GitHub Actions only loads workflow YAML from .github/workflows/ (repo root). Executable files use the quality-* prefix there; this folder is the index and runbook for coverage and external quality gates.
Pipeline map: .github/CI-CD.md
| Workflow | File | Job | Trigger | Purpose |
|---|---|---|---|---|
| Quality / Codecov | ../quality-codecov.yml |
Run tests and collect coverage | PR, push (app paths), manual | test:ci lcov + JUnit Test Analytics + Vite bundle analysis |
| Quality / SonarCloud | ../quality-sonarcloud.yml |
SonarCloud Code Analysis | PR, push (app paths), manual | Static analysis + coverage + Quality Gate |
Both support workflow_dispatch.
| Secret | Workflow | Doc |
|---|---|---|
CODECOV_TOKEN |
quality-codecov.yml |
CODECOV.md |
SONAR_TOKEN |
quality-sonarcloud.yml |
SONARCLOUD.md |
Config files: root codecov.yml, sonar-project.properties.
npm run test:ci # coverage/lcov.info + junit.xml
npm run verify:junit| Job name | When to require |
|---|---|
| Run tests and collect coverage | After CODECOV_TOKEN configured |
| SonarCloud Code Analysis | After SONAR_TOKEN configured |
| Topic | Doc |
|---|---|
| CI tests | ../ci/README.md |
| Security SAST | ../security/README.md |