docs: document enterprise testing coverage gates#18
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a0352d9d16
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| | Secret scan | `npm.cmd run security:secrets` | committed credential patterns | `supply-chain` | | ||
| | Package dry-run | `npm.cmd run package:check` | npm package contents | `supply-chain` | | ||
| | Package runtime | `npm.cmd run acceptance:package-runtime` | packed tarball install plus `/api/health` smoke | `supply-chain`, `windows` | | ||
| | Release gate | `npm.cmd run release:verify` | local aggregate of the gates above | local operator | |
There was a problem hiding this comment.
When an operator follows this matrix locally, release:verify is described as the aggregate of the gates above, but universal-refiner/package.json shows it starts at npm run build and never runs npm ci. That lets a release be certified against stale or locally patched node_modules, missing the clean-install gate that CI enforces; either add npm ci as an explicit local step before this row or stop calling release:verify the aggregate of the listed gates.
Useful? React with 👍 / 👎.
2 participants
Summary
Verification
Notes