Merge pull request from develop

release(v0.2.0): promote preprod → production

Author: ayoub3bidi

.github/CODEOWNERS

@@ -0,0 +1 @@
+*       @ayoub3bidi

.github/workflows/ci.yml

@@ -26,17 +26,17 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
           version: 9
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: 20.x
+          node-version: 24.11.1
           cache: 'pnpm'
 
       - name: Install dependencies
@@ -63,15 +63,15 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
           version: 9
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'pnpm'
@@ -90,7 +90,7 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: matrix.node-version == '20.x'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           files: ./coverage/coverage-final.json
           flags: unittests
@@ -103,7 +103,7 @@ jobs:
 
       - name: Comment coverage on PR
         if: github.event_name == 'pull_request' && matrix.node-version == '20.x'
-        uses: romeovs/lcov-reporter-action@v0.3.1
+        uses: romeovs/lcov-reporter-action@v0.4.0
         with:
           lcov-file: ./coverage/lcov.info
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -118,27 +118,30 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
           version: 9
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: 20.x
+          node-version: 24.11.1
           cache: 'pnpm'
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
       - name: Build project
         run: pnpm build
+        env:
+          VITE_GIT_BRANCH: ${{ github.ref_name }}
+          VITE_DEV_SITE_URL: 'https://dev-bayanflow.netlify.app'
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: dist
           path: dist/
@@ -158,46 +161,52 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
           version: 9
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: 20.x
+          node-version: 24.11.1
           cache: 'pnpm'
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
       - name: Build project
         run: pnpm build
+        env:
+          # embed branch name into Vite build so the frontend can read it at runtime
+          VITE_GIT_BRANCH: ${{ github.ref_name }}
+          # optional: clickable dev site URL to use in the badge
+          VITE_DEV_SITE_URL: 'https://dev-bayanflow.netlify.app'
 
       - name: Deploy to Netlify
+        id: netlify
         uses: nwtgck/actions-netlify@v3.0
         with:
           publish-dir: './dist'
           production-branch: main
           github-token: ${{ secrets.GITHUB_TOKEN }}
-          deploy-message: "Deploy from GitHub Actions"
+          deploy-message: "Deploy from GitHub Actions (${{ github.ref_name }})"
           enable-pull-request-comment: true
           enable-commit-comment: true
           overwrites-pull-request-comment: true
           github-deployment-environment: ${{ github.ref == 'refs/heads/main' && 'production' || github.ref == 'refs/heads/develop' && 'beta' || 'preview' }}
-          alias: ${{ github.ref == 'refs/heads/develop' && 'beta' || '' }}
         env:
           NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
-        timeout-minutes: 5
+          # Use the dev site ID when building from develop, otherwise production site ID
+          NETLIFY_SITE_ID: ${{ github.ref == 'refs/heads/develop' && secrets.NETLIFY_SITE_ID_DEV || secrets.NETLIFY_SITE_ID }}
+        timeout-minutes: 10
 
       - name: Output deployment URL
         if: always()
         run: |
-          echo "Deployment completed!"
+          echo "Netlify deploy URL: ${{ steps.netlify.outputs.deploy-url }}"
 
   # Job 5: All checks passed (optional but useful for branch protection)
   all-checks-pass:

.github/workflows/ensure-pr-source-develop.yml

@@ -0,0 +1,81 @@
+name: pr-source-enforcer
+
+# Runs when a PR targets `main`
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, edited]
+    branches:
+      - main
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  enforce_pr_source:
+    runs-on: ubuntu-latest
+    outputs:
+      allowed: ${{ steps.check.outputs.allowed }}
+    steps:
+      - name: Set up shell
+        run: echo "starting pr-source-enforcer"
+
+      - name: Read inputs
+        id: check
+        run: |
+          # Allowed mergers come from a repo secret, comma-separated.
+          # Set this secret in your repo settings: Settings -> Secrets -> Actions -> New repository secret
+          # Example value: ayoub,my-org-release-bot
+          ALLOWED="${{ secrets.ALLOWED_MERGERS }}"
+
+          # PR metadata from github context
+          HEAD_REF="${{ github.event.pull_request.head.ref }}"
+          PR_AUTHOR="${{ github.event.pull_request.user.login }}"
+          TARGET_BRANCH="${{ github.event.pull_request.base.ref }}"
+
+          echo "HEAD_REF=$HEAD_REF"
+          echo "PR_AUTHOR=$PR_AUTHOR"
+          echo "TARGET_BRANCH=$TARGET_BRANCH"
+
+          # Normalize values (lowercase) for comparison
+          head_lc="$(echo "$HEAD_REF" | tr '[:upper:]' '[:lower:]')"
+          author_lc="$(echo "$PR_AUTHOR" | tr '[:upper:]' '[:lower:]')"
+          allowed_lc="$(echo "$ALLOWED" | tr '[:upper:]' '[:lower:]')"
+
+          # Default to empty allowed list if secret missing
+          if [ -z "$allowed_lc" ]; then
+            echo "Warning: ALLOWED_MERGERS secret is empty or missing. No users will be allowed as bypassers."
+          fi
+
+          # Check conditions: allowed if head is 'develop' OR author is in allowed list
+          allowed="false"
+          if [ "$head_lc" = "develop" ]; then
+            allowed="true"
+          else
+            # iterate allowed list
+            IFS=',' read -ra arr <<< "$allowed_lc"
+            for u in "${arr[@]}"; do
+              u_trim="$(echo "$u" | xargs)" # trim spaces
+              if [ -n "$u_trim" ] && [ "$u_trim" = "$author_lc" ]; then
+                allowed="true"
+                break
+              fi
+            done
+          fi
+
+          echo "allowed=$allowed"
+          echo "::set-output name=allowed::$allowed"
+
+      - name: Fail if not allowed
+        if: steps.check.outputs.allowed != 'true'
+        run: |
+          head_ref="${{ github.event.pull_request.head.ref }}"
+          author="${{ github.event.pull_request.user.login }}"
+          echo "ERROR: PR targeting 'main' is not allowed. Head branch is '$head_ref' and PR author is '$author'."
+          echo "Only PRs whose head branch is 'develop' or PRs authored by an allowed merger (repo secret ALLOWED_MERGERS) may target 'main'."
+          exit 1
+
+      - name: Success note
+        if: steps.check.outputs.allowed == 'true'
+        run: |
+          echo "OK: PR allowed to target main (head branch is develop or author is allowed)."

.github/workflows/release.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0 # Fetch all history for changelog generation
 
@@ -25,9 +25,9 @@ jobs:
           version: 9
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: 20.x
+          node-version: 24.11.1
           cache: 'pnpm'
 
       - name: Install dependencies

.gitignore

@@ -22,3 +22,4 @@ dist-ssr
 *.njsproj
 *.sln
 *.sw?
+.tmp

CONTRIBUTING.md

@@ -2,6 +2,10 @@
 
 Thank you for your interest in contributing to Bayan Flow! This document provides guidelines and information for contributors.
 
+> Notes:
+> - Create a PR that **ALWAYS** targets `develop` not `main`.
+> - All PRs must pass CI (lint, tests, build) before merge.
+
 ## Table of Contents
 
 - [Code of Conduct](#code-of-conduct)