Add default configuration for quick deployment #214
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Pipeline | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| lint: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Needed for changed files detection | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '24' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Lint changed files only | |
| run: | | |
| # Get changed JS files, excluding vendor directories | |
| CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRT origin/main...HEAD | grep -E '\.(js|mjs)$' | grep -v 'static/' | grep -v 'node_modules/' | tr '\n' ' ') | |
| if [ -n "$CHANGED_FILES" ]; then | |
| echo "Linting changed files: $CHANGED_FILES" | |
| npx eslint $CHANGED_FILES | |
| else | |
| echo "No relevant JavaScript files changed" | |
| fi | |
| - name: Check code formatting | |
| run: | | |
| # Optional: Check if code is properly formatted | |
| # npx prettier --check "**/*.{js,json,md}" --ignore-path .gitignore | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run npm audit | |
| run: npm audit --audit-level=moderate | |
| continue-on-error: true # Don't fail on low-severity issues | |
| - name: Check for known vulnerabilities | |
| run: | | |
| # Check for high/critical vulnerabilities only | |
| # npm audit returns non-zero exit code if vulnerabilities are found at the specified level | |
| if npm audit --audit-level=high; then | |
| echo "No high or critical vulnerabilities found" | |
| else | |
| echo "High or critical vulnerabilities found!" | |
| exit 1 | |
| fi | |
| dependency-check: | |
| name: Dependency Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check for outdated dependencies | |
| run: | | |
| npm outdated || true # Don't fail, just report | |
| - name: Check package.json changes | |
| run: | | |
| if git diff --name-only origin/main...HEAD | grep -q "package.json\|package-lock.json"; then | |
| echo "Dependencies changed - review required" | |
| git diff origin/main...HEAD -- package.json package-lock.json | |
| fi |