Merge pull request #202 from VibhavSetlur/staging #67
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [staging, develop, master] | |
| pull_request: | |
| branches: [staging, develop, master] | |
| schedule: | |
| - cron: "0 6 * * *" # daily dependency/security signal | |
| workflow_dispatch: | |
| env: | |
| NEXT_PUBLIC_USE_MODELSEED_API: "true" | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| verify: | |
| name: Verify (lint, typecheck, test, build, audit) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Lint | |
| run: npm run lint | |
| - name: Type check | |
| run: npx tsc --noEmit | |
| - name: Unit tests | |
| run: npm run test:run | |
| - name: Build | |
| run: npm run build | |
| - name: Audit production dependencies (high/critical) | |
| run: npm audit --omit=dev --audit-level=high | |
| - name: Audit dry-run (informational) | |
| run: | | |
| npm audit fix --dry-run > audit-dry-run.txt || true | |
| echo "## npm audit fix --dry-run" >> "$GITHUB_STEP_SUMMARY" | |
| echo "" >> "$GITHUB_STEP_SUMMARY" | |
| echo '```' >> "$GITHUB_STEP_SUMMARY" | |
| tail -n 200 audit-dry-run.txt >> "$GITHUB_STEP_SUMMARY" || true | |
| echo '```' >> "$GITHUB_STEP_SUMMARY" | |
| - name: Upload audit dry-run output | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: audit-dry-run | |
| path: audit-dry-run.txt | |
| retention-days: 7 | |
| e2e: | |
| name: E2E (manual only) | |
| if: github.event_name == 'workflow_dispatch' | |
| needs: verify | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Install Playwright browsers | |
| run: npx playwright install --with-deps | |
| - name: Run E2E tests | |
| run: npm run test:e2e | |
| env: | |
| PATRIC_TOKEN: ${{ secrets.PATRIC_TOKEN }} | |
| - name: Upload Playwright report | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: playwright-report | |
| path: | | |
| playwright-report/ | |
| test-results/ | |
| retention-days: 7 |