|
|
||
|---|---|---|
| .. | ||
| ci.yml | ||
| demo-deploy.yml | ||
| publish.yml | ||
| README.md | ||
VibeCheck CI/CD Workflows
This directory contains GitHub Actions workflows for automated testing, building, and deployment.
Workflows
ci.yml - Continuous Integration
Triggers: Push to main, Pull Requests
Jobs:
- ci: Runs typecheck, build, test, and lint for all packages
- security: CodeQL security scanning
Features:
- Parallel execution using Turborepo
- Dependency caching for fast builds
- Turbo cache for incremental builds
- 15-minute timeout protection
publish.yml - NPM Publishing
Triggers: Git tags matching v* (e.g., v1.0.0)
Jobs:
- Builds all packages
- Runs full test suite
- Publishes
@lilithftw/vibecheck-coreto npm - Publishes
@lilithftw/vibecheck-reactto npm - Creates GitHub release with build artifacts
Security:
- Uses npm provenance for supply chain security
- Requires
NPM_TOKENsecret configured in repository settings
Usage:
git tag v1.0.0
git push origin v1.0.0
demo-deploy.yml - Demo Deployment
Triggers:
- Push to
main(when demo/core/react packages change) - Manual workflow dispatch
Jobs:
- Builds all packages
- Deploys demo app to Vercel
- Comments deployment URL on PRs (if applicable)
Required Secrets:
VERCEL_TOKEN: Vercel authentication tokenVERCEL_ORG_ID: Vercel organization IDVERCEL_PROJECT_ID: Vercel project ID
Environment:
- Name:
demo - URL: Automatically set from Vercel deployment
Dependabot Configuration
Located in .github/dependabot.yml
Automated Updates:
- Weekly npm dependency updates (grouped by type)
- Weekly GitHub Actions updates
- Limited to 5 npm PRs and 3 Actions PRs
Setup Requirements
Repository Secrets
Configure these secrets in repository settings:
-
NPM_TOKEN: npm access token with publish permissions
- Go to https://www.npmjs.com/settings/[username]/tokens
- Create "Automation" token
- Add to GitHub Secrets
-
VERCEL_TOKEN: Vercel authentication token
- Go to https://vercel.com/account/tokens
- Create new token
- Add to GitHub Secrets
-
VERCEL_ORG_ID: Find in Vercel project settings
-
VERCEL_PROJECT_ID: Find in Vercel project settings
Repository Settings
- Enable GitHub Actions: Settings → Actions → General → Allow all actions
- Enable CodeQL: Settings → Security → Code scanning → Enable
- Environment Protection: Settings → Environments →
demo→ Configure protection rules
Cache Strategy
All workflows use:
- Bun dependency cache: Automatic via
setup-bunaction - Turbo build cache:
.turbo/directory cached by SHA and restored by prefix
This provides:
- Fast CI runs (typically 2-3 minutes)
- Incremental builds across workflow runs
- Reduced npm registry load
Workflow Optimization
Turborepo pipeline ensures:
- Packages build in dependency order
- Tests run only after successful builds
- Parallel execution where possible
- Smart caching of unchanged packages
Troubleshooting
Publish Fails
Check:
- NPM_TOKEN is valid and has publish permissions
- Package versions are incremented
- Tag matches version in package.json
Demo Deploy Fails
Check:
- Vercel tokens are configured correctly
- Build completes successfully
- Vercel project settings allow deployments
CI Timeout
If builds exceed 15 minutes:
- Check for hanging tests
- Review Turborepo cache effectiveness
- Consider splitting large packages