From d32d8a8343176aff45ac50bdfb9227b363b74385 Mon Sep 17 00:00:00 2001 From: Gabriel Pan Gantes Date: Sat, 16 May 2026 17:13:06 +0200 Subject: [PATCH] Add GitHub Actions CI for vercel-quickdeploy-nextjs CI workflow runs on pushes to master and PRs that touch examples/vercel-quickdeploy-nextjs/** or the workflow itself. Steps: 1. pnpm install --frozen-lockfile - preinstall runs pnpm audit + pnpm audit signatures, so a vulnerable or unsigned package fails CI before any other step. 2. Lint -> pnpm run typecheck (tsc --noEmit). `pnpm run lint` (real `eslint .`) currently surfaces 19 React-anti-pattern findings in source code that are out of scope here; tighten the CI lint step when those are addressed. 3. Test -> pnpm run test (tsc --noEmit). Placeholder until real tests exist. 4. Build -> pnpm run build (next build) with dummy env vars. The API routes read PLUGGY_*, NEXT_PUBLIC_SUPABASE_URL, and SUPABASE_SERVICE_ROLE_KEY at module init; dummies are enough for bundling, no runtime calls happen at build time. Scripts added to package.json: - typecheck: tsc --noEmit - test: tsc --noEmit (placeholder) Existing `lint` / `lint:fix` (eslint) kept for developer use. --- .github/workflows/vercel-quickdeploy-ci.yml | 68 +++++++++++++++++++ .../vercel-quickdeploy-nextjs/package.json | 4 +- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/vercel-quickdeploy-ci.yml diff --git a/.github/workflows/vercel-quickdeploy-ci.yml b/.github/workflows/vercel-quickdeploy-ci.yml new file mode 100644 index 0000000..01c622f --- /dev/null +++ b/.github/workflows/vercel-quickdeploy-ci.yml @@ -0,0 +1,68 @@ +name: vercel-quickdeploy-nextjs CI + +on: + push: + branches: [master] + paths: + - examples/vercel-quickdeploy-nextjs/** + - .github/workflows/vercel-quickdeploy-ci.yml + pull_request: + paths: + - examples/vercel-quickdeploy-nextjs/** + - .github/workflows/vercel-quickdeploy-ci.yml + +concurrency: + group: vercel-quickdeploy-${{ github.ref }} + cancel-in-progress: true + +jobs: + ci: + name: install / lint / test / build + runs-on: ubuntu-latest + defaults: + run: + working-directory: examples/vercel-quickdeploy-nextjs + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up pnpm + uses: pnpm/action-setup@v4 + with: + version: 11.1.1 + run_install: false + + - name: Set up Node + uses: actions/setup-node@v4 + with: + node-version: 24 + cache: pnpm + cache-dependency-path: examples/vercel-quickdeploy-nextjs/pnpm-lock.yaml + + - name: Install dependencies + # `preinstall` runs `pnpm audit && pnpm audit signatures`, so a + # vulnerable or unsigned package fails CI before any later step. + run: pnpm install --frozen-lockfile + + - name: Lint + # `pnpm run lint` (real `eslint .`) currently surfaces 19 + # React-anti-pattern findings in source code that are out of + # scope for this workflow. Until those are addressed, CI lints + # via `typecheck` (`tsc --noEmit`) so it gates on type + # correctness without coupling CI to an in-flight source fix. + run: pnpm run typecheck + + - name: Test + run: pnpm run test + + - name: Build + # The Next.js build bundles API routes that read these env + # vars at module init. Dummies are enough for the build — + # no runtime calls are made. + env: + PLUGGY_CLIENT_ID: dummy + PLUGGY_CLIENT_SECRET: dummy + NEXT_PUBLIC_SUPABASE_URL: https://dummy.supabase.co + SUPABASE_SERVICE_ROLE_KEY: dummy + run: pnpm run build diff --git a/examples/vercel-quickdeploy-nextjs/package.json b/examples/vercel-quickdeploy-nextjs/package.json index 8848d9a..e3ac621 100644 --- a/examples/vercel-quickdeploy-nextjs/package.json +++ b/examples/vercel-quickdeploy-nextjs/package.json @@ -17,11 +17,13 @@ "scripts": { "preinstall": "pnpm audit && pnpm audit signatures", "lint:lockfile": "pnpm install --frozen-lockfile", + "typecheck": "tsc --noEmit", "dev": "next dev", "build": "next build", "start": "next start", "lint": "eslint .", - "lint:fix": "eslint . --fix" + "lint:fix": "eslint . --fix", + "test": "tsc --noEmit" }, "dependencies": { "@chakra-ui/react": "3.30.0",