simon/svelte-5-static-shadcn-template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: ci
Some checks failed
CI / test (push) Failing after 22s
Details
CI / security (push) Failing after 26s
Details
CI / docker-build (push) Has been skipped
Details

Browse Source
This commit is contained in:
Simon Malm
2025-08-14 14:35:24 +02:00
parent 788d500821
commit b21f334701
11 changed files with 181 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
.github/renovate.json vendored Normal file
View File

@@ -0,0 +1,70 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:recommended"],
"schedule": ["before 6am on monday"],
"timezone": "UTC",
"labels": ["dependencies"],
"assigneesFromCodeOwners": true,
"reviewersFromCodeOwners": true,
"lockFileMaintenance": {
"enabled": true,
"schedule": ["before 6am on monday"]
},
"packageRules": [
{
"matchPackageNames": ["svelte", "@sveltejs/kit", "@sveltejs/adapter-static"],
"groupName": "svelte core",
"schedule": ["before 6am on monday"],
"minimumReleaseAge": "3 days"
},
{
"matchPackageNames": ["tailwindcss", "@tailwindcss/vite"],
"groupName": "tailwind",
"schedule": ["before 6am on monday"]
},
{
"matchPackageNames": [
"shadcn-svelte",
"@lucide/svelte",
"clsx",
"tailwind-merge",
"tailwind-variants"
],
"groupName": "shadcn ecosystem",
"schedule": ["before 6am on monday"]
},
{
"matchPackageNames": ["vitest", "@vitest/browser", "playwright", "@playwright/test"],
"groupName": "testing tools",
"schedule": ["before 6am on monday"]
},
{
"matchPackageNames": ["eslint", "prettier", "typescript"],
"groupName": "dev tools",
"schedule": ["before 6am on monday"]
},
{
"matchPackageNames": ["vite"],
"groupName": "build tools",
"schedule": ["before 6am on monday"]
},
{
"matchDepTypes": ["devDependencies"],
"automerge": true,
"automergeType": "pr",
"requiredStatusChecks": null,
"matchUpdateTypes": ["patch", "minor"]
}
],
"vulnerabilityAlerts": {
"enabled": true,
"schedule": ["at any time"],
"dependencyDashboardApproval": false
},
"dependencyDashboard": true,
"dependencyDashboardTitle": "🤖 Dependency Dashboard",
"dependencyDashboardLabels": ["dependencies"],
"prHourlyLimit": 3,
"prConcurrentLimit": 5,
"gitignore": ["node_modules/", ".svelte-kit/", "build/", "dist/"]
}

148
.github/workflows/ci.yml vendored
View File

@@ -10,10 +10,6 @@ jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20, 22]
steps:
- name: Checkout code
uses: actions/checkout@v4
@@ -23,85 +19,22 @@ jobs:
with:
bun-version: '1.2.20'
- name: Verify Bun installation
run: bun --version
- name: Cache dependencies
uses: actions/cache@v4
- name: Setup Nushell
uses: hustcer/setup-nu@v3
with:
path: |
~/.bun/install/cache
node_modules
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-
version: '0.99'
- name: Setup Just
uses: extractions/setup-just@v2
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Run linting
run: bun run lint
- name: Run type checking
run: bun run check
- name: Run unit tests
run: bun run test:unit --run
run: just install
- name: Install Playwright browsers
run: bunx playwright install --with-deps
run: just install-browsers
- name: Run E2E tests
run: bun run test:e2e
- name: Upload test results
uses: actions/upload-artifact@v4
if: failure()
with:
name: test-results-${{ matrix.node-version }}
path: |
test-results/
playwright-report/
retention-days: 30
build:
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: '1.2.20'
- name: Verify Bun installation
run: bun --version
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
node_modules
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Build application
run: bun run build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-files
path: build/
retention-days: 7
- name: Run CI pipeline
run: just ci
security:
runs-on: ubuntu-latest
@@ -115,20 +48,63 @@ jobs:
with:
bun-version: '1.2.20'
- name: Verify Bun installation
run: bun --version
- name: Setup Nushell
uses: hustcer/setup-nu@v3
with:
version: '0.99'
- name: Setup Just
uses: extractions/setup-just@v2
- name: Install dependencies
run: bun install --frozen-lockfile
run: just install
- name: Run security audit
run: bun audit
run: just audit
continue-on-error: true
- name: Run CodeQL Analysis
uses: github/codeql-action/init@v3
- name: Run Semgrep security scan
uses: semgrep/semgrep-action@v1
with:
languages: javascript
config: >-
p/security-audit
p/secrets
p/owasp-top-ten
p/javascript
p/typescript
generateSarif: '1'
# Token only needed for Semgrep Cloud features (optional)
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
continue-on-error: true
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
docker-build:
runs-on: ubuntu-latest
needs: [test, security]
if: github.ref == 'refs/heads/master'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Container Registry
uses: docker/login-action@v2
with:
registry: ${{ vars.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_REPOSITORY }}:latest
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_REPOSITORY }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max

99
.github/workflows/deploy.yml vendored
View File

@@ -1,99 +0,0 @@
name: Deploy
on:
push:
branches: [master]
workflow_dispatch:
jobs:
build-and-deploy:
runs-on: ubuntu-latest
permissions:
contents: read
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: '1.2.20'
- name: Verify Bun installation
run: bun --version
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
node_modules
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Build application
run: bun run build
- name: Setup Pages
uses: actions/configure-pages@v5
- name: Upload to GitHub Pages
uses: actions/upload-pages-artifact@v3
with:
path: build/
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
docker-build:
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

72
.github/workflows/gitea-ci.yml vendored
View File

@@ -1,72 +0,0 @@
name: Gitea CI
on:
push:
branches: [master, develop]
pull_request:
branches: [master, develop]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: '1.2.20'
- name: Verify Bun installation
run: bun --version
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Run linting
run: bun run lint
- name: Run type checking
run: bun run check
- name: Run unit tests
run: bun run test:unit --run
- name: Install Playwright browsers
run: bunx playwright install --with-deps
- name: Run E2E tests
run: bun run test:e2e
docker-build:
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/master'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Container Registry
uses: docker/login-action@v2
with:
registry: ${{ vars.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_REPOSITORY }}:latest
${{ vars.DOCKER_REGISTRY }}/${{ vars.DOCKER_REPOSITORY }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max