CI/CD Pipeline
Aria uses 36+ GitHub Actions workflows combined with Google Cloud Build for automated testing, building, and deployment.
Key Workflows
| Workflow | Purpose |
|---|---|
forge-guardian-ci.yml | Forge deployment quality gates |
nightly-benchmark.yml | Nightly performance benchmarks |
deploy-arias-soul.yml | Aria Soul production deploy |
auto-deploy.yml | Automated canary deployments |
fortress-ci.yml | Aria Fortress CI checks |
memory-guardian.yml | Memory integrity verification |
weekly_snapshot.yml | Weekly system snapshots |
guard-aria-soul.yml | Soul protection enforcement |
Deploy Flow
Git Push → GitHub Actions → Cloud Build → Artifact Registry → Cloud Run
│ │
│ ├── Lint + Type Check
│ ├── Unit Tests
│ ├── E2E Tests (Playwright)
│ ├── Security Scan (Gitleaks)
│ └── Build Container
│
└── Pre-commit hooks enforce:
├── Branch naming: <LINEAR-KEY>/<system>/<short-desc>
├── Soul protection (no unauthorized ARIA_SOUL.md edits)
└── Endpoint stability (no endpoint changes without approval)
Governance
Branch Naming Convention
<LINEAR-KEY>/<system>/<short-description>
# Examples:
AI-510/chat-service/hands-contract-gate
AI-712/arias-soul/cost-purge-routingPre-commit Hooks
- Soul file protection — blocks unauthorized ARIA_SOUL.md changes
- Secret scanning — Gitleaks config in
.gitleaks.toml - Code formatting — Prettier via Husky
- Endpoint stability — warns on endpoint modifications
Local Deploy
For local development on the DGX Spark workstation:
# Build and push to local registry
docker build -t localhost:5000/aria-soul:tag apps/arias-soul
# Apply Kubernetes manifests
bash scripts/apply-aria-organism.sh
# Or update a specific deployment
kubectl set image deployment/aria-soul aria-soul=localhost:5000/aria-soul:tagDefault deploy path: Local Docker build → localhost:5000 → kubectl apply. No gcloud for local changes.