Add marketing site deployment quality gate rules

[roomote]

Add Marketing Site Deployment Quality Gate Rules

Problem

After a comprehensive review of the CI/CD workflow for the marketing site (apps/web-roo-code), including Vercel integration, branch protection, and the complete development-to-deployment pipeline, I identified 7 critical and medium severity issues:

🔴 Critical Issues

Issue #1: No Quality Checks Before Deployment

• Both website-deploy.yml and website-preview.yml deploy directly to Vercel without running any quality checks
• No linting, type-checking, or build validation before deployment
• Broken code can be deployed to production and preview environments

Issue #2: No Required Status Checks

• Branch protection shows: "required_status_checks": {"enforcement_level": "off", "contexts": [], "checks": []}
• PRs can be merged to main even if code-qa workflow fails
• No enforcement of quality gates via GitHub branch protection

Issue #3: Race Condition in PR Workflow

• website-preview and code-qa workflows run in parallel when a PR is created/updated
• Preview deployments can complete before quality checks finish
• Reviewers might review broken preview deployments before seeing quality check failures

🟡 Medium Issues

Issue #4: No Workflow Dependencies

• The code-qa.yml workflow runs quality checks, but website deployments don't require it to pass first
• Deployments can succeed even if quality checks fail

Issue #5: No Deployment Concurrency Controls

• Multiple deployments can run in parallel if commits are pushed quickly
• Last deployment to finish wins - could deploy older code over newer code
• Race condition: Commit A starts (3 min) → Commit B starts (2 min) → B finishes first → A overwrites B with stale code

Issue #6: Using Unstable Vercel CLI

• Both workflows use vercel@canary (bleeding-edge, unstable releases)
• Could introduce breaking changes unexpectedly
• No version pinning = non-deterministic builds

Issue #7: Missing Test Coverage

• The web-roo-code/package.json has no test scripts (deferred to future iteration)

💥 Worst-Case Scenario

The current setup allows this catastrophic sequence:

1. Developer pushes broken code to PR branch
2. website-preview deploys to Vercel ✅ (no quality checks)
3. code-qa runs in parallel and FAILS ❌
4. Reviewer sees working preview URL, approves PR (unaware of quality check failures)
5. PR merges to main (no required status checks)
6. website-deploy deploys broken code to production ✅ (no quality checks)
7. Production site is broken 💥

Solution

Added comprehensive rules (Section 4) to .roo/rules/rules.md that require:

1. Quality checks before deployment:

   • Linting: pnpm --filter @roo-code/web-roo-code lint
   • Type checking: pnpm --filter @roo-code/web-roo-code check-types
   • Build validation: pnpm --filter @roo-code/web-roo-code build

2. Integration via workflow dependencies:

   • Add needs: dependency on code-qa workflow, OR
   • Include dedicated quality-checks job before deployment jobs

3. Branch protection requirement:

   • For PR-based preview deployments, quality checks must be required status checks
   • Prevents merging PRs with broken previews or failed quality checks
   • Ensures reviewers only see working previews

4. Deployment concurrency controls:

   • Add concurrency group to prevent multiple deployments from running simultaneously
   • Set cancel-in-progress: true to cancel older deployments when new ones start
   • Prevents race conditions where older commits could overwrite newer deployments

5. Vercel CLI version stability:

   • Use vercel@latest instead of vercel@canary for stable, production deployments
   • Canary releases are unstable and could introduce breaking changes unexpectedly
   • Pin to specific versions for critical production workflows when possible

6. Clear directive: Never deploy broken code to production

Implementation

See PR #10959 for the workflow implementation of these rules.

Impact

These rules will:

• ✅ Prevent broken code from being deployed to production and preview environments
• ✅ Ensure quality checks complete before previews are deployed (eliminates race condition)
• ✅ Prevent merging PRs with failing quality checks (via required status checks)
• ✅ Prevent deployment race conditions (older code overwriting newer code)
• ✅ Ensure stable, deterministic deployments (no unstable CLI versions)
• ✅ Ensure consistent quality standards across all deployments
• ✅ Guide future agents to implement proper CI/CD quality gates
• ✅ Protect reviewers from wasting time on broken previews

Testing

• Verified rule syntax and formatting
• Confirmed rule location in .roo/rules/rules.md
• Validated that all referenced scripts exist in apps/web-roo-code/package.json
• Analyzed complete workflow from local dev to production deployment
• Identified all race conditions and branch protection gaps
• Documented worst-case scenario and desired workflow

---

Important

Add quality gate rules for marketing site deployment to ensure code quality and stability in .roo/rules/rules.md.

• Quality Checks:
  • Added rules in .roo/rules/rules.md for website-deploy.yml and website-preview.yml to include linting, type-checking, and build validation before deploying to Vercel.
  • Requires needs: dependency on code-qa workflow or a dedicated quality-checks job before deployment.
• Branch Protection:
  • Quality checks must be required status checks for PR-based preview deployments to prevent merging PRs with broken previews.
• Deployment Concurrency:
  • Added concurrency group to prevent simultaneous deployments and set cancel-in-progress: true to avoid race conditions.
• Vercel CLI Stability:
  • Use vercel@latest instead of vercel@canary for stable deployments and pin versions for critical workflows.

^{This description was created by for ca65b79. You can customize this summary. It will automatically update as commits are pushed.}

[roomote]

Rooviewer   See task on Roo Cloud

Review completed. No issues found. The new rule for Marketing Site Deployment Quality Gates is well-structured and all referenced files and commands have been verified to exist.

• Missing "en" (English) from the supported languages list (no longer applicable - the internationalization section was replaced with Marketing Site Deployment Quality Gates)

Previous reviews

• f8a050a: Review #1
• ea05a8e: Review #2
• 804d582: Review #3

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

[roomote]

The supported languages list is missing "en" (English). The src/i18n/locales/ directory includes 18 languages, and English is the base language that translation keys must also be added to. Without it in the list, developers might incorrectly skip adding keys to the English locale.

Suggested change

	- Supported languages: ca, de, es, fr, hi, id, it, ja, ko, nl, pl, pt-BR, ru, tr, vi, zh-CN, zh-TW
	- Supported languages: ca, de, en, es, fr, hi, id, it, ja, ko, nl, pl, pt-BR, ru, tr, vi, zh-CN, zh-TW

_{Fix it with Roo Code or mention @roomote and request a fix.}

[roomote]

🔗 Implementation PR Created

PR #10959 implements the quality gates defined in this rules PR.

What it does:

• Adds quality-checks job to both website-deploy.yml and website-preview.yml
• Runs lint, type-check, and build before deployment
• Deployment jobs now depend on quality-checks passing
• Eliminates the race condition and prevents broken deployments

These PRs should be reviewed and merged together, with this rules PR (#10950) merged first, followed by the implementation PR (#10959).

[roomote]

Rooviewer   See task on Roo Cloud

Review completed. No issues found.

The new rules for Marketing Site Deployment Quality Gates are well-structured and all referenced files and scripts have been verified:

• .github/workflows/website-deploy.yml and .github/workflows/website-preview.yml exist
• apps/web-roo-code/package.json contains the required lint, check-types, and build scripts

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}