ci: consolidate enterprise workflow architecture

[arolariu]

Summary

• Consolidates workflow mechanics into reusable quality, container, static web app, and CI-script primitives.
• Hardens workflow security with SHA-pinned external actions, workflow policy checks, CodeQL/Dependency Review/Scorecard coverage, OIDC-first deployment patterns, and explicit status-data/SWA exceptions.
• Makes container releases immutable through commit-tag/digest metadata handoff and refreshes workflow RFC/instructions to match the implemented CI/CD architecture.

Test Plan

• npm test --prefix .github/scripts
• npm run workflow:inventory --prefix .github/scripts
• npm run workflow:policy --prefix .github/scripts
• git --no-pager diff --check

Notes

• npm run lint and live/E2E suites were intentionally not run per explicit instruction.

[github-actions]

❌ Code Hygiene Report: Issues Found

Commit: 628d040 | PR: #686

📑 Table of Contents

Section	Status
📊 Code Statistics	✅
🎨 Formatting	❌
🔍 Linting	❌
🧪 Unit Tests	✅

📋 Check Summary

Check	Status	Duration	Summary
📊 Stats	✅	547ms	43 files changed, +2471 -1408
🎨 Format	❌	1m 34s	16 file(s) need formatting
🔍 Lint	❌	3.0s	3 error(s), 0 warning(s)
🧪 Test	✅	1m 56s	All 1147 tests passed

📊 Code Statistics

Changes vs Main Branch

Metric	Value
📁 Files Changed	43
➕ Lines Added	+2471
➖ Lines Deleted	-1408
🔄 Churn	3879
📈 Net Change	+1063

🔄 Changes Since Previous Commit

Metric	Value
Files Changed	4
Lines Added	+228
Lines Deleted	-78

🧩 Top File Extensions

Extension	Files
.yml	26
.ts	10
.md	6
.json	1

📂 Top Directories

Directory	Files
.github	41
docs	1
infra	1

📦 Bundle Size Analysis (vs Main)

`sites/arolariu.ro` - no change (0 file(s) changed)

No changes in this folder

Total: 10 MB → 10 MB (no change)

`sites/api.arolariu.ro` - no change (0 file(s) changed)

No changes in this folder

Total: 2.14 MB → 2.14 MB (no change)

`sites/docs.arolariu.ro` - no change (0 file(s) changed)

No changes in this folder

Total: 214 kB → 214 kB (no change)

🎨 Formatting

❌ 16 file(s) need formatting:

View files requiring formatting

• sites/arolariu.ro/src/app/_components/PreferencesSubscriptions.test.tsx
• sites/arolariu.ro/src/app/_components/PreferencesSubscriptions.tsx
• sites/arolariu.ro/src/app/about/error.tsx
• sites/arolariu.ro/src/app/auth/error.tsx
• sites/arolariu.ro/src/app/domains/error.tsx
• sites/arolariu.ro/src/app/domains/invoices/edit-invoice/[id]/not-found.tsx
• sites/arolariu.ro/src/app/domains/invoices/view-invoice/[id]/_components/cards/insights/NutritionCard.tsx
• sites/arolariu.ro/src/app/domains/invoices/view-invoice/[id]/not-found.tsx
• sites/arolariu.ro/src/app/domains/invoices/view-invoices/_components/BulkActionsToolbar.tsx
• sites/arolariu.ro/src/app/domains/invoices/view-invoices/_components/tables/TableView.tsx
• sites/arolariu.ro/src/app/error.test.tsx
• sites/arolariu.ro/src/app/error.tsx
• sites/arolariu.ro/src/app/my-profile/error.tsx
• sites/arolariu.ro/src/app/not-found.tsx
• sites/arolariu.ro/src/hooks/useMerchant.test.tsx
• sites/arolariu.ro/src/stores/preferencesStore.test.ts

🔧 How to Fix

npm run format

🔍 Linting

❌ ESLint found 3 error(s) and 0 warning(s)

View raw output

> @arolariu/monorepo@0.0.0 lint
> node scripts/lint.ts all


╔════════════════════════════════════════╗
║    arolariu.ro Code Linter Tool        ║
╚════════════════════════════════════════╝


🔎 Running ESLint for: all
⏱️  Running lint on all targets in parallel...

  🧵 Dispatching parallel workers...
     Main process PID: 3116
     Worker pool: min=1, max=3

[09:10:04.878] 🚀 Worker #1 spawned for task "packages"
[09:10:04.878] 🚀 Worker #2 spawned for task "website"
[09:10:04.879] 🚀 Worker #3 spawned for task "cv"


  ⏳ Progress: [░░░░░░░░░░░░░░░░░░░░] 0/3 workers completed
  ⏳ Progress: [███████░░░░░░░░░░░░░] 1/3 workers completed
  ⏳ Progress: [█████████████░░░░░░░] 2/3 workers completed
  ⏳ Progress: [████████████████████] 3/3 workers completed

[09:10:07.605] ❌ Worker #1 finished "packages" in 2.48s
[09:10:07.605] ❌ Worker #2 finished "website" in 2.38s
[09:10:07.605] ❌ Worker #3 finished "cv" in 2.34s

  📊 Worker Timeline
  ──────────────────────────────────────────────────────────────
  packages   │████████████████████████████████████████│    2.48s
  website    │██████████████████████████████████████░░│    2.38s
  cv         │██████████████████████████████████████░░│    2.34s
  ──────────────────────────────────────────────────────────────
              0s                            2.48s

─────────────────────────────────────────────────

🔍 ESLint config: [@arolariu/packages] [Worker #1]
   [init: 2460ms, work: 0ms, total: 2483ms] [0 files] [167.68 MB]
  ✗ Worker error: You are using an outdated version of the 'jiti' library. Please update to the latest version of 'jiti' to ensure compatibility and access to the latest features.
─────────────────────────────────────────────────

─────────────────────────────────────────────────

🔍 ESLint config: [@arolariu/website] [Worker #2]
   [init: 2366ms, work: 0ms, total: 2377ms] [0 files] [139.72 MB]
  ✗ Worker error: You are using an outdated version of the 'jiti' library. Please update to the latest version of 'jiti' to ensure compatibility and access to the latest features.
─────────────────────────────────────────────────

─────────────────────────────────────────────────

🔍 ESLint config: [@arolariu/cv] [Worker #3]
   [init: 2325ms, work: 0ms, total: 2337ms] [0 files] [136.20 MB]
  ✗ Worker error: You are using an outdated version of the 'jiti' library. Please update to the latest version of 'jiti' to ensure compatibility and access to the latest features.
─────────────────────────────────────────────────

  📊 Resource Usage:
     Total files linted: 0
     Peak memory (max worker): 167.68 MB
     Combined memory (all workers): 443.59 MB

📊 Summary: 3 error(s), 0 warning(s)

❌ Linting completed with errors

🔧 How to Fix

npm run lint

🧪 Unit Tests

✅ All 1147 tests passed in 5.0s

---

🔗 View Workflow Run | Generated at 2026-04-26T09:14:28.960Z