Ready for Review -
Excel:
Phase5_CICD_Pipeline_Validation_Workbook.xlsx
Document:
Phase5_CICD_Pipeline_Design_and_Acceptance_Guide.docx
Phase 5 – CI/CD Pipeline Design & Acceptance Guide
Executive Overview
Phase 5 integrates the entire smoke test suite into GitHub Actions to provide continuous validation after every code change and nightly regression testing.
The engineer is responsible for implementing the complete CI/CD pipeline based on the approved workflow specification.
Jennifer is responsible for validating that the pipeline design aligns with the team's operational requirements before enabling automated execution.
Phase Objectives
At the completion of Phase 5:
- All smoke tests execute automatically through GitHub Actions.
- Every pipeline produces an HTML Playwright report.
- Reports are retained as workflow artifacts.
- Failed nightly runs generate Slack notifications.
- Secrets are securely stored in GitHub.
- Jennifer approves the first successful nightly execution before production use.
Jennifer's Deliverables
Before implementation is approved, Jennifer should review the following with the engineering team.
Pipeline Review
Confirm:
- Job names match team standards.
- Trigger conditions are correct.
- Schedule matches expected execution time.
- Runtime estimates are reasonable.
- HTML reports are uploaded.
- Failure notifications are sent to the correct Slack channel.
- Required GitHub secrets exist.
- Pipeline follows repository conventions.
Jennifer should also review the first nightly report before enabling ongoing automation.
Pipeline Architecture
Developer Push
│
▼
Critical Smoke
(~10 sec)
Pull Request
│
▼
Critical Smoke
(~10 sec)
Manual Trigger
│
▼
Single Service Smoke
(~5 min)
Nightly (03:00 ET)
│
▼
Complete Smoke Suite
(~20 min)
Upload Report
│
▼
Slack Notification (if failed)
GitHub Actions Workflow
.github/workflows/smoke.yml
Pipeline Name
Job Overview
| Job |
Purpose |
Trigger |
Estimated Runtime |
| Critical |
Authentication validation |
Push / Pull Request |
~10 seconds |
| Service Smoke |
Individual service validation |
Manual |
~5 minutes |
| Nightly |
Complete smoke suite |
Scheduled |
~20 minutes |
Job 1 — Critical
Purpose
Provides immediate validation after every code change.
Runs only the critical authentication tests.
Triggers
- Push to main
- Pull Request
Expected runtime
Validation
- Checkout repository
- Install Node
- Install dependencies
- Execute
npx playwright test --grep @critical
Job 2 — Service Smoke
Purpose
Allows engineers to validate one service independently.
Example
or
or
Trigger
Engineer supplies
Example
Expected runtime
Validation
- Execute only selected tag
- Upload Playwright HTML report
- Retain artifact for 14 days
Job 3 — Nightly
Purpose
Runs the complete regression suite every night.
Tag
Trigger
Cron
Expected runtime
Timeout
Validation
- Execute every smoke test
- Upload HTML report
- Retain report for 30 days
- Notify Slack if failed
Pipeline Lifecycle
Push / PR
│
▼
Critical Job
Manual
│
▼
Service Smoke
Nightly
│
▼
Run All Smoke Tests
Generate HTML Report
│
▼
Upload Artifact
│
▼
Slack Notification (Failures Only)
---
# Required GitHub Secrets
| Secret | Purpose |
|----------|----------|
| `ZCP_SMOKE_TOKEN` | Smoke test API token |
| `ZCP_SMOKE_PROJECT` | Project slug |
| `SLACK_QA_WEBHOOK` | Slack Incoming Webhook |
| `ZCP_SMOKE_REGION` | Default cloud region |
---
# Environment Configuration
Example
```text
ZCP_API_BASE=https://api.zcp.zsoftly.ca/api
ZCP_SMOKE_TOKEN=xxxxxxxxxxxxxxxx
ZCP_SMOKE_PROJECT=smoke-tests
ZCP_SMOKE_REGION=yow
Environment variables should never be committed into source control.
Use
instead.
API Validation
Each workflow must verify
- Successful authentication
- Correct environment
- Required secrets loaded
- Playwright starts successfully
- HTML report generated
- Exit code returned correctly
Artifact Validation
Verify
- HTML report uploaded
- Artifact name includes workflow run ID
- Report opens successfully
- Screenshots included when failures occur
- Trace files available (if enabled)
Slack Notification Validation
Notification should only occur when
returns true.
Verify
- Correct Slack channel
- Link opens GitHub Actions run
- Message clearly identifies failed workflow
- Only one notification per failed run
Example
ZCP nightly smoke FAILED
View Report
Security Validation
Verify
- Secrets are never logged
- API tokens are masked
- Webhook URL is hidden
- Reports contain no credentials
Performance Expectations
| Job |
Maximum Runtime |
| Critical |
30 seconds |
| Service Smoke |
10 minutes |
| Nightly |
30 minutes |
Investigate significant runtime increases.
Cleanup Validation
Each workflow should verify
- Temporary files removed
- Playwright processes terminated
- HTML report generated
- No orphaned test resources remain
Acceptance Criteria
| Category |
Acceptance Criteria |
Verification |
| Workflow File |
.github/workflows/smoke.yml committed |
Code Review |
| Critical Job |
Executes on every Push and PR |
GitHub Actions |
| Service Smoke |
Executes manually using tag input |
GitHub Actions |
| Nightly Job |
Executes on schedule |
GitHub Actions |
| HTML Reports |
Uploaded successfully |
Artifact Review |
| Artifact Retention |
14-day and 30-day retention configured |
Workflow Review |
| Secrets |
Configured in GitHub |
Repository Settings |
| Slack Alerts |
Failure notifications delivered |
Slack Verification |
| Runtime |
Jobs complete within expected duration |
Pipeline Review |
| Regression |
All 50 smoke tests pass |
Nightly Run |
| Jennifer Approval |
Nightly report reviewed |
Sign-off |
Engineer Checklist
Required Before Phase 5 Sign-off
Resource Verification
| Resource |
Verified |
| HTML Report Uploaded |
- [ ] |
| Artifact Download Works |
- [ ] |
| Slack Notification Sent |
- [ ] |
| GitHub Secrets Configured |
- [ ] |
| Nightly Schedule Verified |
- [ ] |
Engineer Sign-off
| Field |
Value |
| Engineer |
|
| Reviewer (Jennifer) |
|
| Date |
|
| Build / Release Version |
|
| Git Commit / PR |
|
| GitHub Actions Run |
|
Final Result
Reviewer Comments
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
Exit Rule
Phase 5 is complete only when:
- All GitHub Actions jobs execute successfully.
- The complete smoke suite (Tests 1–50) passes.
- HTML reports are generated and uploaded as workflow artifacts.
- Slack failure notifications are delivered to the approved QA channel.
- GitHub Secrets are configured securely.
- Jennifer reviews the first successful nightly execution and signs off.
Only then may the CI/CD pipeline be enabled for ongoing automated validation.
Ready for Review -
Excel:
Phase5_CICD_Pipeline_Validation_Workbook.xlsx
Document:
Phase5_CICD_Pipeline_Design_and_Acceptance_Guide.docx
Phase 5 – CI/CD Pipeline Design & Acceptance Guide
Executive Overview
Phase 5 integrates the entire smoke test suite into GitHub Actions to provide continuous validation after every code change and nightly regression testing.
The engineer is responsible for implementing the complete CI/CD pipeline based on the approved workflow specification.
Jennifer is responsible for validating that the pipeline design aligns with the team's operational requirements before enabling automated execution.
Phase Objectives
At the completion of Phase 5:
Jennifer's Deliverables
Before implementation is approved, Jennifer should review the following with the engineering team.
Pipeline Review
Confirm:
Jennifer should also review the first nightly report before enabling ongoing automation.
Pipeline Architecture
Pull Request
│
▼
Critical Smoke
(~10 sec)
Nightly (03:00 ET)
│
▼
Complete Smoke Suite
(~20 min)
GitHub Actions Workflow
Pipeline Name
Job Overview
Job 1 — Critical
Purpose
Provides immediate validation after every code change.
Runs only the critical authentication tests.
Triggers
Expected runtime
Validation
Job 2 — Service Smoke
Purpose
Allows engineers to validate one service independently.
Example
or
or
Trigger
Engineer supplies
Example
Expected runtime
Validation
Job 3 — Nightly
Purpose
Runs the complete regression suite every night.
Tag
Trigger
Cron
Expected runtime
Timeout
Validation
Pipeline Lifecycle
Manual
│
▼
Service Smoke
Generate HTML Report
│
▼
Upload Artifact
│
▼
Slack Notification (Failures Only)
Environment variables should never be committed into source control.
Use
instead.
API Validation
Each workflow must verify
Artifact Validation
Verify
Slack Notification Validation
Notification should only occur when
returns true.
Verify
Example
Security Validation
Verify
Performance Expectations
Investigate significant runtime increases.
Cleanup Validation
Each workflow should verify
Acceptance Criteria
.github/workflows/smoke.ymlcommittedEngineer Checklist
Required Before Phase 5 Sign-off
smoke.ymlimplementedResource Verification
Engineer Sign-off
Final Result
Reviewer Comments
Exit Rule
Phase 5 is complete only when:
Only then may the CI/CD pipeline be enabled for ongoing automated validation.