mfranzke
diff --git a/‎.github/WORKFLOWS.md
Lines changed: 121 additions & 21 deletions b/‎.github/WORKFLOWS.md
Lines changed: 121 additions & 21 deletions
diff --git a/‎.github/workflows/ci.yml
Lines changed: 3 additions & 5 deletions b/‎.github/workflows/ci.yml
Lines changed: 3 additions & 5 deletions
diff --git a/‎.github/workflows/codeql.yml
Lines changed: 50 additions & 49 deletions b/‎.github/workflows/codeql.yml
Lines changed: 50 additions & 49 deletions
@@ -4,26 +4,65 @@ This document describes all the GitHub Actions workflows and configurations set
 
 ## Workflows Overview
 
-### 1. **CI Workflow** (`.github/workflows/ci.yml`)
+### 1. **Default CI/CD Pipeline** (`.github/workflows/default.yml`)
 
-**Triggers:** Push to main/develop, Pull requests to main/develop
+**Triggers:** Push to main, Pull requests to main, Manual dispatch
+
+**Optimized Parallel Architecture:**
+
+This is the main orchestrator workflow that runs analysis tasks in parallel, then proceeds with build-dependent tasks sequentially:
+
+**Stage 1: Parallel Analysis** (All run simultaneously, no build required)
+
+- **Lint & Code Style** - XO linting, Markdown linting, Package checks by publint, Prettier checks
+- **Quality Analysis** - Test coverage, quality metrics (embedded quality checks)
+- **Security Analysis** - CodeQL security scanning (embedded security checks)
+
+**Stage 2: Build & Test** (Requires all Stage 1 to pass)
+
+- **CI Tests & Build** - Calls `ci.yml` for comprehensive testing and building
+
+**Stage 3: Performance Testing** (Conditional, requires build)
+
+- **Performance Tests** - Calls `performance.yml` (only when src/ files change)
+
+**Stage 4: Deploy** (Requires all previous stages, main branch only)
+
+- **GitHub Pages Deploy** - Calls `deploy-pages.yml`
+
+**Stage 5: Release** (Conditional, requires all stages, main branch only)
+
+- **Release Management** - Calls `release.yml` (only for changeset/, src/ or package.json changes)
+
+**Benefits:**
+
+- **Parallel efficiency**: All analysis runs simultaneously (3x faster than sequential)
+- **Fast failure**: Any analysis failure stops the pipeline before expensive build operations
+- **Resource optimization**: Build-dependent tasks only run after all checks pass
+- **Conditional execution**: Performance tests only when source files change
+- **Gated releases**: Releases only happen after all quality gates pass
+
+### 2. **CI Workflow** (`.github/workflows/ci.yml`)
+
+**Triggers:** Push to main, Pull requests, Workflow calls from default.yml
 
 **Jobs:**
 
 - **Test**: Runs on Node.js 22.x, 24.x
     - Checkout repository
     - Install dependencies (with npm cache)
-    - Run linting with `xo`
-    - Run tests with Vite
+    - Run tests with Vitest
     - Upload test coverage to Codecov
 - **Build**: Builds package and uploads artifacts
     - Build with `microbundle`
     - Upload `dist/` and `examples/` as artifacts
 - **Lint Markdown**: Validates all Markdown files
 
-### 2. **GitHub Pages Deployment** (`.github/workflows/deploy-pages.yml`)
+_Note: Linting has been moved to default.yml to avoid duplication_
+
+### 3. **GitHub Pages Deployment** (`.github/workflows/deploy-pages.yml`)
 
-**Triggers:** Push to main, Manual dispatch
+**Triggers:** Push to main, Manual dispatch, Workflow calls from default.yml
 
 **Features:**
 
@@ -37,7 +76,7 @@ This document describes all the GitHub Actions workflows and configurations set
 
 **CDN Access:** `https://cdn.jsdelivr.net/npm/css-if-polyfill/dist/index.modern.js`
 
-### 3. **Release Workflow** (`.github/workflows/release.yml`)
+### 4. **Release Workflow** (`.github/workflows/release.yml`)
 
 **Triggers:** Git tags starting with `v*`
 
@@ -47,33 +86,94 @@ This document describes all the GitHub Actions workflows and configurations set
 - **GitHub Release**: Creates GitHub release with changelog
 - **npm Publish**: Publishes to npm registry (requires `NPM_TOKEN` secret)
 
-### 4. **Code Quality** (`.github/workflows/quality.yml`)
+### 5. **Code Quality** (`.github/workflows/quality.yml`)
 
-**Triggers:** Push to main/develop, Pull requests
+**Triggers:** Push to main/develop, Pull requests, Workflow calls from default.yml
 
 **Features:**
 
-- Comprehensive linting with detailed reports
-- Test coverage analysis
-- Bundle size reporting
+- Test coverage analysis with detailed reports
+- Bundle size analysis
 - Security vulnerability scanning
-- CodeQL security analysis
 - Archives coverage reports as artifacts
 
-### 5. **Documentation Updates** (`.github/workflows/docs.yml`)
+_Note: Comprehensive linting has been moved to default.yml to avoid duplication_
+
+### 6. **Performance Testing** (`.github/workflows/performance.yml`)
+
+**Triggers:** Push/PR to main (when src/ changes), Manual dispatch, Workflow calls from default.yml
+
+**Features:**
+
+- Runs performance benchmarks using Playwright
+- Tests initialization time and processing speed
+- Fails if performance thresholds are exceeded
+- Comments benchmark results on PRs
+- Uploads performance results as artifacts
+
+### 7. **Security Analysis** (`.github/workflows/codeql.yml`)
 
-**Triggers:** Push to main (when src/, examples/, or README.md changes), Manual dispatch
+**Triggers:** Push to main, Pull requests, Scheduled (weekly), Manual dispatch, Workflow calls from default.yml
 
 **Features:**
 
-- Auto-generates API documentation
-- Updates examples with latest syntax
-- Commits changes back to repository
-- Skips CI on documentation commits
+- Automated CodeQL security scanning for JavaScript and actions
+- Detects potential security vulnerabilities
+- Integrates with GitHub Security Advisory database
+- Runs weekly on schedule for continuous monitoring
 
-### 6. **Performance Testing** (`.github/workflows/performance.yml`)
+### 8. **Release Workflow** (`.github/workflows/release.yml`)
+
+**Triggers:** Push to main (changeset changes), Manual dispatch
+
+**Features:**
+
+- Integrated with Changesets for version management
+- Creates version PRs automatically
+- Publishes to npm with proper provenance
+- Generates GitHub releases with changelogs
+
+_Note: This workflow remains independent as it handles specialized release processes_
+
+## Workflow Architecture
+
+### Parallel + Sequential Design
+
+The new architecture optimizes for maximum efficiency with parallel analysis followed by sequential build-dependent tasks:
+
+```text
+Default.yml (Orchestrator)
+├── Stage 1: Parallel Analysis (simultaneous)
+│   ├── Lint & Code Style
+│   ├── Quality Analysis (with embedded testing)
+│   └── Security Analysis (CodeQL)
+├── Stage 2: CI Tests & Build (requires all Stage 1)
+├── Stage 3: Performance Tests (conditional, requires Stage 2)
+├── Stage 4: Deploy (main only, requires Stages 2-3)
+└── Stage 5: Release (conditional, requires all previous stages)
+```
+
+**Key Optimizations:**
+
+- **3x faster Stage 1**: Parallel execution instead of sequential
+- **Embedded quality checks**: Tests run within quality job to avoid duplication
+- **Embedded security**: CodeQL runs inline instead of calling separate workflow
+- **Smart dependencies**: Build only happens after all analysis passes
+
+### Standalone Workflows
+
+Some workflows remain independent for specific use cases:
+
+- **Release** (`release.yml`) - Handles changesets and publishing (now also integrated into default.yml)
+- **Individual workflows** - Can still be triggered independently for debugging
+
+### Removed Duplication
 
-**Triggers:** Push/PR to main (when src/ changes), Manual dispatch
+- **Linting**: Centralized in default.yml Stage 1
+- **Setup/Dependencies**: Managed per workflow but coordinated
+- **Build**: Streamlined through CI workflow
+- **Security**: Dedicated stage in pipeline
+- **Changeset workflow**: Removed duplicate `changeset.yml` (functionality preserved in `release.yml`)
 
 **Features:**
 
 
@@ -2,9 +2,10 @@ name: CI
 
 on:
   push:
-    branches: [main, develop]
+    branches: [main]
   pull_request:
-    branches: [main, develop]
+    branches: [main]
+  workflow_call: # Allow this workflow to be called by other workflows
 
 jobs:
   test:
@@ -31,9 +32,6 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Run linting
-        run: npm run lint
-
       - name: Run tests
         run: npm test
 
 
@@ -13,12 +13,13 @@ name: "CodeQL Advanced"
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
   schedule:
-    - cron: '18 7 * * 4'
+    - cron: "18 7 * * 4"
   workflow_dispatch:
+  workflow_call: # Allow this workflow to be called by other workflows
 
 jobs:
   analyze:
@@ -44,10 +45,10 @@ jobs:
       fail-fast: false
       matrix:
         include:
-        - language: actions
-          build-mode: none
-        - language: javascript-typescript
-          build-mode: none
+          - language: actions
+            build-mode: none
+          - language: javascript-typescript
+            build-mode: none
         # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
         # Use `c-cpp` to analyze code written in C, C++ or both
         # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
@@ -57,50 +58,50 @@ jobs:
         # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Add any setup steps before running the `github/codeql-action/init` action.
-    # This includes steps like installing compilers or runtimes (`actions/setup-node`
-    # or others). This is typically only required for manual builds.
-    # - name: Setup runtime (example)
-    #   uses: actions/setup-example@v1
-    - name: Setup Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version-file: ".nvmrc"
-        cache: "npm"
+      # Add any setup steps before running the `github/codeql-action/init` action.
+      # This includes steps like installing compilers or runtimes (`actions/setup-node`
+      # or others). This is typically only required for manual builds.
+      # - name: Setup runtime (example)
+      #   uses: actions/setup-example@v1
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "npm"
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
-    # If the analyze step fails for one of the languages you are analyzing with
-    # "We were unable to automatically build your code", modify the matrix above
-    # to set the build mode to "manual" for that language. Then modify this step
-    # to build your code.
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    - if: matrix.build-mode == 'manual'
-      shell: bash
-      run: |
-        echo 'If you are using a "manual" build mode for one or more of the' \
-          'languages you are analyzing, replace this with the commands to build' \
-          'your code, for example:'
-        echo '  make bootstrap'
-        echo '  make release'
-        exit 1
+      # If the analyze step fails for one of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix above
+      # to set the build mode to "manual" for that language. Then modify this step
+      # to build your code.
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          echo 'If you are using a "manual" build mode for one or more of the' \
+            'languages you are analyzing, replace this with the commands to build' \
+            'your code, for example:'
+          echo '  make bootstrap'
+          echo '  make release'
+          exit 1
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"