chore: Update CI configuration and improve code formatting #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test & Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| # Prevent race conditions - only one workflow per ref | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Minimal permissions by default | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Combined CI job - lint, type-check, format, security scan, build | |
| ci: | |
| name: Quality Checks & Build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should-deploy: ${{ steps.check-deploy.outputs.should-deploy }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| # Cache Bun dependencies for faster builds | |
| - name: Cache Bun dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun- | |
| - name: Install dependencies | |
| run: bun install | |
| # Parallel execution of quality checks | |
| - name: Run lint check | |
| run: bun run lint | |
| - name: Run type check | |
| run: bun run type-check | |
| - name: Auto format code (Prettier) | |
| run: bun run format:auto | |
| # Security dependency scan (only on PRs) | |
| - name: Dependency Review | |
| if: github.event_name == 'pull_request' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| fail-on-severity: moderate | |
| allow-licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, Unlicense | |
| # Build the project | |
| - name: Build project | |
| run: bun run build | |
| # Check if we should deploy (only on main branch pushes) | |
| - name: Check deployment condition | |
| id: check-deploy | |
| run: | | |
| if [[ "${{ github.ref }}" == "refs/heads/main" && "${{ github.event_name }}" == "push" ]]; then | |
| echo "should-deploy=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "should-deploy=false" >> $GITHUB_OUTPUT | |
| fi | |
| # Upload artifacts for deployment (only if deploying) | |
| - name: Upload build artifacts | |
| if: steps.check-deploy.outputs.should-deploy == 'true' | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: './dist' | |
| # Deploy job - only runs after CI passes and only on main | |
| deploy: | |
| name: Deploy to GitHub Pages | |
| runs-on: ubuntu-latest | |
| needs: ci | |
| if: needs.ci.outputs.should-deploy == 'true' | |
| # Enhanced permissions for deployment | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| # Protected environment | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| # Prevent concurrent deployments | |
| concurrency: | |
| group: pages-deploy | |
| cancel-in-progress: false | |
| steps: | |
| - name: Setup Pages | |
| uses: actions/configure-pages@v4 | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 |