docs(readme): replace complex README with comprehensive navigation index #119

Workflow file for this run

	name: Hotfix Pipeline

	on:
	push:
	branches:
	- 'hotfix/**'
	- 'main' # When main receives hotfix merge
	workflow_dispatch:

	concurrency:
	group: hotfix-${{ github.ref }}
	cancel-in-progress: false

	env:
	DOTNET_VERSION: '10.x'
	NODE_VERSION: '20'

	jobs:
	hotfix-validation:
	name: Hotfix Validation
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Validate hotfix branch name
	run: \|
	BRANCH_NAME=${GITHUB_REF#refs/heads/}
	if ! echo "$BRANCH_NAME" \| grep -qE '^hotfix/.+$'; then
	echo "ERROR: Invalid hotfix branch name: $BRANCH_NAME"
	echo "Expected format: hotfix/<description>"
	exit 1
	fi
	echo "Hotfix branch: $BRANCH_NAME"
	echo "HOTFIX_DESCRIPTION=$BRANCH_NAME" >> $GITHUB_ENV

	- name: Verify base is main
	run: \|
	# Hotfix should only come from main
	if [ "$GITHUB_REF" == "refs/heads/main" ]; then
	echo "Merging hotfix to main - expected"
	fi

	build-test:
	name: Build & Test (Hotfix)
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup .NET
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: ${{ env.DOTNET_VERSION }}

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_VERSION }}
	cache: 'npm'

	- name: Restore & Build
	run: \|
	dotnet restore src/apps/ums.api/Ums.sln
	dotnet build src/apps/ums.api/Ums.sln --configuration Release --no-restore

	- name: Run hotfix-related tests
	run: \|
	dotnet test src/apps/ums.api/Ums.sln \
	--configuration Release --no-build \
	--logger "console;verbosity=minimal" \
	--filter "Category=Hotfix"

	- name: Run all tests
	run: \|
	dotnet test src/apps/ums.api/Ums.sln --configuration Release --no-build --logger "console;verbosity=minimal"
	npm ci
	npx nx run-many --target=test --configuration=release

	security-hotfix:
	name: Security Scan (Hotfix)
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Quick security scan
	run: \|
	# Run critical security checks only
	echo "Running critical security checks..."

	# Secrets scan
	echo "Checking for secrets..."
	if grep -rE "(password\|secret\|api.?key)\s[=:]\s['\"][A-Za-z0-9]{20,}" src/ --include=".cs" --include=".ts" 2>/dev/null; then
	echo "WARNING: Potential secret detected"
	fi

	- name: Run critical CodeQL checks
	uses: github/codeql-action/init@v3
	with:
	languages: 'csharp,javascript-typescript'
	queries: security-extended

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/hotfix:critical"

	rollback-plan:
	name: Rollback Plan
	runs-on: ubuntu-latest
	steps:
	- name: Create rollback plan
	run: \|
	echo "# Hotfix Rollback Plan" > rollback-plan.md
	echo "" >> rollback-plan.md
	echo "Hotfix: $HOTFIX_DESCRIPTION" >> rollback-plan.md
	echo "Date: $(date -u)" >> rollback-plan.md
	echo "Commit: $GITHUB_SHA" >> rollback-plan.md
	echo "" >> rollback-plan.md
	echo "## If Issues Detected After Merge" >> rollback-plan.md
	echo "" >> rollback-plan.md
	echo "### Option 1: Revert Commit" >> rollback-plan.md
	echo "```bash" >> rollback-plan.md
	echo "git revert $GITHUB_SHA" >> rollback-plan.md
	echo "git push origin main" >> rollback-plan.md
	echo "```" >> rollback-plan.md
	echo "" >> rollback-plan.md
	echo "### Option 2: Rollback to Previous Tag" >> rollback-plan.md
	echo "```bash" >> rollback-plan.md
	echo "git checkout main~1" >> rollback-plan.md
	echo "git checkout -b rollback-branch" >> rollback-plan.md
	echo "# fix issues" >> rollback-plan.md
	echo "# merge back to main" >> rollback-plan.md
	echo "```" >> rollback-plan.md

	- name: Upload rollback plan
	uses: actions/upload-artifact@v4
	with:
	name: hotfix-rollback-plan
	path: rollback-plan.md
	retention-days: 90

	hotfix-gate:
	name: Hotfix Approval Gate
	runs-on: ubuntu-latest
	needs: [hotfix-validation, build-test, security-hotfix]
	if: always()
	steps:
	- name: Evaluate hotfix gates
	run: \|
	FAILED=0

	if [ "${{ needs.hotfix-validation.result }}" == "failure" ]; then
	echo "❌ Hotfix validation failed"
	FAILED=1
	fi

	if [ "${{ needs.build-test.result }}" == "failure" ]; then
	echo "❌ Build or tests failed"
	FAILED=1
	fi

	if [ "${{ needs.security-hotfix.result }}" == "failure" ]; then
	echo "❌ Security scan failed"
	FAILED=1
	fi

	if [ $FAILED -eq 1 ]; then
	echo "Hotfix gates FAILED"
	exit 1
	fi

	echo "✅ All hotfix gates passed"
	echo ""
	echo "Hotfix is ready to be merged to main and synced to develop"

	merge-notification:
	name: Merge Notification
	runs-on: ubuntu-latest
	needs: [hotfix-gate]
	if: success()
	steps:
	- name: Display merge instructions
	run: \|
	echo "# Hotfix Ready for Merge"
	echo ""
	echo "## Next Steps"
	echo ""
	echo "1. Merge to main (fast-forward if possible):"
	echo " \`\`\`bash"
	echo " git checkout main"
	echo " git merge hotfix/$HOTFIX_DESCRIPTION"
	echo " git push origin main"
	echo " \`\`\`"
	echo ""
	echo "2. Sync to develop:"
	echo " \`\`\`bash"
	echo " git checkout develop"
	echo " git merge main # or cherry-pick specific commits"
	echo " git push origin develop"
	echo " \`\`\`"
	echo ""
	echo "3. Create Git tag if needed:"
	echo " \`\`\`bash"
	echo " git tag -a v.patch -m 'Hotfix: $HOTFIX_DESCRIPTION'"
	echo " git push origin v.patch"
	echo " \`\`\`"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs(readme): replace complex README with comprehensive navigation index #119

Workflow file

docs(readme): replace complex README with comprehensive navigation index #119

Uh oh!

Workflow file for this run