Skip to content

ci: GitHub Actions pipeline (build + static/dynamic tests, cached) + Node 24#1

Merged
mitekk merged 2 commits into
mainfrom
ci/add-github-actions
Jun 3, 2026
Merged

ci: GitHub Actions pipeline (build + static/dynamic tests, cached) + Node 24#1
mitekk merged 2 commits into
mainfrom
ci/add-github-actions

Conversation

@mitekk

@mitekk mitekk commented Jun 3, 2026

Copy link
Copy Markdown
Owner

What

Adds a GitHub Actions CI pipeline that runs build + static + dynamic tests on every push/PR, with caching, and consolidates the Node version to a single source of truth (Node 24).

Modeled on the sibling mitekk/pool-stars ci/add-github-actions conventions, adapted to this repo's container-targeted test suite.

Two jobs (mirror the Makefile, not re-implementations)

Job Runs Local equivalent
static npm ci β†’ build (shared β†’ backend β†’ frontend) β†’ lint β†’ typecheck β†’ backend unit tests β†’ advisory npm audit make lint + make typecheck + make test-be
e2e builds & boots the dockerized stack, runs the in-container Playwright integration + e2e suite, tears down make test

e2e is gated behind static (needs: static) so we don't pay Docker build/boot time when cheap checks fail.

Caching (reused resources)

  • npm download cache (~/.npm) via setup-node.
  • Next.js build cache (frontend/.next/cache) via actions/cache.
  • Docker build layers via Compose Bake + Buildx reading x-bake type=gha from a CI-only docker-compose.ci.yml (no runtime changes; never used locally). Playwright browsers are covered by the tests image's base layer.

Node 24 consolidation

  • New .nvmrc (24.16.0) is the single source of truth: the static job reads it via node-version-file; nvm use picks it up locally.
  • The images keep their digest-pinned NODE_IMAGE (node:24.16.0-alpine3.23@sha256:…) for reproducibility + the make scan CVE gate, cross-referenced to .nvmrc by comment.
  • This PR also lands the previously-uncommitted Node-24 upgrade that was sitting in the working tree (digest-pinned bases + prod-deps prune stage, @types/node 24, make scan, lockfile) β€” required for host/image consistency.

Docs

  • docs/ci.md β€” full pipeline reference (jobs, triggers, Node sourcing, caching, reproduce-locally table).
  • docs/adr/0008-github-actions-ci.md β€” the decision record; indexed in docs/adr/README.md and linked from the README.

Verified locally (Node 24 images)

  • βœ… npm ci, build (shared/backend/frontend), lint, typecheck
  • βœ… 11 backend unit tests (RTP 0.9507 within [0.90, 0.97])
  • βœ… npm audit --audit-level=high (advisory; only moderate advisories)
  • βœ… full make test β€” 17 integration + 1 e2e all green, clean teardown
  • βœ… docker compose -f … -f docker-compose.ci.yml config valid

Note: the gha Docker layer-cache backend only activates on the GitHub runner; the commands it wraps are all proven locally above. This PR run is the first exercise of that cache.

πŸ€– Generated with Claude Code

mitekk and others added 2 commits June 3, 2026 20:13
@mitekk @claude
chore: pin runtime to Node 24 and consolidate the version in .nvmrc
de389d2 
Bump both images to a digest-locked node:24.16.0-alpine3.23 base (adding a
prod-deps prune stage so the runtime image ships no build tooling), bump
@types/node to 24, and add a `make scan` Trivy gate for the built images.

Add .nvmrc (24.16.0) as the single source of truth for the CI host job and
local dev (`nvm use`), cross-referenced to the Dockerfiles' digest-pinned
NODE_IMAGE so the two stay in lockstep.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@mitekk @claude
ci: add GitHub Actions pipeline (build + static/dynamic tests, cached)
1284e78 
Two jobs that mirror the Makefile rather than re-implement it:

- static: npm ci -> build (shared -> backend -> frontend) -> lint -> typecheck
  -> backend unit tests, plus an advisory `npm audit`. Reads the Node version
  from .nvmrc; caches the npm download cache and the Next.js build cache.
- e2e: builds & boots the dockerized stack and runs the in-container Playwright
  integration + e2e suite (== `make test`), gated behind `static`. Docker layers
  are cached via Compose Bake + a CI-only docker-compose.ci.yml (x-bake type=gha).
  Dumps stack logs on failure and uploads the Playwright HTML report artifact.

Document the pipeline in docs/ci.md and ADR-0008; link both from the README.

Verified locally on the Node 24 images: build, lint, typecheck, 11 unit tests,
and the full `make test` suite (17 integration + 1 e2e) all green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@mitekk mitekk merged commit c201793 into main Jun 3, 2026
2 checks passed
@mitekk mitekk deleted the ci/add-github-actions branch June 3, 2026 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mitekk