CI Quality Gates
Назначение
Документ задает обязательные проверки, которые защищают архитектуру, безопасность, финансы, контракты и документацию от случайной деградации.
Базовый Pipeline
| Gate | Что Проверяет |
|---|---|
| Format/Lint | C# formatting, TypeScript lint, markdown style для docs. |
| Build | Все измененные projects и зависимые shared packages. |
| Unit Tests | Domain invariants, application decisions, validators. |
| Architecture Tests | Layer dependencies, service import boundaries, naming conventions. |
| Contract Tests | OpenAPI/event compatibility, generated clients. |
| Integration Tests | Testcontainers для PostgreSQL/Kafka/Redis и critical flows. |
| Security Checks | dependency vulnerabilities, secret scanning, auth policy coverage. |
| Documentation Checks | ссылки, наличие docs для API/events/entities. |
| Migration Checks | dry run migrations, destructive migration detection. |
Gate Ownership
| Gate | Owner | Blocking |
|---|---|---|
| Format/Lint | Engineering | Да. |
| Architecture Tests | Architecture/Platform | Да. |
| Contract Tests | Service owner + frontend owner | Да для public/admin/partner API. |
| Security Checks | Security owner | Да для high/critical. |
| Migration Checks | Service owner + DBA/platform | Да для production-bound changes. |
| Documentation Checks | Author + reviewer | Да для changed public behavior. |
| Critical Domain Tests | Domain owner | Да для money/identity/provider flows. |
Change-Type Matrix
| Change Type | Required Gates |
|---|---|
| API endpoint | API doc, OpenAPI diff, generated client check, permission catalog. |
| Kafka event | Event schema compatibility, event catalog, consumer impact check. |
| DB migration | Migration dry run, destructive detector, rollback/forward-fix note. |
| Permission/policy | Permission catalog, policy tests, audit tests. |
| Financial flow | Unit + integration + idempotency + reconciliation tests. |
| Provider adapter | Sandbox/simulator tests, timeout/retry policy, callback security tests. |
| Report/export | Export registry, PII classification, audit and expiration tests. |
| Shared package | Affected service build/tests, ADR if runtime behavior changes. |
Blocking Rules
Merge блокируется, если:
- service импортирует другой service напрямую;
- API endpoint не имеет документации;
- event contract изменен без compatibility note;
- permission scope отсутствует в catalog;
- tenant-scoped query не проходит architecture/scope tests;
- migration содержит destructive operation без approval;
- generated OpenAPI client устарел;
- docs links в измененных файлах сломаны.
Required Artifacts
CI должен публиковать artifacts:
- test results;
- coverage summary;
- architecture test report;
- OpenAPI diff;
- event schema diff;
- migration dry run report;
- generated client package or checksum;
- docs link check report;
- dependency/security scan report.
Critical Domain Gates
Для Accounting, Payments, Execution Gateway, Incentive, Identity, KYC и Partner Payout дополнительно требуются:
- integration tests с Testcontainers;
- idempotency/retry tests;
- audit/assertion tests для high-impact operations;
- negative cases для authorization и tenant isolation;
- reconciliation/evidence notes для risky change.
Documentation Coverage Gate
Для каждого нового/измененного элемента проверяется наличие:
- API method doc для HTTP endpoint;
- event doc для Kafka contract;
- entity/doc/fact doc для persisted model;
- ADR для architecture-level deviation;
- permission catalog entry для protected method;
- runbook для new critical alert.
Release Gate
Перед production release собирается release package:
- OpenAPI artifacts;
- event schema artifacts;
- migration list;
- changed permissions;
- feature flags;
- runbook links;
- rollback notes;
- operational evidence package checklist.
Manual Approval Rules
Manual approval обязателен для:
- destructive migration;
- permission model change;
- payment/game provider credential or callback change;
- financial ledger/posting logic;
- KYC/AML decision logic;
- public API breaking change;
- feature flag that changes money/security behavior.
Approval фиксируется в release notes или Operational Evidence Package.
CI Failure Triage
| Failure | Первое Действие |
|---|---|
| Architecture test | Исправить dependency direction или обновить ADR/rule. |
| OpenAPI diff breaking | Вернуть compatibility или поднять API version. |
| Event diff breaking | Добавить versioned event или migration plan. |
| Migration dry run | Исправить migration или добавить approved plan. |
| Docs link check | Исправить ссылку/индекс до merge. |
| Security scan | Обновить dependency или оформить risk acceptance. |
Обратные ссылки
Автоссылки: где используется этот документ.
- ci-cd.md (1): CI/CD Notes
- backend-shared-standards-index.md (1): Backend Shared Standards Index