Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
286 changes: 143 additions & 143 deletions .env.example

Large diffs are not rendered by default.

130 changes: 65 additions & 65 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,65 +1,65 @@
name: CI

on:
push:
branches: [main]
pull_request:
branches: [main]

concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true

jobs:
verify:
name: Typecheck · Lint · Test · Build
runs-on: ubuntu-latest
timeout-minutes: 15

env:
# Build-time placeholders. Real secrets live in Vercel.
# These exist only so `next build` and unit tests don't fail at module-load.
DATABASE_URL: postgres://ci:ci@localhost:5432/ci
BETTER_AUTH_SECRET: ci-only-not-a-real-secret-ci-only-not-a-real-secret
BETTER_AUTH_URL: http://localhost:3000
NEXT_PUBLIC_APP_URL: http://localhost:3000
EMAIL_FROM: ci@example.com
RESEND_API_KEY: re_ci_dummy
RESEND_WEBHOOK_SECRET: whsec_ci_dummy
STRIPE_SECRET_KEY: sk_test_ci_dummy
STRIPE_WEBHOOK_SECRET: whsec_ci_dummy
CRON_SECRET: ci-cron-secret
NEXT_TELEMETRY_DISABLED: "1"

steps:
- uses: actions/checkout@v4

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: npm

- name: Install dependencies
run: npm ci

- name: Typecheck
run: npm run typecheck

- name: Lint
run: npm run lint

- name: Unit tests
run: npm test

- name: Build
run: npm run build

- name: Bundle-size budget
run: npm run bundle:budget

- name: Dependency vulnerability audit
# Non-blocking - flags new high/critical CVEs in dependencies but doesn't
# fail the build (an indirect transitive vuln we can't fix shouldn't block
# unrelated PRs). Track findings in GitHub Security tab and triage weekly.
run: npm audit --audit-level=high || true
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
verify:
name: Typecheck · Lint · Test · Build
runs-on: ubuntu-latest
timeout-minutes: 15
env:
# Build-time placeholders. Real secrets live in Vercel.
# These exist only so `next build` and unit tests don't fail at module-load.
DATABASE_URL: postgres://ci:ci@localhost:5432/ci
BETTER_AUTH_SECRET: ci-only-not-a-real-secret-ci-only-not-a-real-secret
BETTER_AUTH_URL: http://localhost:3000
NEXT_PUBLIC_APP_URL: http://localhost:3000
EMAIL_FROM: ci@example.com
RESEND_API_KEY: re_ci_dummy
RESEND_WEBHOOK_SECRET: whsec_ci_dummy
STRIPE_SECRET_KEY: sk_test_ci_dummy
STRIPE_WEBHOOK_SECRET: whsec_ci_dummy
CRON_SECRET: ci-cron-secret
NEXT_TELEMETRY_DISABLED: "1"
steps:
- uses: actions/checkout@v6
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- name: Install dependencies
run: npm ci
- name: Typecheck
run: npm run typecheck
- name: Lint
run: npm run lint
- name: Unit tests
run: npm test
- name: Build
run: npm run build
- name: Bundle-size budget
run: npm run bundle:budget
- name: Dependency vulnerability audit
# Non-blocking - flags new high/critical CVEs in dependencies but doesn't
# fail the build (an indirect transitive vuln we can't fix shouldn't block
# unrelated PRs). Track findings in GitHub Security tab and triage weekly.
run: npm audit --audit-level=high || true
130 changes: 65 additions & 65 deletions .github/workflows/lighthouse.yml
Original file line number Diff line number Diff line change
@@ -1,65 +1,65 @@
name: Lighthouse

on:
pull_request:
branches: [main]
# Also run nightly against main so we have a baseline to compare PRs against.
schedule:
- cron: "30 2 * * *"

# Non-blocking by design - perf scores are noisy and we don't want flaky
# Lighthouse runs to block merges. Use the GitHub status check + the assertion
# results uploaded to LHCI temp public storage to spot regressions trend-wise.
jobs:
lighthouse:
name: Public-page perf budget
runs-on: ubuntu-latest
timeout-minutes: 12
continue-on-error: true

env:
DATABASE_URL: postgres://ci:ci@localhost:5432/ci
BETTER_AUTH_SECRET: ci-only-not-a-real-secret-ci-only-not-a-real-secret
BETTER_AUTH_URL: http://localhost:3000
NEXT_PUBLIC_APP_URL: http://localhost:3000
EMAIL_FROM: ci@example.com
RESEND_API_KEY: re_ci_dummy
RESEND_WEBHOOK_SECRET: whsec_ci_dummy
STRIPE_SECRET_KEY: sk_test_ci_dummy
STRIPE_WEBHOOK_SECRET: whsec_ci_dummy
CRON_SECRET: ci-cron-secret
NEXT_TELEMETRY_DISABLED: "1"

steps:
- uses: actions/checkout@v4

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: npm

- name: Install dependencies
run: npm ci

- name: Build
run: npm run build

- name: Lighthouse CI
uses: treosh/lighthouse-ci-action@v12
with:
# Limit to public marketing pages - protected pages need auth and
# would either require a synthetic session or always score badly.
urls: |
http://localhost:3000/
http://localhost:3000/pricing
http://localhost:3000/features
http://localhost:3000/about
http://localhost:3000/contact
# Boot Next.js for the run.
runs: 1
# Budget assertions are advisory - regressions land in the PR check
# output but don't fail the workflow (continue-on-error above).
configPath: ./.lighthouserc.json
uploadArtifacts: true
temporaryPublicStorage: true
name: Lighthouse
on:
pull_request:
branches: [main]
# Also run nightly against main so we have a baseline to compare PRs against.
schedule:
- cron: "30 2 * * *"
# Non-blocking by design - perf scores are noisy and we don't want flaky
# Lighthouse runs to block merges. Use the GitHub status check + the assertion
# results uploaded to LHCI temp public storage to spot regressions trend-wise.
jobs:
lighthouse:
name: Public-page perf budget
runs-on: ubuntu-latest
timeout-minutes: 12
continue-on-error: true
env:
DATABASE_URL: postgres://ci:ci@localhost:5432/ci
BETTER_AUTH_SECRET: ci-only-not-a-real-secret-ci-only-not-a-real-secret
BETTER_AUTH_URL: http://localhost:3000
NEXT_PUBLIC_APP_URL: http://localhost:3000
EMAIL_FROM: ci@example.com
RESEND_API_KEY: re_ci_dummy
RESEND_WEBHOOK_SECRET: whsec_ci_dummy
STRIPE_SECRET_KEY: sk_test_ci_dummy
STRIPE_WEBHOOK_SECRET: whsec_ci_dummy
CRON_SECRET: ci-cron-secret
NEXT_TELEMETRY_DISABLED: "1"
steps:
- uses: actions/checkout@v6
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build
- name: Lighthouse CI
uses: treosh/lighthouse-ci-action@v12
with:
# Limit to public marketing pages - protected pages need auth and
# would either require a synthetic session or always score badly.
urls: |
http://localhost:3000/
http://localhost:3000/pricing
http://localhost:3000/features
http://localhost:3000/about
http://localhost:3000/contact
# Boot Next.js for the run.
runs: 1
# Budget assertions are advisory - regressions land in the PR check
# output but don't fail the workflow (continue-on-error above).
configPath: ./.lighthouserc.json
uploadArtifacts: true
temporaryPublicStorage: true
100 changes: 50 additions & 50 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,50 +1,50 @@
# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.

# dependencies
/node_modules
/.pnp
.pnp.*
.yarn/*
!.yarn/patches
!.yarn/plugins
!.yarn/releases
!.yarn/versions

# testing
/coverage

# next.js
/.next/
/out/

# production
/build

# misc
.DS_Store
*.pem

# debug
npm-debug.log*
yarn-debug.log*
yarn-error.log*
.pnpm-debug.log*

# env files (can opt-in for committing if needed)
.env

# vercel
.vercel

# typescript
*.tsbuildinfo
next-env.d.ts

/docs
/.claudetests/e2e/.auth-state.json

/test-results
/playwright-report
/.claude
# Sentry Config File
.env.sentry-build-plugin
# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
# dependencies
/node_modules
/.pnp
.pnp.*
.yarn/*
!.yarn/patches
!.yarn/plugins
!.yarn/releases
!.yarn/versions
# testing
/coverage
# next.js
/.next/
/out/
# production
/build
# misc
.DS_Store
*.pem
# debug
npm-debug.log*
yarn-debug.log*
yarn-error.log*
.pnpm-debug.log*
# env files (can opt-in for committing if needed)
# vercel
.vercel
# typescript
*.tsbuildinfo
next-env.d.ts
/docs
/.claudetests/e2e/.auth-state.json
/test-results
/playwright-report
/.claude
# Sentry Config File
.env.sentry-build-plugin
config.bat
Loading