# CI/CD Pipeline Enhancement Plan

## Goal
Ensure environment-specific pipelines cover all quality gates (lint, tests, security, profitability) and reflect production requirements. Legacy GitHub workflows remain manual-only fallbacks.

## Tasks

1. **Pipeline Coverage**
   - [ ] Verify new workflows (`.drone.yml` pipelines `test-suite`, `security-suite`, `integration-opt-in`, plus `harness/pipelines/staging.yaml`) run appropriate targets for each environment.
   - [ ] Add checks for gofmt, go mod tidy, unit/integration tests, math audit, profit simulation, security scans.

2. **Cache & Secrets**
   - [ ] Ensure caches do not leak secrets; ensure Drone/Harness runners mount secrets from the appropriate secret managers.
   - [ ] Provide documentation for self-hosted runners if needed.

3. **Artifact Retention**
   - [ ] Upload math audit, simulation, coverage, and deployment summaries for every run.
   - [ ] Set retention policies and naming conventions.

4. **Docs**
   - [ ] Update `docs/5_development/TESTING_BENCHMARKING.md` with pipeline descriptions.
   - [ ] Add troubleshooting section for common CI failures.

## References
- `.drone.yml`, `harness/pipelines/`
- `Makefile`, scripts invoked by CI