name: CI on: push: branches: [main] pull_request: branches: [main] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: NODE_VERSION: "20" PNPM_VERSION: "9.14.2" CI_AUTH_URL: http://localhost:3100 CI_AUTH_SECRET: capakraken-ci-build-secret-rotate-if-shared jobs: guardrails: name: Architecture Guardrails runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install pnpm run: npm install -g pnpm@${{ env.PNPM_VERSION }} - uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Run repo script tests run: pnpm test:scripts - name: Check architecture guardrails run: pnpm check:architecture - name: Check workspace exports run: pnpm check:exports - name: Check workspace imports run: pnpm check:imports # ────────────────────────────────────────────── # Typecheck — ~40s, no services needed # ────────────────────────────────────────────── typecheck: name: Typecheck runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install pnpm run: npm install -g pnpm@${{ env.PNPM_VERSION }} - uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Generate Prisma client run: pnpm db:generate - name: Cache Turborepo uses: actions/cache@v4 with: path: .turbo key: turbo-typecheck-${{ github.sha }} restore-keys: turbo-typecheck- - name: Run typecheck run: pnpm typecheck assistant-split: name: Assistant Split Regression runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install pnpm run: npm install -g pnpm@${{ env.PNPM_VERSION }} - uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Generate Prisma client run: pnpm db:generate - name: Run assistant split regression run: pnpm --filter @capakraken/api test:assistant-split # ────────────────────────────────────────────── # Lint — ~20s, no services needed # ────────────────────────────────────────────── lint: name: Lint runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install pnpm run: npm install -g pnpm@${{ env.PNPM_VERSION }} - uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Generate Prisma client run: pnpm db:generate - name: Cache Turborepo uses: actions/cache@v4 with: path: .turbo key: turbo-lint-${{ github.sha }} restore-keys: turbo-lint- - name: Run lint run: pnpm lint # ────────────────────────────────────────────── # Unit tests — needs PostgreSQL + Redis # ────────────────────────────────────────────── test: name: Unit Tests runs-on: ubuntu-latest services: postgres: image: postgres:16 env: POSTGRES_DB: capakraken_test POSTGRES_USER: capakraken POSTGRES_PASSWORD: capakraken_test ports: - 5432:5432 options: >- --health-cmd="pg_isready -U capakraken -d capakraken_test" --health-interval=10s --health-timeout=5s --health-retries=5 redis: image: redis:7 ports: - 6379:6379 options: >- --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=5 env: DATABASE_URL: postgresql://capakraken:capakraken_test@localhost:5432/capakraken_test REDIS_URL: redis://localhost:6379 NEXTAUTH_URL: ${{ env.CI_AUTH_URL }} AUTH_URL: ${{ env.CI_AUTH_URL }} NEXTAUTH_SECRET: ${{ env.CI_AUTH_SECRET }} AUTH_SECRET: ${{ env.CI_AUTH_SECRET }} steps: - uses: actions/checkout@v4 - name: Install pnpm run: npm install -g pnpm@${{ env.PNPM_VERSION }} - uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Generate Prisma client run: pnpm db:generate - name: Run unit tests with coverage run: | pnpm --filter @capakraken/web test:unit -- --coverage pnpm --filter @capakraken/engine exec vitest run --coverage pnpm --filter @capakraken/staffing exec vitest run --coverage pnpm --filter @capakraken/api exec vitest run --coverage pnpm --filter @capakraken/application exec vitest run --coverage pnpm --filter @capakraken/shared exec vitest run --coverage pnpm --filter @capakraken/db test:unit - name: Upload coverage reports uses: actions/upload-artifact@v4 if: ${{ !cancelled() }} with: name: coverage-reports path: | apps/web/coverage/ packages/engine/coverage/ packages/staffing/coverage/ packages/api/coverage/ packages/application/coverage/ packages/shared/coverage/ retention-days: 14 # ────────────────────────────────────────────── # Build — depends on typecheck passing # ────────────────────────────────────────────── build: name: Build needs: [guardrails, typecheck] runs-on: ubuntu-latest env: DATABASE_URL: postgresql://placeholder:placeholder@localhost:5432/placeholder NEXTAUTH_URL: ${{ env.CI_AUTH_URL }} AUTH_URL: ${{ env.CI_AUTH_URL }} NEXTAUTH_SECRET: ${{ env.CI_AUTH_SECRET }} AUTH_SECRET: ${{ env.CI_AUTH_SECRET }} steps: - uses: actions/checkout@v4 - name: Install pnpm run: npm install -g pnpm@${{ env.PNPM_VERSION }} - uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Generate Prisma client run: pnpm db:generate - name: Cache Turborepo uses: actions/cache@v4 with: path: .turbo key: turbo-build-${{ github.sha }} restore-keys: turbo-build- - name: Cache Next.js build uses: actions/cache@v4 with: path: apps/web/.next/cache key: nextjs-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.sha }} restore-keys: nextjs-${{ hashFiles('pnpm-lock.yaml') }}- - name: Build run: pnpm --filter @capakraken/web exec next build # ────────────────────────────────────────────── # E2E — depends on build, needs PostgreSQL + Redis # ────────────────────────────────────────────── e2e: name: E2E Tests needs: [build] runs-on: ubuntu-latest services: postgres: image: postgres:16 env: POSTGRES_DB: capakraken_test POSTGRES_USER: capakraken POSTGRES_PASSWORD: capakraken_test ports: - 5432:5432 options: >- --health-cmd="pg_isready -U capakraken -d capakraken_test" --health-interval=10s --health-timeout=5s --health-retries=5 redis: image: redis:7 ports: - 6379:6379 options: >- --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=5 env: DATABASE_URL: postgresql://capakraken:capakraken_test@localhost:5432/capakraken_test ALLOW_DESTRUCTIVE_DB_TOOLS: "true" CONFIRM_DESTRUCTIVE_DB_NAME: capakraken_test REDIS_URL: redis://localhost:6379 PORT: 3100 NEXTAUTH_URL: ${{ env.CI_AUTH_URL }} AUTH_URL: ${{ env.CI_AUTH_URL }} NEXTAUTH_SECRET: ${{ env.CI_AUTH_SECRET }} AUTH_SECRET: ${{ env.CI_AUTH_SECRET }} steps: - uses: actions/checkout@v4 - name: Install pnpm run: npm install -g pnpm@${{ env.PNPM_VERSION }} - uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Generate Prisma client run: pnpm db:generate - name: Cache Playwright browsers id: playwright-cache uses: actions/cache@v4 with: path: ~/.cache/ms-playwright key: playwright-${{ hashFiles('apps/web/package.json') }} restore-keys: playwright- - name: Install Playwright browsers if: steps.playwright-cache.outputs.cache-hit != 'true' run: pnpm --filter @capakraken/web exec playwright install --with-deps chromium - name: Install Playwright system deps if: steps.playwright-cache.outputs.cache-hit == 'true' run: pnpm --filter @capakraken/web exec playwright install-deps chromium - name: Push DB schema & seed run: | pnpm db:push pnpm db:seed - name: Run E2E tests run: pnpm test:e2e - name: Upload Playwright report uses: actions/upload-artifact@v4 if: ${{ !cancelled() }} with: name: playwright-report path: apps/web/playwright-report/ retention-days: 14