Merged
Conversation
β¦ieval - Added snapshot tables: employee_last_state, pending_expenses, employee_metrics_snapshot, and active_users to improve read performance. - Created a snapshot worker to handle updates to these tables based on attendance and expense events. - Updated profile service to utilize snapshot data for faster response times. - Introduced a BullMQ queue for managing snapshot jobs, ensuring idempotency and efficient processing. - Implemented rollback SQL for safely reverting the snapshot migration if necessary.
- Delete dead code: dedup.ts (never imported), errors.txt dump - Delete dead config: .env.monitoring.ci (never used in CI), apps/web/.env.example - Delete stale runbooks: cert-renewal-failure, container-crash, deploy-failure, monitoring-failure - Fix deploy.yml: fieldtrack.conf -> api.conf (critical nginx sync bug) - Add env.ts guard comment block (schema change checklist for all 4 sync targets) - Add process.env contract guard to pr.yml and deploy.yml (CI gate) - Add chmod 600 for .env.monitoring in deploy-bluegreen.sh (defense-in-depth) - Update .gitignore: remove stale .env.monitoring.ci whitelist entry - Clarify SUPABASE_JWT_SECRET as test-only in .env.example - Fix env.ts: APP_ENV valid values comment, superRefine rule numbering - All 501 tests pass (270 unit + 231 integration), tsc --noEmit clean
- Delete apps/api/.env.ci (file-based env loading in CI eliminated) - Move all 24 non-secret CI defaults into backend-ci job env: block in pr.yml - Replace docker run --env-file with individual -e VAR flags (Docker inherits values from GHA runner env set by job env: block) - Supabase secrets stay as GitHub Secrets, consolidated in same env: block - Remove !.env.ci whitelist from .gitignore - Update env.ts guard comment: .env.ci -> .github/workflows/pr.yml Env architecture is now: Runtime β process.env only (unchanged) CI/CD β GitHub Secrets + GHA env: block only Dev/docs β apps/api/.env.example only
- Replace npx tsc with npm run typecheck: Fixes 'This is not the tsc command you are looking for' error by using locally installed TypeScript via npm scripts instead of npx fallback - Add working-directory: apps/api to typecheck step for proper path resolution - Rename backend β api throughout: Reflects backend-only monorepo (no frontend) - detect-changes outputs: backend β api - job name: backend-ci β api-ci - job display name: Backend CI β API CI - all conditional checks: needs.detect-changes.outputs.backend β api - Consolidate test steps: Unit + Integration tests run together via npm test (vitest run) - Result: Simpler, cleaner, deterministic CI pipeline with zero npx issues
- git mv apps/api/* to repo root (preserves file history via renames) - Inline packages/types/src/index.ts β src/types/shared.ts - Remove @fieldtrack/types workspace dependency; update 11 source imports to relative paths (../../types/shared.js) - Remove composite tsconfig, declarationMap, and project references - Rewrite Dockerfile for single-package build (no workspace layers) - Update .dockerignore for flat structure - Fix all CI/CD workflows: remove apps/api/, packages/, npx usage, workspace commands - Remove packages/ directory (config and types)
- Fix script REPO_ROOT path derivation: 3 levels (apps/api/scripts/) -> 1 level (scripts/) - Fix DEPLOY_ROOT .env and .deploy_history paths in load-env, rollback, deploy-bluegreen - Fix validate-env.sh REPO_ROOT and API_ENV_FILE paths - Fix vps-setup.sh .env paths and deploy command - Fix verify-stabilization.sh REPO_ROOT and src/config/env.ts paths - Fix run_api_smoke.ps1: artifact path dist/server.js (was apps/api/dist/server.js) - Fix PR template checklist: remove -w apps/api workspace flags - Fix README quick start and project structure diagram - Fix CONTRIBUTING setup instructions - Fix docs/ (DEPLOYMENT, env-contract, ROLLBACK_SYSTEM, ROLLBACK_QUICKREF, ARCHITECTURE, OBSERVABILITY_ARCHITECTURE) - Fix infra/.env.monitoring.example comments - CI: simplify cache-dependency-path to package-lock.json (no glob needed) - CI: remove stale Build-shared-types echo step from deploy.yml
NODE_ENV=production (set for accurate test environment) caused npm ci to skip devDependencies, so vitest was not installed. Adding --include=dev ensures devDeps are always installed regardless of NODE_ENV, while keeping the production env intact for the tests.
High (js/missing-rate-limiting): - abuse-logging.plugin.ts: add inline codeql suppression β this is the rate-limit telemetry hook (onResponse fires only on 429), not a route handler; actual rate limiting is enforced by ratelimit.plugin.ts Warning (js/useless-assignment): - analytics-backfill.ts: remove dead hasMore = false before break; the break exits the loop immediately, making the assignment unreachable Notes (js/unused-variable): - attendance.test.ts: remove unused import TEST_ADMIN_ID - config-hardening.test.ts: remove unused import beforeEach - tenant.test.ts: remove unused import vi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
π Automated Release PR
This PR contains all changes from beta to master.
π¦ Latest Changes
π§ Notes