Merge pull request #1 from techdivision/staging

chore: promote staging to production

Author: wagnert

.github/BRANCH-PROTECTION.md

@@ -0,0 +1,176 @@
+# Branch Protection Configuration
+
+Configure these settings in **GitHub Repository Settings → Branches → Branch protection rules**.
+
+## `develop` Branch Protection
+
+1. Go to: Settings → Branches → Add rule
+2. Branch name pattern: `develop`
+3. Configure:
+
+```
+✅ Require a pull request before merging
+   ✅ Require approvals: 1
+   ✅ Dismiss stale pull request approvals when new commits are pushed
+   ✅ Require approval of the most recent reviewable push
+
+✅ Require status checks to pass before merging
+   ✅ Require branches to be up to date before merging
+   Status checks:
+   - test (Node.js 18.x)
+   - test (Node.js 20.x)
+   - test (Node.js 22.x)
+   - coverage
+
+✅ Require conversation resolution before merging
+
+✅ Include administrators
+
+❌ Allow force pushes (disabled)
+❌ Allow deletions (disabled)
+```
+
+**Deployment:** ❌ No automatic deployment (CI only)
+
+---
+
+## `staging` Branch Protection
+
+1. Go to: Settings → Branches → Add rule
+2. Branch name pattern: `staging`
+3. Configure:
+
+```
+✅ Require a pull request before merging
+   ✅ Require approvals: 1
+   ✅ Dismiss stale pull request approvals when new commits are pushed
+   ✅ Require approval of the most recent reviewable push
+
+✅ Require status checks to pass before merging
+   ✅ Require branches to be up to date before merging
+   Status checks:
+   - test (Node.js 18.x)
+   - test (Node.js 20.x)
+   - test (Node.js 22.x)
+   - coverage
+
+✅ Require conversation resolution before merging
+
+✅ Restrict who can push to matching branches (optional)
+   Allowed: develop branch only
+
+✅ Include administrators
+
+❌ Allow force pushes (disabled)
+❌ Allow deletions (disabled)
+```
+
+**Deployment:** ✅ Auto-deploy to Staging environment
+
+---
+
+## `main` Branch Protection
+
+1. Go to: Settings → Branches → Add rule
+2. Branch name pattern: `main`
+3. Configure:
+
+```
+✅ Require a pull request before merging
+   ✅ Require approvals: 2 (WICHTIG: 2 Approver!)
+   ✅ Dismiss stale pull request approvals when new commits are pushed
+   ✅ Require approval of the most recent reviewable push
+   ✅ Require review from Code Owners (optional)
+
+✅ Require status checks to pass before merging
+   ✅ Require branches to be up to date before merging
+   Status checks:
+   - test (Node.js 18.x)
+   - test (Node.js 20.x)
+   - test (Node.js 22.x)
+   - coverage
+
+✅ Require conversation resolution before merging
+
+✅ Require deployments to succeed before merging
+   Required deployment environments:
+   - staging
+
+✅ Restrict who can push to matching branches (optional)
+   Allowed: staging branch, hotfix/* branches
+
+✅ Include administrators
+
+❌ Allow force pushes (disabled)
+❌ Allow deletions (disabled)
+```
+
+**Deployment:** ✅ Auto-deploy to Production environment
+
+---
+
+## Environment Configuration
+
+Configure these in **Settings → Environments**:
+
+### Staging Environment
+
+```
+Name: staging
+Protection rules:
+  ✅ Required reviewers: 1
+  ✅ Wait timer: 0 minutes
+
+Environment secrets:
+  - STAGING_TOKEN (if needed)
+```
+
+### Production Environment
+
+```
+Name: production
+Protection rules:
+  ✅ Required reviewers: 2
+  ✅ Wait timer: 5 minutes (optional safety delay)
+
+Environment secrets:
+  - NPM_TOKEN (for npm publishing)
+  - PRODUCTION_TOKEN (if needed)
+```
+
+---
+
+## CODEOWNERS File (Optional)
+
+Create `.github/CODEOWNERS` to automatically request reviews:
+
+```
+# Default owners for everything
+*       @team-lead @senior-dev
+
+# Specific files
+/.github/       @devops-team
+/docs/          @documentation-team
+```
+
+---
+
+## Verification
+
+After configuring, verify:
+
+1. ✅ Try to push directly to `develop` (should fail)
+2. ✅ Try to push directly to `staging` (should fail)
+3. ✅ Try to push directly to `main` (should fail)
+4. ✅ Create PR without CI passing (should be blocked)
+5. ✅ Create PR without reviews (should be blocked)
+
+---
+
+## Quick Reference
+
+| Branch    | Reviewers | Status Checks | Force Push | Deploy |
+|-----------|-----------|---------------|------------|--------|
+| `develop` | 1         | ✅            | ❌         | ❌     |
+| `staging` | 1         | ✅            | ❌         | ✅     |
+| `main`    | 2         | ✅            | ❌         | ✅     |

.github/GIT-FLOW.md

@@ -0,0 +1,91 @@
+# Git-Flow Quick Reference
+
+## Branch Strategy
+
+```
+develop  → CI only (keine Deployments)
+staging  → Staging Deployment (Pre-Production)
+main     → Production Deployment
+```
+
+## Branch Flow
+
+```mermaid
+graph LR
+    F[feature/*] --> D[develop]
+    D --> S[staging]
+    S --> M[main]
+    M -.hotfix.-> D
+```
+
+## Quick Commands
+
+### Start New Feature
+```bash
+git checkout develop
+git pull origin develop
+git checkout -b feature/my-feature
+# ... work ...
+git push origin feature/my-feature
+# Create PR: feature/my-feature → develop
+```
+
+### Promote to Staging
+```bash
+git checkout staging
+git pull origin staging
+git merge develop
+git push origin staging
+# Or: Create PR: develop → staging
+# 🚀 Auto-deploys to staging
+```
+
+### Promote to Production
+```bash
+git checkout main
+git pull origin main
+git merge staging
+git push origin main
+# Or: Create PR: staging → main
+# 🚀 Auto-deploys to production
+```
+
+### Hotfix Production
+```bash
+git checkout main
+git pull origin main
+git checkout -b hotfix/critical-fix
+# ... fix ...
+git push origin hotfix/critical-fix
+# Create PR: hotfix/critical-fix → main
+# Then merge main back to develop
+```
+
+## Branch Protection
+
+| Branch    | Reviewers | CI Required | Deploy |
+|-----------|-----------|-------------|--------|
+| `develop` | 1         | ✅          | ❌     |
+| `staging` | 1         | ✅          | ✅     |
+| `main`    | 2         | ✅          | ✅     |
+
+## Workflow Overview
+
+```
+1. Feature Development:    feature/xxx → develop (CI only)
+2. Staging Testing:        develop → staging (Deploy + Test)
+3. Production Release:     staging → main (Deploy to Prod)
+```
+
+## CI/CD Matrix
+
+| Event              | Branch    | CI | Deploy | Environment |
+|--------------------|-----------|-----|--------|-------------|
+| PR created         | Any       | ✅  | ❌     | None        |
+| PR merged          | develop   | ✅  | ❌     | None        |
+| PR merged          | staging   | ✅  | ✅     | Staging     |
+| PR merged          | main      | ✅  | ✅     | Production  |
+
+## Need Help?
+
+See [CONTRIBUTING.md](../CONTRIBUTING.md) for detailed workflow documentation.

.github/workflows/ci.yml

@@ -0,0 +1,71 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, staging, develop ]
+  pull_request:
+    branches: [ main, staging, develop ]
+
+jobs:
+  test:
+    name: Test on Node.js ${{ matrix.node-version }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x, 22.x]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linter
+        run: npm run lint
+
+      - name: Run build
+        run: npm run build
+
+      - name: Run tests
+        run: npm test
+
+      - name: Check CLI binary
+        run: |
+          chmod +x dist/cli/index.js
+          node dist/cli/index.js --version || echo "CLI check skipped"
+
+  coverage:
+    name: Code Coverage
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run tests with coverage
+        run: npm test -- --coverage
+
+      - name: Upload coverage reports
+        uses: codecov/codecov-action@v4
+        if: success()
+        with:
+          files: ./coverage/lcov.info
+          fail_ci_if_error: false
+        continue-on-error: true