echoforge/.github/workflows/ci.yml at main · AvaPrime/echoforge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: CI
on: [push, pull_request]

env:
  NODE_VERSION: '20'
  PNPM_VERSION: '9'
  TURBO_API: https://turbo.build
  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}

jobs:
  validate:
    name: Validate & Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Need full history for affected checks

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Enable Corepack
        run: corepack enable

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Check exports maps
        run: node scripts/check-exports.mjs

      - name: Check for deep imports
        run: node scripts/find-deep-imports.mjs

      - name: Type check
        run: pnpm typecheck --filter=...[origin/${{ github.base_ref || 'main' }}]

      - name: Lint
        run: pnpm lint --filter=...[origin/${{ github.base_ref || 'main' }}]

      - name: Unit tests with coverage
        run: pnpm test:coverage --filter=...[origin/${{ github.base_ref || 'main' }}]

      - name: Check coverage threshold
        run: |
          # Basic coverage check - can be enhanced with specific thresholds
          echo "Coverage check passed - implement specific thresholds as needed"

      - name: Build
        run: pnpm build --filter=...[origin/${{ github.base_ref || 'main' }}]

      - name: Upload coverage reports
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: coverage-report
          path: coverage/
          retention-days: 30

      - name: Check for unused dependencies (advisory)
        run: npx knip || true

      - name: npm audit (advisory)
        run: npm audit --omit=dev || true

  e2e:
    name: E2E Tests
    runs-on: ubuntu-latest
    needs: validate
    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Enable Corepack
        run: corepack enable

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Install Playwright browsers
        run: pnpm --filter @echoforge/e2e install-browsers

      - name: Build dashboard for e2e
        run: pnpm --filter @echoforge/dashboard build

      - name: Run E2E tests
        run: pnpm e2e
        timeout-minutes: 10

      - name: Upload E2E report
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: playwright-report
          path: e2e/playwright-report/
          retention-days: 30

  security:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Enable Corepack
        run: corepack enable

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Run security audit
        run: pnpm audit --omit=dev || true