ut-code
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 39 additions & 1 deletion b/‎.github/workflows/ci.yml‎
Lines changed: 39 additions & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.lefthook/pre-push/docker-build.sh‎
Lines changed: 26 additions & 0 deletions b/‎.lefthook/pre-push/docker-build.sh‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 17 additions & 44 deletions b/‎README.md‎
Lines changed: 17 additions & 44 deletions
diff --git a/‎bun.lock‎
Lines changed: 33 additions & 55 deletions b/‎bun.lock‎
Lines changed: 33 additions & 55 deletions
diff --git a/‎docs/knowledges/security.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/knowledges/security.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎drizzle/0005_boring_rockslide.sql‎
Lines changed: 1 addition & 0 deletions b/‎drizzle/0005_boring_rockslide.sql‎
Lines changed: 1 addition & 0 deletions
@@ -6,12 +6,50 @@ on:
   pull_request:
     branches: [main]
 
+env:
+  SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+
 jobs:
   check:
+    name: Checks
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
       - run: bun install --frozen-lockfile
       - run: bun check
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v6
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - run: bun install --frozen-lockfile
       - run: bun run build
+
+  e2e:
+    name: E2E Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Install Playwright browsers
+        run: bunx playwright install chromium --with-deps
+
+      - name: Run E2E tests
+        run: bun run test:e2e
@@ -22,3 +22,8 @@ Thumbs.db
 .devenv*
 devenv.local*
 .direnv
+
+# Test Results
+/playwright-report/
+/test-results/
+/playwright/.cache/
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+# Build up to builder stage to verify dependencies and build process
+# Note: This uses secrets.dev.yaml for local verification
+# Production builds will use secrets.prod.yaml with actual SOPS_AGE_KEY
+
+set -e
+
+if [ ! -f secrets.dev.yaml ]; then
+  echo "❌ secrets.dev.yaml not found. Cannot verify Docker build."
+  exit 1
+fi
+
+# Check if SOPS_AGE_KEY is available
+if [ -z "$SOPS_AGE_KEY" ]; then
+  echo "⚠️  SOPS_AGE_KEY not set. Skipping Docker build verification."
+  echo "💡 To enable Docker build checks, export SOPS_AGE_KEY in your shell."
+  exit 0
+fi
+
+echo "🐳 Verifying Docker build..."
+docker build --target builder \
+  --build-arg SOPS_AGE_KEY="${SOPS_AGE_KEY}" \
+  --build-arg SECRETS_FILE=secrets.dev.yaml \
+  -t cms-utcode-build-check .
+
+echo "✅ Docker build verification passed!"
@@ -4,7 +4,7 @@ utcode.net の CMS 駆動版フォーク (フォークではない) です。そ
 
 ## Development
 
-環境構築
+### 環境構築
 
 - [devenv](https://devenv.sh/) パッケージをインストールします
 - `.sops-age-key.txt` を配置します（チームメンバーから取得）
@@ -13,34 +13,20 @@ utcode.net の CMS 駆動版フォーク (フォークではない) です。そ
 direnv allow
 ```
 
-サーバーその他全部起動
+### コマンド
 
-```sh
-bun up
-```
-
-停止
 
 ```sh
-bun down
-```
-
-リロード
+bun up # (devenv) サーバーその他全部起動
+bun down # (devenv) 停止
+bun reload # (devenv) リロード
+bun tail # (devenv) ログ
+bun attach # (devenv) process compose に接続 (F10 + enter で退出)
 
-```sh
-bun reload
-```
-
-ログ
-
-```sh
-bun logs
-```
-
-process compose に接続 (F10 + enter で退出)
-
-```sh
-bun attach
+bun check # 全てのチェックを実行
+bun fix # 自動修正 (フォーマットなど)
+bun tidy # 全てのチェックを実行し、自動修正できるものは修正
+bun test:e2e # playwright で E2E テストを実行
 ```
 
 ## Secrets
@@ -51,32 +37,19 @@ bun attach
 # 編集
 sops secrets.dev.yaml
 sops secrets.prod.yaml
+# 実行
+sops exec-env secrets.dev.yaml 'bun run build'
 ```
 
-### 鍵のローテーション
-
-```sh
-# 1. 新しい鍵を生成
-age-keygen
-
-# 2. .sops.yaml に新しい公開鍵を追加（古い鍵も残す）
-
-# 3. .sops-age-key.txt に新しい秘密鍵を追加（古い鍵も残す）
-
-# 4. 再暗号化（古い鍵で復号→新しい鍵で暗号化）
-sops updatekeys -y secrets.dev.yaml
-sops updatekeys -y secrets.prod.yaml
-
-# 5. 古い鍵を .sops.yaml と .sops-age-key.txt から削除
-```
+## コーディングルール
 
-## Data Access Layer
+### Data Access Layer
 
 データ操作は DAL `$lib/server/data/*` から import します。直接 db を触りません。
 
 ```ts
-import { listMembers, createMember } from "$lib/server/data/members";
-import { listPublishedArticles } from "$lib/server/data/articles";
+import { createMember } from "$lib/server/data/private/members";
+import { listPublishedArticles } from "$lib/server/data/public/articles";
 ```
 
 ## その他
 
@@ -15,6 +15,8 @@
 - Members must belong to the `ut-code` GitHub organization
 - Membership is cached for 24 hours (`CACHE_TTL_MS`)
 - `UNSAFE_DISABLE_AUTH=true` bypasses all auth checks (dev only, throws error in production)
+  - Mock user ID: `"mock"`, mock member ID: `"mock-member"`
+  - Mock data returned from `getMemberByUserId`, `getUserPreference`, `setDefaultAuthor`
 
 ## Ownership Model
 
 
@@ -0,0 +1 @@
+ALTER TABLE "article" DROP COLUMN "excerpt";
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ALTER TABLE "article" DROP COLUMN "excerpt";`