diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..e0be595 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,34 @@ +version: 2 + +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + # Group all non-major updates into a single PR to reduce noise + groups: + production-dependencies: + dependency-type: "production" + update-types: + - "minor" + - "patch" + development-dependencies: + dependency-type: "development" + update-types: + - "minor" + - "patch" + # Limit open PRs to avoid overwhelming the board + open-pull-requests-limit: 5 + # Keep PR titles descriptive + commit-message: + prefix: "chore(deps)" + prefix-development: "chore(deps-dev)" + include: "scope" + labels: + - "dependencies" + - "automated" + # Target the main branch + target-branch: "main" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f167700..4e4a24b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,13 +1,66 @@ name: Web CI -on: [push, pull_request] +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] jobs: - check: + security: + name: Security Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline - name: Security Audit run: npm audit --audit-level=critical - name: Verify Package Integrity run: ls src/app/page.tsx + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline + - name: Run ESLint + run: npm run lint + + test: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline + - name: Run Tests + run: npm test -- --ci --passWithNoTests + + build: + name: Build + runs-on: ubuntu-latest + needs: [lint, test] + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci --prefer-offline + - name: Build + run: npm run build + env: + # Prevent build failures from missing optional env vars + NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL || 'http://localhost:3001' }}