ensure consistent documentation formatting
5. Add link checking workflow - Detect broken links in documentation

Success Criteria

• Branch protection rules are version controlled and can be automatically applied
• PRs automatically request reviews from appropriate code owners
• All security scanning results appear in the Security tab
• Documentation maintains consistent formatting and valid links
• Foundation is laid for incremental test coverage improvements

Related

• Discussion: CI/CD Pipeline & Integration Tests Gap Assessment #345
• Coverage details: COVERAGE_SUMMARY.md

AI generated by Plan Command for discussion #345