CI/CD toolkit for OSS maintainers.

Most OSS repos waste time on copy-pasted workflows and noisy CI output. Launchpad gives you a stable @v1 baseline with presets, policy-as-code, and high-signal PR summaries.

Beta Positioning

30-second CI/CD baseline for OSS maintainers.

Primary launch KPI is real adoption: external repos running Launchpad workflows at @v1.

30-Second Install

npx solvely-launchpad init --preset node-lib --yes

For app/service repos that do not publish packages:

npx solvely-launchpad init --preset node-lib --yes --app true

Then push your branch and open a PR.

Single install CTA:

npx solvely-launchpad init --preset <preset> --yes

Adoption-first install for larger OSS repos (lower friction defaults):

npx solvely-launchpad init --preset node-lib --profile baseline --yes

Why Launchpad

• Stable reusable workflow contract at @v1
• One-command onboarding (init, preview, doctor, migrate)
• 8 launch presets (Node, Next.js, Turbo, Bun, pnpm monorepo, Python, Go, Rust)
• Policy-as-code via .citemplate.yml
• Aggregated PR summaries to cut debug time
• Opt-in security gates (CodeQL, dependency review, SBOM, SLSA, OSSF Scorecard)

Quick Start

CLI (recommended)

npx solvely-launchpad init --preset nextjs --yes
npx solvely-launchpad doctor

Preview before writing files:

npx solvely-launchpad preview --preset turbo

GitHub-only setup

Use .github/workflows/setup.yml (workflow_dispatch) to open a setup PR without local CLI installation.

Commit Quality (Base + Strict)

Launchpad now ships a base commitlint setup for commitlint-enabled presets:

• Generates commitlint.config.cjs
• Uses non-blocking mode by default (strict: false)
• Supports strict mode when teams are ready

Strict mode during init:

npx solvely-launchpad init --preset node-lib --yes --commitlint-strict true

Profiles (for rollout by repo maturity):

• baseline: faster first-run adoption, lighter default checks
• strict: stronger defaults for ongoing CI confidence
• hardened: security-heavy posture (CodeQL/SBOM/SLSA/Scorecard enabled)

Example:

npx solvely-launchpad init --preset node-lib --profile strict --yes

Skip release workflow for non-package repos:

npx solvely-launchpad init --preset node-lib --yes --no-release true

Generated commitlint.yml can also be edited directly:

jobs:
  commitlint:
    uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@v1
    with:
      strict: false

Presets

Preset definitions: presets/v1/

Reusable Workflows (@v1)

jobs:
  ci:
    uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1

Optional override:

• install-command: force a specific install step when auto-detection is not appropriate for your repo layout.

Minimum caller contract:

name: CI
on:
  pull_request:
  push:
    branches: [main]

permissions:
  contents: read
  pull-requests: write

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  ci:
    uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1

Available reusable workflows:

• .github/workflows/ci.yml
• .github/workflows/coverage.yml
• .github/workflows/release.yml
• .github/workflows/scheduled.yml
• .github/workflows/commitlint.yml
• .github/workflows/quality-gates.yml (opt-in)

Policy-as-Code

version: 1
preset: node-lib
checks:
  required: [ci, test]
  security:
    audit_level: critical
    dependency_review: true
    sbom: true
    codeql: false
    slsa_provenance: false
    ossf_scorecard: false
pr_feedback:
  enabled: true
  mode: aggregated
  flaky_hints: true
branches:
  protected: [main]

Schema: schema/citemplate.schema.json

PR Feedback UX

Launchpad updates one comment per PR (no spam), with CI outcomes in one table.

## Solvely Launchpad Summary
| Check | Result |
|---|---|
| Policy | success |
| Lint | success |
| Tests | failure |

Security Gates (Opt-in)

Enable independently:

• CodeQL
• Dependency review
• SBOM
• SLSA provenance
• OSSF Scorecard

Details: docs/quality-gates.md

ci.yml does not invoke quality-gates.yml internally. Call quality-gates.yml directly in your caller workflow when needed.

Beta Support Policy

• Scope: Launchpad beta (v0.x CLI, reusable workflows at @v1)
• Support channel: GitHub Issues
• Response target: best effort within 72 hours
• Triage labels: setup-blocker, preset-gap, docs-gap, quality-gate

Details: docs/governance.md

Adoption Metrics

Definitions, source-of-truth rules, and weekly reporting are documented in:

• docs/adoption.md
• docs/metrics/adoption-weekly.json
• docs/metrics/reliability-weekly.json

Release to npm (Automated)

Release publishing is automatic via .github/workflows/publish-launchpad.yml.

1. Add repo secret NPM_TOKEN
2. Merge release PR bumping cli/package.json
3. Create a GitHub Release tag (example: v0.1.6)
4. Publish + smoke test run automatically
5. On stable releases, Launchpad also re-points workflow channel tag v1 to that release commit automatically

If your org blocks force-updating tags, the sync-v1-tag job will fail with a clear error. In that case, allow GitHub Actions to update tags or run a one-time admin tag update flow.

Stability Contract

• Use @v1 in production
• v1.x is semver-stable
• Breaking changes are reserved for v2
• Deprecations are announced before removal

Marketplace + Proof Pack

• Marketplace launch checklist and copy: docs/marketplace.md
• Public proof pack (flagship + baseline demo): docs/proof-pack.md
• Required public proof set: flagship real-code adopter + active baseline demo
• Historical references only: archived demos remain linked for context

Used by (real code):

• https://github.com/Solvely-Colin/Quorum

Active baseline demo:

• https://github.com/Solvely-Colin/launchpad-demo-node-lib

Archived demo repos (kept as historical references):

• https://github.com/Solvely-Colin/launchpad-demo-nextjs
• https://github.com/Solvely-Colin/launchpad-demo-turbo

References:

• docs/migrations/v1.md
• docs/policy/deprecations.md

Docs

• Docs index
• Quickstart
• Troubleshooting
• All docs

Contributing

• CONTRIBUTING.md
• CHANGELOG.md

License

MIT