Skip to content
Portal CI

docs(docs): align README CI with AGENTS and link maintainer CI docs #26

Sign in to view logs

docs(docs): align README CI with AGENTS and link maintainer CI docs

docs(docs): align README CI with AGENTS and link maintainer CI docs #26

Workflow file for this run

.github/workflows/portal-ci.yml at 5c5a5aa
name: Portal CI
permissions:
contents: read
on:
pull_request:
branches: [main]
types: [opened, synchronize, reopened, ready_for_review]
paths:
- "apps/portal/**"
- "packages/ui/**"
- "pnpm-lock.yaml"
- "package.json"
- "turbo.json"
- ".oxlintrc.json"
- ".oxfmtrc.jsonc"
- ".github/workflows/portal-ci.yml"
push:
branches: [main]
paths:
- "apps/portal/**"
- "packages/ui/**"
- "pnpm-lock.yaml"
- "package.json"
- "turbo.json"
- ".oxlintrc.json"
- ".oxfmtrc.jsonc"
- ".github/workflows/portal-ci.yml"
merge_group:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
env:
# Align with root package.json packageManager + mise.toml
NODE_VERSION: "24"
PNPM_VERSION: "10.28.2"
jobs:
changes:
name: File Detection
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
outputs:
typescript: ${{ steps.portal_changes.outputs.typescript_any_changed }}
config: ${{ steps.portal_changes.outputs.config_any_changed }}
tests: ${{ steps.portal_changes.outputs.tests_any_changed }}
any: ${{ (steps.portal_changes.outputs.typescript_any_changed == 'true' || steps.portal_changes.outputs.config_any_changed == 'true' || steps.portal_changes.outputs.tests_any_changed == 'true') && 'true' || 'false' }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Detect portal-related changes
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47
id: portal_changes
with:
files_yaml: |
typescript:
- apps/portal/src/**/*.ts
- apps/portal/src/**/*.tsx
- apps/portal/packages/*/src/**/*.ts
- apps/portal/packages/*/src/**/*.tsx
- packages/ui/**/*.ts
- packages/ui/**/*.tsx
- packages/ui/**/*.css
- "**/tsconfig.json"
- package.json
- pnpm-lock.yaml
- apps/portal/package.json
- apps/portal/packages/**/package.json
config:
- apps/portal/next.config.ts
- "**/.oxlintrc.json"
- "**/.oxfmtrc.jsonc"
- apps/portal/vitest.config.ts
- turbo.json
- apps/portal/turbo.json
- .github/workflows/portal-ci.yml
tests:
- apps/portal/tests/**/*
- apps/portal/vitest.config.ts
- apps/portal/vitest.setup.ts
lint:
name: Lint
runs-on: ubuntu-latest
needs: [changes]
if: needs.changes.outputs.any == 'true' || github.event_name == 'merge_group'
timeout-minutes: 10
permissions:
contents: read
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Node and pnpm
uses: ./.github/actions/setup-node-pnpm
with:
node-version: ${{ env.NODE_VERSION }}
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Run lint
run: pnpm check
type-check:
name: Type Check
runs-on: ubuntu-latest
needs: [changes]
if: needs.changes.outputs.any == 'true' || github.event_name == 'merge_group'
timeout-minutes: 10
permissions:
contents: read
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Node and pnpm
uses: ./.github/actions/setup-node-pnpm
with:
node-version: ${{ env.NODE_VERSION }}
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Cache Turborepo
uses: rharkor/caching-for-turbo@0abc2381e688c4d2832f0665a68a01c6e82f0d6c # v2.3.11
- name: Generate Next.js types
run: pnpm --filter @atl/portal typegen
- name: Run type check
run: pnpm exec turbo run type-check --filter=@atl/portal
build:
name: Build
runs-on: ubuntu-latest
needs: [changes]
if: needs.changes.outputs.any == 'true' || github.event_name == 'merge_group'
timeout-minutes: 15
permissions:
contents: read
env:
DATABASE_URL: postgresql://localhost:5432/__build_placeholder__
BETTER_AUTH_SECRET: __ci_build_placeholder_do_not_use_in_production__
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Node and pnpm
uses: ./.github/actions/setup-node-pnpm
with:
node-version: ${{ env.NODE_VERSION }}
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Cache Turborepo
uses: rharkor/caching-for-turbo@0abc2381e688c4d2832f0665a68a01c6e82f0d6c # v2.3.11
- name: Cache Next.js build
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5
with:
path: |
apps/portal/.next/cache
key: ${{ runner.os }}-nextjs-portal-${{ hashFiles('pnpm-lock.yaml', 'apps/portal/package.json', 'apps/portal/next.config.ts') }}
restore-keys: |
${{ runner.os }}-nextjs-portal-
- name: Build
run: pnpm exec turbo run build --filter=@atl/portal
test:
name: Test
runs-on: ubuntu-latest
needs: [changes]
if: >-
needs.changes.outputs.any == 'true' ||
needs.changes.outputs.tests == 'true' ||
github.event_name == 'merge_group'
timeout-minutes: 20
permissions:
contents: read
pull-requests: write
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Node and pnpm
uses: ./.github/actions/setup-node-pnpm
with:
node-version: ${{ env.NODE_VERSION }}
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Cache Turborepo
uses: rharkor/caching-for-turbo@0abc2381e688c4d2832f0665a68a01c6e82f0d6c # v2.3.11
- name: Run tests
run: pnpm exec turbo run test:coverage --filter=@atl/portal
- name: Upload coverage reports
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5
if: always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./apps/portal/coverage/lcov.info
fail_ci_if_error: false
comment: true
verbose: true
knip:
name: Dead Code (Knip)
runs-on: ubuntu-latest
needs: [changes]
if: >-
needs.changes.outputs.typescript == 'true' ||
needs.changes.outputs.config == 'true' ||
github.event_name == 'merge_group'
timeout-minutes: 10
permissions:
contents: read
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Node and pnpm
uses: ./.github/actions/setup-node-pnpm
with:
node-version: ${{ env.NODE_VERSION }}
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Run Knip
run: pnpm knip --reporter compact
release:
name: Release
runs-on: ubuntu-latest
needs: [lint, type-check, build, test]
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, 'skip ci')
timeout-minutes: 10
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Setup Node and pnpm
uses: ./.github/actions/setup-node-pnpm
with:
node-version: ${{ env.NODE_VERSION }}
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
run: pnpm --filter @atl/portal run release