CI/CD Tooling and Release Governance

Operating Model

PayCal's CI/CD process is local-authoritative first. Developer hooks run before commits and pushes, while optional GitHub workflows provide independent remote evidence. Production deployment is controlled by a release ledger that records the desired SHA, deployed SHA, runtime proof, and deployment receipt.

• Pre-commit: sensitive-file scan, Composer state check, README version check, PHPStan baseline policy, AST metric capture, and quick PHPUnit suite.
• Pre-push: README check, policy metadata, full PHPStan Level 9, and quick-test verification unless HEAD was already verified by pre-commit.
• Public health: validates the public mirror with the public PHPUnit profile, PHPStan, README, and policy metadata before public promotion.
• Release ledger: records candidates, desired state, deployment receipts, runtime proof, and drift status.

Portability Commitments

The tooling is intentionally scriptable outside one workstation. Recent compatibility work removed GNU-only assumptions in affected-test helpers, fixed portable shell path handling, and documented that production sync uses the deploy account rather than a personal SSH user.

Remaining operational improvement: configure local commit signing so GitHub branch-protection warnings about unverified local commits are eliminated instead of bypassed by administrative policy.

How To Verify

scripts/paycal checks:readme-version
scripts/paycal checks:policy-meta
composer run phpstan:strict
composer run test:quick
scripts/paycal checks:public-health /private/var/www/paycal
scripts/paycal deploy:status prod

Related transparency pages: Dependency and CI/CD Governance, Testing and Validation Governance, and Release Integrity and SHA Health.