CI/CD toolkit for OSS maintainers.
Most OSS repos waste time on copy-pasted workflows and noisy CI output.
Launchpad gives you a stable @v1 baseline with presets, policy-as-code, and high-signal PR summaries.
30-second CI/CD baseline for OSS maintainers.
Primary launch KPI is real adoption: external repos running Launchpad workflows at @v1.
npx solvely-launchpad init --preset node-lib --yesFor app/service repos that do not publish packages:
npx solvely-launchpad init --preset node-lib --yes --app trueThen push your branch and open a PR.
Single install CTA:
npx solvely-launchpad init --preset <preset> --yesAdoption-first install for larger OSS repos (lower friction defaults):
npx solvely-launchpad init --preset node-lib --profile baseline --yes- Stable reusable workflow contract at
@v1 - One-command onboarding (
init,preview,doctor,migrate) - 8 launch presets (Node, Next.js, Turbo, Bun, pnpm monorepo, Python, Go, Rust)
- Policy-as-code via
.citemplate.yml - Aggregated PR summaries to cut debug time
- Opt-in security gates (CodeQL, dependency review, SBOM, SLSA, OSSF Scorecard)
npx solvely-launchpad init --preset nextjs --yes
npx solvely-launchpad doctorPreview before writing files:
npx solvely-launchpad preview --preset turboUse .github/workflows/setup.yml (workflow_dispatch) to open a setup PR without local CLI installation.
Launchpad now ships a base commitlint setup for commitlint-enabled presets:
- Generates
commitlint.config.cjs - Uses non-blocking mode by default (
strict: false) - Supports strict mode when teams are ready
Strict mode during init:
npx solvely-launchpad init --preset node-lib --yes --commitlint-strict trueProfiles (for rollout by repo maturity):
baseline: faster first-run adoption, lighter default checksstrict: stronger defaults for ongoing CI confidencehardened: security-heavy posture (CodeQL/SBOM/SLSA/Scorecard enabled)
Example:
npx solvely-launchpad init --preset node-lib --profile strict --yesSkip release workflow for non-package repos:
npx solvely-launchpad init --preset node-lib --yes --no-release trueGenerated commitlint.yml can also be edited directly:
jobs:
commitlint:
uses: Solvely-Colin/solvely-launchpad/.github/workflows/commitlint.yml@v1
with:
strict: false| Preset | Best for |
|---|---|
node-lib |
npm/pnpm/yarn JS/TS libraries |
nextjs |
Next.js applications |
turbo |
Turborepo monorepos |
bun |
Bun-based projects |
pnpm-monorepo |
pnpm workspaces |
python |
Python packages/apps |
go |
Go modules/services |
rust |
Rust crates/services |
Preset definitions: presets/v1/
jobs:
ci:
uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1Optional override:
install-command: force a specific install step when auto-detection is not appropriate for your repo layout.
Minimum caller contract:
name: CI
on:
pull_request:
push:
branches: [main]
permissions:
contents: read
pull-requests: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
ci:
uses: Solvely-Colin/solvely-launchpad/.github/workflows/ci.yml@v1Available reusable workflows:
.github/workflows/ci.yml.github/workflows/coverage.yml.github/workflows/release.yml.github/workflows/scheduled.yml.github/workflows/commitlint.yml.github/workflows/quality-gates.yml(opt-in)
version: 1
preset: node-lib
checks:
required: [ci, test]
security:
audit_level: critical
dependency_review: true
sbom: true
codeql: false
slsa_provenance: false
ossf_scorecard: false
pr_feedback:
enabled: true
mode: aggregated
flaky_hints: true
branches:
protected: [main]Schema: schema/citemplate.schema.json
Launchpad updates one comment per PR (no spam), with CI outcomes in one table.
## Solvely Launchpad Summary
| Check | Result |
|---|---|
| Policy | success |
| Lint | success |
| Tests | failure |Enable independently:
- CodeQL
- Dependency review
- SBOM
- SLSA provenance
- OSSF Scorecard
Details: docs/quality-gates.md
ci.yml does not invoke quality-gates.yml internally. Call quality-gates.yml directly in your caller workflow when needed.
- Scope: Launchpad beta (
v0.xCLI, reusable workflows at@v1) - Support channel: GitHub Issues
- Response target: best effort within 72 hours
- Triage labels:
setup-blocker,preset-gap,docs-gap,quality-gate
Details: docs/governance.md
Definitions, source-of-truth rules, and weekly reporting are documented in:
Release publishing is automatic via .github/workflows/publish-launchpad.yml.
- Add repo secret
NPM_TOKEN - Merge release PR bumping
cli/package.json - Create a GitHub Release tag (example:
v0.1.6) - Publish + smoke test run automatically
- On stable releases, Launchpad also re-points workflow channel tag
v1to that release commit automatically
If your org blocks force-updating tags, the sync-v1-tag job will fail with a clear error. In that case, allow GitHub Actions to update tags or run a one-time admin tag update flow.
- Use
@v1in production v1.xis semver-stable- Breaking changes are reserved for
v2 - Deprecations are announced before removal
- Marketplace launch checklist and copy:
docs/marketplace.md - Public proof pack (flagship + baseline demo):
docs/proof-pack.md - Required public proof set: flagship real-code adopter + active baseline demo
- Historical references only: archived demos remain linked for context
Used by (real code):
Active baseline demo:
Archived demo repos (kept as historical references):
- https://github.com/Solvely-Colin/launchpad-demo-nextjs
- https://github.com/Solvely-Colin/launchpad-demo-turbo
References:
MIT