# CI/CD Pipeline Plan

## CI Workflow (on push to main + PRs)

### Jobs
1. **Rust checks**
   - `cargo clippy --all-targets --all-features` (zero warnings)
   - `cargo fmt --all -- --check`
   - `cargo test --all-features`

2. **Frontend checks**
   - `npm run type-check` (vue-tsc)
   - `npm run lint` (eslint)
   - `npm test` (vitest)

3. **Script validation**
   - `bash -n` on all .sh files
   - `shellcheck` on critical scripts

### Merge policy
All checks must pass before merge.

## Release Workflow (on tag push v*)

### Jobs
1. Build Linux binary (cross-compile x86_64 + ARM64)
2. Build frontend (`npm run build`)
3. ISO build via SSH to build server
4. QEMU smoke test of ISO

## Pre-requisites
- GitHub Actions runners with Rust toolchain
- SSH key for build server access
- Branch protection on main
- Image digest manifest from `scripts/image-versions.sh`

## Estimated implementation: 2 weeks