chore: unify qa automation #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GitHub Actions CI Workflow | |
| # | |
| # Status: ACTIVE | |
| # Purpose: Run comprehensive QA suite on every push/PR | |
| # | |
| # This workflow uses the unified `task qa:all` command. | |
| # Mirrors Husky pre-push hook exactly (same commands, same checks). | |
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| jobs: | |
| # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ | |
| # Comprehensive QA Suite (mirrors pre-push hook) | |
| # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ | |
| # Command: cd .cursor && task qa:all | |
| # Includes: fix, rules, smoke, lint, typecheck, unit, e2e | |
| qa-all: | |
| name: QA Suite (fix + rules + smoke + lint + typecheck + unit + e2e) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install go-task | |
| run: | | |
| sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin | |
| task --version | |
| - name: Setup bun | |
| uses: oven-sh/setup-bun@v1 | |
| with: | |
| bun-version: latest | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install Encore CLI | |
| run: | | |
| curl -L https://encore.dev/install.sh | bash | |
| echo "$HOME/.encore/bin" >> $GITHUB_PATH | |
| - name: Authenticate with Encore Cloud | |
| env: | |
| ENCORE_AUTH_TOKEN: ${{ secrets.ENCORE_AUTH_TOKEN }} | |
| run: | | |
| if [ -z "$ENCORE_AUTH_TOKEN" ]; then | |
| echo "⚠️ WARNING: ENCORE_AUTH_TOKEN not set in GitHub Secrets" | |
| echo " Encore builds requiring secrets will fail" | |
| echo " To fix: Add your Encore auth token as a GitHub Secret named 'ENCORE_AUTH_TOKEN'" | |
| else | |
| echo "🔐 Encore authentication configured" | |
| fi | |
| - name: Install Backend Dependencies | |
| run: cd backend && bun install | |
| - name: Install Frontend Dependencies | |
| run: cd frontend && bun install | |
| - name: Install Playwright Browser Binaries | |
| run: cd frontend && bunx playwright install --with-deps chromium | |
| - name: Start Backend | |
| env: | |
| ENCORE_AUTH_TOKEN: ${{ secrets.ENCORE_AUTH_TOKEN }} | |
| run: | | |
| cd backend | |
| encore run & | |
| echo "Waiting for backend to be ready..." | |
| timeout 60 bash -c 'until curl -sf http://localhost:4000/health > /dev/null; do sleep 2; done' | |
| - name: Start Frontend | |
| run: | | |
| cd frontend | |
| bun run dev & | |
| echo "Waiting for frontend to be ready..." | |
| timeout 60 bash -c 'until curl -sf http://localhost:5173 > /dev/null; do sleep 2; done' | |
| - name: Run Complete QA Suite | |
| run: cd .cursor && task qa:all | |
| # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ | |
| # Implementation Notes: | |
| # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ | |
| # | |
| # SIMPLICITY: Single job runs `task qa:all` - same as pre-push hook | |
| # MIRRORS LOCAL: Exact same command developers run locally | |
| # DRY: No duplication - all logic in .cursor/commands/qa/Taskfile.yml | |
| # | |
| # What `task qa:all` runs: | |
| # 1. qa:fix - Auto-fix linting/formatting | |
| # 2. qa:rules - Validate founder rules (no console.log, no any, American spelling) | |
| # 3. qa:smoke - Health checks (backend + frontend) | |
| # 4. qa:lint - Linting (backend + frontend) | |
| # 5. qa:typecheck - TypeScript validation (frontend) | |
| # 6. qa:unit - Unit tests (backend only - encore test) | |
| # 7. qa:e2e - E2E tests (frontend Playwright) | |
| # | |
| # Dependencies: | |
| # - go-task - Taskfile runner | |
| # - bun - Package manager | |
| # - Node.js - Automation scripts | |
| # - Encore CLI - Backend runtime | |
| # | |
| # Environment: | |
| # - Uses standard ports from .env (4000 backend, 5173 frontend) | |
| # - In-memory database for tests | |
| # - ENCORE_AUTH_TOKEN: GitHub Secret required for accessing Encore Cloud secrets | |
| # | |
| # GitHub Secrets Setup: | |
| # 1. Go to: Settings → Secrets and variables → Actions | |
| # 2. Create new secret: ENCORE_AUTH_TOKEN | |
| # 3. Get token from: encore auth token (run locally) | |
| # 4. Paste into GitHub Secrets | |
| # | |
| # Testing before activation: | |
| # 1. Create feature branch | |
| # 2. Rename to ci.yml | |
| # 3. Push to trigger workflow | |
| # 4. Verify qa:all passes | |
| # 5. Merge to main | |
| # Validation checklist when modifying: | |
| # 1. Create feature branch | |
| # 2. Push to trigger workflow | |
| # 3. Confirm qa:all passes in GitHub Actions | |
| # 4. Merge to main after review | |