[PHASE 0] CI/CD Stabilization Sprint - Coordination Issue

# 🚀 PHASE 0: CI/CD Pipeline Foundation Stabilization

**Sprint Duration:** March 15-21, 2026  
**Status:** 🟡 IN PROGRESS  
**Assignees:** @POWDER-RANGER  
**Labels:** `ci-cd`, `bug`, `high-priority`, `phase-0`

---

## 🎨 Executive Summary

CIVWATCH CI/CD pipeline has **3 critical blockers** preventing reliable builds:

1. **devskim.yml** - Duplicate YAML keys = silent workflow skip (0s duration)
2. **PSScriptAnalyzer** - No PowerShell files to scan (low-priority)
3. **Dependabot** - 7 open security PRs needing staged merge strategy

**Goal:** Restore CI health to support standalone .exe build pipeline.

---

## 📊 Issues & Fixes

### ✅ RESOLVED: devskim.yml Duplicate Keys

**PR:** [#98](https://github.com/POWDER-RANGER/CIVWATCH/pull/98)  
**Status:** OPEN (awaiting merge)  
**Root Cause:** Two workflow steps had duplicate `uses:` keys:
- Checkout: `v6` tag + SHA pin
- Upload SARIF: `v4` tag + SHA pin

GitHub YAML parser silently skips workflows with duplicate keys.

**Fix:** Remove non-SHA `uses:` lines, keep only immutable SHA versions.

**Test Post-Merge:**
```bash
gh workflow run devskim.yml --repo POWDER-RANGER/CIVWATCH
# Expected: Job completes in <2 minutes (not 0 seconds)
```

---

### 🟡 PENDING: PSScriptAnalyzer Configuration

**Issue:** psscriptanalyzer.yml fails but repo contains 0 PowerShell (.ps1) files.  
**Status:** Low priority (no .ps1 files in codebase currently)  
**Options:**
1. Disable job: Add `if: false` to save CI resources
2. Create stub scripts: Maintain workflow for future PS integration
3. Wait for roadmap: Only enable when PS modules are planned

**Recommendation:** Option 1 (disable) until PowerShell is integrated.  
**Action Owner:** TBD

---

### 📋 PENDING: Dependabot Security PRs Merge Strategy

**Open PRs:** #91-97 (7 total)  
**Status:** Staged merge planned

**Priority Tiers:**

#### Tier 1 - HIGH SECURITY (Merge ASAP)
- [#92](https://github.com/POWDER-RANGER/CIVWATCH/pull/92) - jsonwebtoken (JWT auth tokens)
- [#93](https://github.com/POWDER-RANGER/CIVWATCH/pull/93) - mongoose (schema validation)

#### Tier 2 - INFRASTRUCTURE (Merge Week 1)
- [#94](https://github.com/POWDER-RANGER/CIVWATCH/pull/94) - redis (caching)
- [#97](https://github.com/POWDER-RANGER/CIVWATCH/pull/97) - dotenv (config management)
- [#96](https://github.com/POWDER-RANGER/CIVWATCH/pull/96) - cors (headers)

#### Tier 3 - TOOLS (Merge Week 2)
- [#95](https://github.com/POWDER-RANGER/CIVWATCH/pull/95) - express (framework)
- [#91](https://github.com/POWDER-RANGER/CIVWATCH/pull/91) - pip (Python package manager)

**Merge Process:**
1. Merge Tier 1 individually, verify CI passes
2. If no conflicts, group Tier 2 (3-5 PRs together)
3. Follow with Tier 3
4. Check main branch CI health after each merge batch

---

## ✅ Verification Checklist

- [ ] **PR #98 Created** - devskim.yml fix
- [ ] **PR #98 Merged** - Verify devskim workflow runs (not 0s)
- [ ] **PSScriptAnalyzer Disabled** - Add `if: false` to psscriptanalyzer.yml
- [ ] **Dependabot Tier 1 Merged** - #92, #93 security updates
- [ ] **Dependabot Tier 2 Merged** - #94, #97, #96 (batch or individual)
- [ ] **Dependabot Tier 3 Merged** - #95, #91
- [ ] **All CI Workflows Green** - No 0s durations, no failures
- [ ] **Documentation Updated** - CI_MAINTENANCE_LOG.md reflects final state

---

## 📚 Resources

- **Diagnostics Doc:** [CI_MAINTENANCE_LOG.md](https://github.com/POWDER-RANGER/CIVWATCH/blob/main/CI_MAINTENANCE_LOG.md)
- **GitHub YAML Spec:** [Workflow Syntax](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
- **DevSkim Docs:** [Microsoft/DevSkim](https://github.com/microsoft/DevSkim)
- **GitHub CLI:** `gh workflow run --help` for manual workflow triggering

---

## 🏁 Success Criteria

**Phase 0 Complete When:**
1. ✅ All 3 CI blockers resolved
2. ✅ devskim.yml workflow completes successfully
3. ✅ All Dependabot PRs merged (staged approach)
4. ✅ CI health dashboard shows 100% green
5. ✅ No 0-second job durations
6. ✅ Documentation reflects current state

**Expected Outcome:** Stable CI/CD foundation ready for Phase 1 (standalone .exe build pipeline).

---

## 🗣️ Comments & Updates

Use this issue for coordination. Tag relevant PRs and workflows as they progress.

**Timeline:**
- Mar 17: Phase 0 issues identified, PR #98 created
- Mar 18-19: Merge security & infrastructure PRs
- Mar 20: Final verification and documentation
- Mar 21: Phase 0 complete, ready for Phase 1

---

**Status Dashboard:** [CI Maintenance Log](https://github.com/POWDER-RANGER/CIVWATCH/blob/main/CI_MAINTENANCE_LOG.md)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PHASE 0] CI/CD Stabilization Sprint - Coordination Issue #99

🚀 PHASE 0: CI/CD Pipeline Foundation Stabilization

🎨 Executive Summary

📊 Issues & Fixes

✅ RESOLVED: devskim.yml Duplicate Keys

🟡 PENDING: PSScriptAnalyzer Configuration

📋 PENDING: Dependabot Security PRs Merge Strategy

Tier 1 - HIGH SECURITY (Merge ASAP)

Tier 2 - INFRASTRUCTURE (Merge Week 1)

Tier 3 - TOOLS (Merge Week 2)

✅ Verification Checklist

📚 Resources

🏁 Success Criteria

🗣️ Comments & Updates

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[PHASE 0] CI/CD Stabilization Sprint - Coordination Issue #99

Description

🚀 PHASE 0: CI/CD Pipeline Foundation Stabilization

🎨 Executive Summary

📊 Issues & Fixes

✅ RESOLVED: devskim.yml Duplicate Keys

🟡 PENDING: PSScriptAnalyzer Configuration

📋 PENDING: Dependabot Security PRs Merge Strategy

Tier 1 - HIGH SECURITY (Merge ASAP)

Tier 2 - INFRASTRUCTURE (Merge Week 1)

Tier 3 - TOOLS (Merge Week 2)

✅ Verification Checklist

📚 Resources

🏁 Success Criteria

🗣️ Comments & Updates

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions