name: CI on: pull_request: push: branches: [master] # Allow maintainers to manually kick CI when GitHub doesn't create a run for a new head SHA. workflow_dispatch: concurrency: group: ci-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true permissions: contents: read jobs: check: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install uv run: python -m pip install --upgrade pip uv - name: Cache uv uses: actions/cache@v4 with: path: | ~/.cache/uv backend/.venv key: uv-${{ runner.os }}-${{ hashFiles('backend/uv.lock') }} - name: Set up Node uses: actions/setup-node@v4 with: node-version: "20" cache: npm cache-dependency-path: frontend/package-lock.json - name: Install backend dependencies run: make backend-sync - name: Install frontend dependencies run: make frontend-sync - name: Run backend checks env: # Keep CI builds deterministic and secretless. NEXT_TELEMETRY_DISABLED: "1" CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }} run: | make backend-lint make backend-typecheck make backend-coverage - name: Run frontend checks env: # Keep CI builds deterministic. NEXT_TELEMETRY_DISABLED: "1" # Clerk env (wired from repo settings; values are not printed). CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }} NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ vars.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} CLERK_JWKS_URL: ${{ vars.CLERK_JWKS_URL }} run: | make frontend-lint make frontend-typecheck make frontend-test make frontend-build - name: Upload coverage artifacts if: always() uses: actions/upload-artifact@v4 with: name: coverage if-no-files-found: ignore path: | backend/coverage.xml frontend/coverage/** e2e: runs-on: ubuntu-latest needs: [check] steps: - name: Checkout uses: actions/checkout@v4 - name: Set up Node uses: actions/setup-node@v4 with: node-version: "20" cache: npm cache-dependency-path: frontend/package-lock.json - name: Install frontend dependencies run: make frontend-sync - name: Start frontend (dev server) env: NEXT_PUBLIC_API_URL: "http://localhost:3000" NEXT_TELEMETRY_DISABLED: "1" CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }} NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ vars.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} CLERK_JWKS_URL: ${{ vars.CLERK_JWKS_URL }} run: | cd frontend npm run dev -- --hostname 0.0.0.0 --port 3000 & for i in {1..60}; do if curl -sf http://localhost:3000/ > /dev/null; then exit 0; fi sleep 2 done echo "Frontend did not start" exit 1 - name: Run Cypress E2E env: NEXT_PUBLIC_API_URL: "http://localhost:3000" NEXT_TELEMETRY_DISABLED: "1" # Clerk testing tokens (official @clerk/testing Cypress integration) CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }} CLERK_PUBLISHABLE_KEY: ${{ vars.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} # Also set for the app itself. NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ vars.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} CLERK_JWKS_URL: ${{ vars.CLERK_JWKS_URL }} # Test user identifier (used by cy.clerkSignIn) CYPRESS_CLERK_TEST_EMAIL: "jane+clerk_test@example.com" run: | cd frontend npm run e2e -- --browser chrome - name: Upload Cypress artifacts if: failure() uses: actions/upload-artifact@v4 with: name: cypress-artifacts if-no-files-found: ignore path: | frontend/cypress/screenshots/** frontend/cypress/videos/**