Confidential Document

This document is restricted to RRI leadership.

Incorrect password
DERISK — Remove What Can Kill You
D7

CI/CD on Revenue-Critical Systems

NOT STARTED Wave 1 · 3 weeks

Executive Summary

The four Heroku apps that process every dollar of RRI revenue have no CI/CD pipeline. Engineers push directly to master. rri-order-ingestion — which handles 12+ dynos of webhook processing from Stripe, ClickFunnels, Shopify, and CopeCart — has zero automated tests blocking deployment. rri-core-api-v3 has CI/CD but tests are SKIPPED.

One bad push to any of these apps during an event could halt revenue. The fix is a standard CI/CD pipeline: lint → test with coverage threshold → TruffleHog secret scan → block merge if any fails. Plus a CD workflow: deploy to Heroku staging → smoke test /health → GitHub Environment approval gate → promote to production.

Reusable workflows via rri-dev/.github org repo mean one change propagates to all repos. Branch protection via GitHub Rulesets at org level (not per-repo) with Evaluate mode rollout blocks ALL direct pushes including Spork alt accounts.

What Needs to Happen

  1. Week 1: rri-order-ingestion (P0)/health endpoint + GitHub Actions CI + staging deploy pipeline. Owner: Johnny. This is the highest-risk repo — 12 dynos, zero tests, processes every payment.
  2. Week 2: rri-event-api + rri-core-api-v3 fix — Enable skipped tests on core-api-v3, enforce coverage gate. Build CI for event-api. Owner: Zach.
  3. Week 3: members-portal + rri-member-service — CI/CD for contractor-maintained systems. Owner: Federico. These repos are Federico’s primary domain.

Highest-risk blocker: @alphonso77/rri-lifeforce NPM_TOKEN — order-ingestion CI cannot run npm ci without it. Must migrate to @rri org first (D1 action).

Coverage Strategy

Measure current coverage FIRST, set threshold at (actual - 5%), ratchet quarterly. Never start high. The goal is preventing regression, not achieving arbitrary coverage targets.

Claude Code acceleration: GitHub Actions workflows are AI’s sweet spot. Claude Code can generate complete CI/CD workflow YAML files, health check endpoints, branch protection configs, and reusable workflow templates from repository analysis. Estimated savings: 1.5-2 weeks from the original 3-week timeline.

Completion Criteria

  • rri-order-ingestion: CI pipeline active with lint + test + TruffleHog gates
  • rri-event-api: CI pipeline active with test coverage enforcement
  • rri-core-api-v3: Skipped tests re-enabled with coverage gate enforced
  • members-portal + rri-member-service: CI/CD active
  • Reusable workflows deployed to rri-dev/.github org repo
  • GitHub Rulesets active at org level — zero direct pushes to master across all 5 repos
  • Heroku staging deploy + smoke test + approval gate working on all repos
  • /health endpoint deployed on all 4 Heroku apps

Initiative Attributes

D7 — CI/CD on Revenue-Critical Systems
Cost
~$28-50/month ongoing (Heroku staging dynos) + ~12 person-days of team time
Timeline (Original)
3 weeks (Wave 1)
Timeline (With Claude Code)
1-1.5 weeks
GitHub Actions workflows — AI’s sweet spot
Owner
Johnny Yarlott (Week 1) + Zach Hardesty (Week 2) + Federico Del Rio (Week 3)
Dependencies
Hard: D3 (TruffleHog gate is core part of CI; secrets must be rotated before CI inherits them). Soft: D1 (bus factor creates additional PR reviewers)
Unblocks
D1 (cross-training safer with CI guards), D2 (migration safer with test coverage), D8 (contractor docs reference CI patterns), U1 (sprint discipline requires CI enforcement)
Revenue at Risk
One bad push = full revenue halt — during a live event, a broken order-ingestion deploy stops all payments
Success Metrics
All 5 repos have CI gates blocking merge; zero direct pushes to master

Tools Required

ToolPurposeCost
GitHub ActionsCI/CD pipeline — lint, test, TruffleHog scan, staging deployFree (included with GitHub)
GitHub RulesetsOrg-level branch protection — blocks direct pushes across all reposFree (included with GitHub)
TruffleHogSecret scanning gate in CI pipeline (shared with D3)Free (OSS)
Heroku Staging DynosStaging environments for smoke testing before production promote$28-50/month

Related Risks

No direct risk register entries. However, the absence of CI/CD is itself the risk — it is the mechanism through which every other risk (bus factor, credential leak, migration failure) materializes in production. CI/CD is the safety net that makes D1, D2, D3, and D8 safe to execute.