chaqchase · chaqchase · Jun 25, 2025 · Jun 25, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,29 +2,198 @@ name: CI
 
 on:
   push:
-    branches: ['main']
+    branches: [main]
   pull_request:
-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  test:
-    name: Test Node.js ${{ matrix.node-version }} on ${{ matrix.os }}
+  lint-and-type-check:
+    name: Lint & Type Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'pnpm'
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Type check
+        run: pnpm type-check
+
+      - name: Lint
+        run: pnpm lint:check
+
+      - name: Format check
+        run: pnpm format:check
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: [lint-and-type-check]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'pnpm'
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build
+        run: pnpm build
+
+      - name: Check build output
+        run: |
+          if [ ! -f "dist/index.js" ] || [ ! -f "dist/index.cjs" ] || [ ! -f "dist/index.d.ts" ]; then
+            echo "Build output missing required files"
+            exit 1
+          fi
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-output
+          path: dist/
+          retention-days: 1
+
+  test-node-versions:
+    name: Test Node.js ${{ matrix.node-version }}
+    runs-on: ubuntu-latest
+    needs: [lint-and-type-check]
+
     strategy:
       matrix:
-        os: [ubuntu-latest]
-        node-version: [18.x]
+        node-version: [18, 20, 21]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
 
-    runs-on: ${{ matrix.os }}
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'pnpm'
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
 
+      - name: Type check
+        run: pnpm type-check
+
+      - name: Build
+        run: pnpm build
+
+  package-validation:
+    name: Package Validation
+    runs-on: ubuntu-latest
+    needs: [build]
+
     steps:
-      - uses: actions/checkout@v2
-      - uses: pnpm/[email protected]
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
         with:
-          version: 6.34.0
-      - uses: actions/setup-node@v2
+          node-version: 20
+          cache: 'pnpm'
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
         with:
-          node-version: ${{ matrix.node-version }}
+          version: 8
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build-output
+          path: dist/
+
+      - name: Pack package
+        run: pnpm pack
+
+      - name: Validate package contents
+        run: |
+          tar -tzf *.tgz | grep -E "(dist/|README.md|CHANGELOG.md|package.json)" || {
+            echo "Package missing required files"
+            exit 1
+          }
+
+  security-audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
           cache: 'pnpm'
-      - name: Install Dependencies
-        run: pnpm install
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Audit dependencies
+        run: pnpm audit --audit-level moderate
+
+  all-checks-passed:
+    name: All Checks Passed
+    runs-on: ubuntu-latest
+    needs: [lint-and-type-check, build, test-node-versions, package-validation, security-audit]
+    if: always()
+
+    steps:
+      - name: Check all jobs
+        run: |
+          if [[ "${{ needs.lint-and-type-check.result }}" != "success" ]] || \
+             [[ "${{ needs.build.result }}" != "success" ]] || \
+             [[ "${{ needs.test-node-versions.result }}" != "success" ]] || \
+             [[ "${{ needs.package-validation.result }}" != "success" ]] || \
+             [[ "${{ needs.security-audit.result }}" != "success" ]]; then
+            echo "One or more checks failed"
+            exit 1
+          fi
+          echo "All checks passed successfully!"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,38 +2,100 @@ name: Release
 
 on:
   push:
-    branches:
-      - main
+    branches: [main]
 
-concurrency: ${{ github.workflow }}-${{ github.ref }}
+concurrency:
+  group: release-${{ github.ref }}
+  cancel-in-progress: false
 
 jobs:
-  release:
-    name: Release
+  validate-and-release:
+    name: Validate & Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+      pull-requests: write
+
     steps:
-      - name: Checkout Repo
-        uses: actions/checkout@v2
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Setup Node.js 20.x
-        uses: actions/setup-node@v2
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
         with:
-          node-version: 20.x
+          node-version: 20
+          cache: 'pnpm'
+          registry-url: 'https://registry.npmjs.org'
 
       - name: Setup pnpm
-        run: npm install -g pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Validate code quality
+        run: pnpm validate
 
-      - name: Install Dependencies
-        run: pnpm i
+      - name: Build package
+        run: pnpm build
 
-      - name: Create Release PR or Publish Packages
+      - name: Validate build output
+        run: |
+          if [ ! -f "dist/index.js" ] || [ ! -f "dist/index.cjs" ] || [ ! -f "dist/index.d.ts" ]; then
+            echo "❌ Build output missing required files"
+            exit 1
+          fi
+          echo "✅ Build output validated"
+
+      - name: Test package installation
+        run: |
+          pnpm pack
+          mkdir test-install
+          cd test-install
+          npm init -y
+          npm install ../chaqchase-next-middleware-*.tgz
+          node -e "
+            try {
+              const pkg = require('@chaqchase/next-middleware');
+              console.log('✅ Package imports successfully');
+              console.log('Available exports:', Object.keys(pkg));
+            } catch (e) {
+              console.error('❌ Package import failed:', e.message);
+              process.exit(1);
+            }
+          "
+
+      - name: Security audit
+        run: pnpm audit --audit-level moderate
+
+      - name: Create Release Pull Request or Publish
         id: changesets
         uses: changesets/action@v1
         with:
           publish: pnpm release
           version: pnpm version
-          commit: 'chore: update package versions'
-          title: 'chore: update package versions'
+          commit: 'chore: release package'
+          title: 'chore: release package'
+          createGithubReleases: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Release Summary
+        if: steps.changesets.outputs.published == 'true'
+        run: |
+          echo "🎉 Package published successfully!"
+          echo "Published packages: ${{ steps.changesets.outputs.publishedPackages }}"
+
+      - name: Notify on Failure
+        if: failure()
+        run: |
+          echo "❌ Release workflow failed"
+          echo "Please check the logs and fix any issues before retrying"
diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml
@@ -0,0 +1,50 @@
+name: Version Check
+
+on:
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'CHANGELOG.md'
+      - '.changeset/**'
+
+jobs:
+  version-consistency:
+    name: Check Version Consistency
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Check version in package.json
+        id: package-version
+        run: |
+          VERSION=$(node -p "require('./package.json').version")
+          echo "package-version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Package version: $VERSION"
+
+      - name: Check if changelog has entry for version
+        run: |
+          VERSION="${{ steps.package-version.outputs.package-version }}"
+          if ! grep -q "## \[$VERSION\]" CHANGELOG.md; then
+            echo "❌ CHANGELOG.md missing entry for version $VERSION"
+            echo "Please add a changelog entry for version $VERSION"
+            exit 1
+          fi
+          echo "✅ CHANGELOG.md has entry for version $VERSION"
+
+      - name: Validate changeset files
+        run: |
+          if [ -d ".changeset" ]; then
+            CHANGESET_FILES=$(find .changeset -name "*.md" ! -name "README.md" | wc -l)
+            if [ "$CHANGESET_FILES" -gt 0 ]; then
+              echo "✅ Found $CHANGESET_FILES changeset file(s)"
+            else
+              echo "⚠️ No changeset files found. Make sure to create a changeset for your changes."
+            fi
+          fi