ci: add PR verification workflow, patch prod deps, fix build without Clerk creds#153
Merged
Conversation
Adds a CI workflow that runs lint, typecheck, tests, and build on every pull request and push to main, restoring an automated gate (previously only CodeRabbit reviewed PRs; nothing enforced that the 652 tests pass). - new .github/workflows/ci.yml (lint + typecheck + test:run + build) - add `typecheck` script (tsc --noEmit) - ClerkProvider now falls back to a valid-format demo publishable key when NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY is unset, so `next build` succeeds during static prerender of /_not-found in CI/local builds - drop the invalid pk_test_placeholder/sk_test_placeholder from release.yml, which overrode the build script's valid fallback and broke the release build https://claude.ai/code/session_019tCTyU5MpR5qdcnjV8UHfu
Resolves the critical/high advisories in the production runtime tree without dependency-range changes (lockfile only): - @clerk/nextjs 6.36 -> 6.39.5 (critical) - next 16.0 -> 16.2.7 (high) - fast-xml-parser -> 5.7.3 (critical) Brings total advisories 38 -> 16; the remainder are dev/build-only chains (vitest UI, electron-builder) requiring major bumps, plus a transitive postcss advisory bundled inside next with no fix available. Tests (652), typecheck, and build all pass on the updated lockfile. https://claude.ai/code/session_019tCTyU5MpR5qdcnjV8UHfu
CLAUDE.md and README.md both claimed 225 tests; the suite now has 652. https://claude.ai/code/session_019tCTyU5MpR5qdcnjV8UHfu
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (6)
📝 WalkthroughWalkthroughThis PR establishes CI/CD infrastructure with automated type checking and testing, configures Clerk authentication to work without environment credentials via a fallback key, streamlines the release workflow, and updates documentation test counts from 225 to 652. ChangesCI/CD and Build Infrastructure Setup
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+15
to
+29
| name: Lint, typecheck, test, build | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| NEXT_TELEMETRY_DISABLED: '1' | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| cache: npm | ||
| - run: npm ci | ||
| - run: npm run lint | ||
| - run: npm run typecheck | ||
| - run: npm run test:run | ||
| - run: npm run build |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Tier 1 hardening: restores an automated PR gate, patches production dependency advisories, and fixes the build so it succeeds without Clerk credentials.
1. PR-time CI gate
Previously the only workflow was
release.yml(tag-triggered); nothing ran lint/test/typecheck/build on PRs, so nothing enforced that the 652 tests pass..github/workflows/ci.yml: runslint → typecheck → test:run → buildon every PR and push tomain.typecheckscript (tsc --noEmit).2. Dependency security (
npm audit fix, non-breaking)Patched the criticals/highs in the production runtime tree (lockfile only, no range changes):
@clerk/nextjs6.36 → 6.39.5 (critical)next16.0 → 16.2.7 (high)fast-xml-parser→ 5.7.3 (critical)Total advisories 38 → 16; the remainder are dev/build-only chains (vitest UI, electron-builder) requiring major bumps, plus a transitive
postcssadvisory bundled insidenextwith no fix available.3. Build fix
release.ymlinjectedpk_test_placeholder(invalid format), which overrode the build script's valid fallback key and broke static prerender of/_not-found.release.yml.ClerkProvidernow falls back to a valid-format demo key whenNEXT_PUBLIC_CLERK_PUBLISHABLE_KEYis unset, sonext buildsucceeds in CI/local builds. Production is unaffected (real key always supplied via env).4. Docs
Corrected the stale "225 tests" → 652 in
CLAUDE.mdandREADME.md.Verification
lint— 0 errorstypecheck— cleantest:run— 652 passedbuild— passes with no Clerk env (fallback works)https://claude.ai/code/session_019tCTyU5MpR5qdcnjV8UHfu
Generated by Claude Code
Summary by CodeRabbit
Release Notes
Documentation
Chores