Skip to content

Add CI/CD enhancements: TypeScript checks, security scanning, and Dependabot#7

Open
abhishyantkhare wants to merge 1 commit intomainfrom
cofounder/ci-cd-enhancements
Open

Add CI/CD enhancements: TypeScript checks, security scanning, and Dependabot#7
abhishyantkhare wants to merge 1 commit intomainfrom
cofounder/ci-cd-enhancements

Conversation

@abhishyantkhare
Copy link
Copy Markdown

@abhishyantkhare abhishyantkhare commented Feb 4, 2026

Original Task

Set up comprehensive CI/CD and documentation. Detect the project type, add missing CI checks (ESLint, tests, linting), and generate CLAUDE.md and AGENTS.md files with coding standards and guidelines.

Changes

Files Created

  • .github/workflows/typecheck.yml - TypeScript type-checking workflow

    • Runs on push to main and PRs
    • Uses yarn nx affected -t test:types to check affected packages
    • Follows existing CI patterns with Nx caching and Slack notifications
    • Only runs when TypeScript/TSX files or tsconfig files change

  • .github/workflows/security.yml - Security scanning workflow

    • CodeQL analysis for JavaScript/TypeScript with security-extended queries
    • Dependency audit using yarn audit checking for critical vulnerabilities
    • Runs on push, PRs, and weekly scheduled scans (Mondays 9:00 UTC)
    • Matches existing workflow patterns with Slack failure notifications

  • .github/dependabot.yml - Dependabot configuration

    • Weekly npm dependency updates with grouped production/development dependencies
    • Weekly GitHub Actions updates
    • Ignores major version updates (require manual review)
    • Adds appropriate labels and commit prefixes

Files Modified

  • .gitignore - Enhanced with security patterns
    • Added *.pem for private key files
    • Added secrets/ directory
    • Added .env.local and .env.*.local patterns

Reviewed (No Changes Needed)

  • CLAUDE.md / AGENTS.md - Already comprehensive with:
    • Project architecture overview
    • All important dev commands
    • Code style guidelines
    • Testing requirements and patterns
    • Common pitfalls and troubleshooting
    • File structure documentation

Implementation Notes

  • All new workflows follow the existing patterns in ci.yml:

    • Same Node.js version (22.18.0)
    • Same caching strategies (Nx cache, dependency cache)
    • Same Slack notification pattern for main branch failures
    • Same concurrency groups to prevent duplicate runs

  • TypeScript checking uses test:types target which maps to tsc --noEmit in packages that have it configured

  • Security workflow runs CodeQL as a separate job from dependency audit to allow parallel execution and separate failure tracking

@abhishyantkhare
Added CI/CD enhancements: TypeScript checks, security scanning, Depen…
93ffca2 
…dabot

- Added .github/workflows/typecheck.yml for TypeScript type checking on affected packages
- Added .github/workflows/security.yml with CodeQL analysis and dependency auditing
- Added .github/dependabot.yml for automated dependency updates (npm + GitHub Actions)
- Enhanced .gitignore with additional security patterns (*.pem, secrets/, .env.local)

Follows existing CI workflow patterns with Nx caching and Slack notifications
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abhishyantkhare