# Console CI runner (offline-friendly)

Status: runner spec + CI now wired to PRs; ensure runner image includes pre-baked Playwright cache before enabling broad PR traffic.

## Runner profile
- OS: Ubuntu 22.04 LTS (x86_64) with Docker available for Playwright deps if needed.
- Node: 20.x (LTS). Enable corepack; prefer npm (default) to avoid extra downloads.
- Caches:
  - npm: `~/.npm` keyed by `src/Web/package-lock.json` hash.
  - Playwright: `~/.cache/ms-playwright` pre-seeded with Chromium so `npm test -- --browsers=ChromeHeadless` can run offline. Seed once using `npx playwright install chromium` on a connected runner, then snapshot the directory into the runner image.
  - Angular build cache: optional `~/.cache/angular` if using angular.json cache; safe to keep.
- Artifacts retention: keep lint/test/build outputs 14 days; limit to 500 MB per run (coverage + dist + test reports). Artifacts path: `artifacts/` (dist, coverage, junit/trx if produced).

## Pipeline steps (expected)
1) Checkout
2) Node 20 setup with npm cache restore (package-lock at `src/Web/package-lock.json`).
3) Install: `npm ci --prefer-offline --no-audit --progress=false` in `src/Web`.
4) Lint: `npm run lint -- --no-progress`.
5) Unit: `npm test -- --watch=false --browsers=ChromeHeadless --no-progress` (headless Chromium from pre-seeded cache).
6) Build: `npm run build -- --configuration=production --progress=false`.
7) Artifact collect: `dist/`, `coverage/`, any `test-results/**`.

## Offline/airgap notes
- Do not hit external registries during CI; rely on pre-seeded npm mirror or cached tarballs. Runner image should contain npm cache prime. If mirror is used, set `NPM_CONFIG_REGISTRY=https://registry.npmjs.org` equivalent mirror URL inside the runner; default pipeline does not hard-code it.
- Playwright browsers must be pre-baked; the workflow will not download them.

### Seeding Playwright cache (one-time per runner image)
```bash
ops/devops/console/seed_playwright.sh
# then bake ~/.cache/ms-playwright into the runner image or mount it on the agent
```

## How to run
- PR-triggered via `.gitea/workflows/console-ci.yml`; restrict runners to images with baked Playwright cache.
- Manual `workflow_dispatch` remains available for dry runs or cache updates.