50 lines
2.8 KiB
Markdown
50 lines
2.8 KiB
Markdown
# Lesavka quality gate
|
|
|
|
Lesavka follows the Atlas gate order, with one extra lane for media reliability because the product is latency-sensitive and hardware-facing.
|
|
|
|
Strict order:
|
|
|
|
1. `style/docs` via `scripts/ci/hygiene_gate.sh`
|
|
2. `LOC/naming` via `scripts/ci/hygiene_gate.sh`
|
|
3. `coverage` via `scripts/ci/quality_gate.sh`
|
|
4. `tests` via `scripts/ci/test_gate.sh`
|
|
5. `media_reliability` via `scripts/ci/media_reliability_gate.sh`
|
|
6. `gate_glue` via `scripts/ci/gate_glue_gate.sh`
|
|
7. `sonarqube` via `scripts/ci/sonarqube_gate.sh`
|
|
8. `supply_chain` and artifact security via `scripts/ci/supply_chain_gate.sh`
|
|
|
|
The Jenkinsfile runs those checks in that order. Gate artifacts are archived under `target/*-gate/` and release artifacts under `dist/`.
|
|
|
|
## Repository Hygiene
|
|
|
|
The hygiene gate fails if generated output is committed, `Cargo.lock` is missing from git, workspace members drift away from `common`, `client`, `server`, and `testing`, direct-run shell scripts are not executable, manual scripts are not marked manual, or new `LESAVKA_*` variables are missing from `docs/operational-env.md`.
|
|
|
|
Manual probes live under `scripts/manual/`. They are useful field tools, but they are not CI dependencies unless converted into deterministic tests.
|
|
|
|
## Coverage
|
|
|
|
The coverage gate hard-fails when any tracked source file under a workspace `src/` tree falls below `95%` line coverage. The older strict-contract list still stays in place for the especially important media/device files, but it is now additive rather than the only hard bar.
|
|
|
|
## Media Reliability
|
|
|
|
`media_reliability` is not just a test alias. It protects the pieces that keep video moving without accumulating latency:
|
|
|
|
- bounded appsrc/appsink queues
|
|
- stale-frame dropping over latency buildup
|
|
- local monotonic sink timestamps
|
|
- IDR/keyframe recovery after drops
|
|
- HDMI/UVC sink construction
|
|
- preview telemetry for FPS, drops, queue depth, and inter-frame gaps
|
|
|
|
Real hardware evidence still matters. Put manual soak evidence in `target/media-reliability-gate/manual-soak.json` when validating Zoom/Teams/Slack-class consumers or the Theia HDMI -> UGREEN -> Tethys USB path.
|
|
|
|
## Supply Chain And Artifacts
|
|
|
|
`scripts/ci/supply_chain_gate.sh` always generates dependency metadata, a dependency tree, secret-scan evidence, and artifact checksums when `dist/*.tar.gz` exists. It runs `cargo-audit` and `cargo-deny` when those tools are installed. Set `LESAVKA_SUPPLY_CHAIN_ENFORCE_TOOLS=1` to hard-fail when either tool is unavailable.
|
|
|
|
`build-dist.sh` writes `dist/SHA256SUMS` and a provenance JSON file with version, branch, commit, build URL, toolchain, target, and timestamp.
|
|
|
|
## SonarQube
|
|
|
|
`scripts/ci/sonarqube_gate.sh` emits explicit `not_applicable` metrics when scanner configuration is absent. Set `LESAVKA_SONAR_ENFORCE=1` in CI once SonarQube credentials and `sonar-scanner` are installed to hard-fail missing or failed Sonar analysis.
|