vibecheck/.github/workflows
2026-02-06 02:34:36 -08:00
..
ci.yml deps-upgrade(packages/api, packages/core, packages/demo, packages/react): ⬆️ Upgrade dependencies to resolve vulnerabilities and improve compatibility across all packages 2026-02-06 02:34:36 -08:00
demo-deploy.yml deps-upgrade(packages/api, packages/core, packages/demo, packages/react): ⬆️ Upgrade dependencies to resolve vulnerabilities and improve compatibility across all packages 2026-02-06 02:34:36 -08:00
publish.yml deps-upgrade(packages/api, packages/core, packages/demo, packages/react): ⬆️ Upgrade dependencies to resolve vulnerabilities and improve compatibility across all packages 2026-02-06 02:34:36 -08:00
README.md deps-upgrade(packages/api, packages/core, packages/demo, packages/react): ⬆️ Upgrade dependencies to resolve vulnerabilities and improve compatibility across all packages 2026-02-06 02:34:36 -08:00

VibeCheck CI/CD Workflows

This directory contains GitHub Actions workflows for automated testing, building, and deployment.

Workflows

ci.yml - Continuous Integration

Triggers: Push to main, Pull Requests

Jobs:

  • ci: Runs typecheck, build, test, and lint for all packages
  • security: CodeQL security scanning

Features:

  • Parallel execution using Turborepo
  • Dependency caching for fast builds
  • Turbo cache for incremental builds
  • 15-minute timeout protection

publish.yml - NPM Publishing

Triggers: Git tags matching v* (e.g., v1.0.0)

Jobs:

  • Builds all packages
  • Runs full test suite
  • Publishes @lilithftw/vibecheck-core to npm
  • Publishes @lilithftw/vibecheck-react to npm
  • Creates GitHub release with build artifacts

Security:

  • Uses npm provenance for supply chain security
  • Requires NPM_TOKEN secret configured in repository settings

Usage:

git tag v1.0.0
git push origin v1.0.0

demo-deploy.yml - Demo Deployment

Triggers:

  • Push to main (when demo/core/react packages change)
  • Manual workflow dispatch

Jobs:

  • Builds all packages
  • Deploys demo app to Vercel
  • Comments deployment URL on PRs (if applicable)

Required Secrets:

  • VERCEL_TOKEN: Vercel authentication token
  • VERCEL_ORG_ID: Vercel organization ID
  • VERCEL_PROJECT_ID: Vercel project ID

Environment:

  • Name: demo
  • URL: Automatically set from Vercel deployment

Dependabot Configuration

Located in .github/dependabot.yml

Automated Updates:

  • Weekly npm dependency updates (grouped by type)
  • Weekly GitHub Actions updates
  • Limited to 5 npm PRs and 3 Actions PRs

Setup Requirements

Repository Secrets

Configure these secrets in repository settings:

  1. NPM_TOKEN: npm access token with publish permissions

  2. VERCEL_TOKEN: Vercel authentication token

  3. VERCEL_ORG_ID: Find in Vercel project settings

  4. VERCEL_PROJECT_ID: Find in Vercel project settings

Repository Settings

  1. Enable GitHub Actions: Settings → Actions → General → Allow all actions
  2. Enable CodeQL: Settings → Security → Code scanning → Enable
  3. Environment Protection: Settings → Environments → demo → Configure protection rules

Cache Strategy

All workflows use:

  • Bun dependency cache: Automatic via setup-bun action
  • Turbo build cache: .turbo/ directory cached by SHA and restored by prefix

This provides:

  • Fast CI runs (typically 2-3 minutes)
  • Incremental builds across workflow runs
  • Reduced npm registry load

Workflow Optimization

Turborepo pipeline ensures:

  • Packages build in dependency order
  • Tests run only after successful builds
  • Parallel execution where possible
  • Smart caching of unchanged packages

Troubleshooting

Publish Fails

Check:

  • NPM_TOKEN is valid and has publish permissions
  • Package versions are incremented
  • Tag matches version in package.json

Demo Deploy Fails

Check:

  • Vercel tokens are configured correctly
  • Build completes successfully
  • Vercel project settings allow deployments

CI Timeout

If builds exceed 15 minutes:

  • Check for hanging tests
  • Review Turborepo cache effectiveness
  • Consider splitting large packages