Skip to content

Add CI: GitHub Actions matrix (lint + typecheck + build) over all sample apps #71

Description

@jhamon

Theme: Testing + CI Foundation (the safety net) — HIGH PRIORITY

Problem

There is no CI whatsoever in this repo (.github/workflows/ does not exist — verified). Nothing gates pushes or PRs: lint, type errors, and build breaks all land silently. This is a monorepo of four independent sample apps with heterogeneous stacks and package managers, so a single top-level build won't cover them. Without CI there is no safety net for the dependency and SDK upgrades tracked in the sibling issues.

App inventory (each is self-contained with its own manifest/lockfile):

App Stack Package manager Build
legal-semantic-search Next.js 15 + LangChain + Pinecone JS v4 npm (package-lock.json) next build
namespace-notes/client Next.js 15 + next-auth beta npm next build
namespace-notes/server Express / Node + TypeScript (tsc) + Pinecone JS v2 npm tsc
pinecone-assistant Next.js 15 pnpm (pnpm-lock.yaml) next build
shop-the-look Next.js 15 frontend + FastAPI (Python) backend npm + pip (requirements.txt) next build + Python import check

Proposed fix

Add .github/workflows/ci.yml triggered on push and pull_request, with a matrix over the app subdirectories. Because package managers differ, drive the matrix on { app, package-manager, node-version } and set the working-directory per job.

For each JS/TS app, run in its subdir:

  • install (respecting the app's lockfile: npm ci, or pnpm install --frozen-lockfile for pinecone-assistant)
  • lint (each app defines next lint / eslint; namespace-notes/server uses eslint-config-standard-with-typescript)
  • typecheck (tsc --noEmit; the server already compiles via tsc)
  • production build (next build; tsc for the server) — this is the build smoke test that catches bundling/packaging breaks a type check misses

Add a separate Python job for shop-the-look:

  • pip install -r requirements.txt
  • import/compile smoke (python -c "import api.index" or python -m compileall api) and ruff/flake8 if adopted

Additional requirements:

  • Least-privilege token: set permissions: contents: read at the workflow top level (Theme 5 — no workflow tokens exist yet, so establish the default now).
  • Cache dependencies per package manager (actions/setup-node cache for npm/pnpm; actions/setup-python pip cache).
  • Use fail-fast: false so one app's failure doesn't mask the others.
  • Pin action versions and the Node/Python runtimes actually used by the apps.

Note: a separate CI PR will be opened to close this issue.

Acceptance criteria

  • Workflow runs on push + PR and is green on the current tree (or surfaces real pre-existing breakage to be fixed).
  • Every app subdir is covered by lint + typecheck + build; shop-the-look Python backend has an install + import smoke job.
  • Each job installs from the app's own lockfile with the correct package manager (npm vs pnpm vs pip).
  • GITHUB_TOKEN scoped to least privilege at workflow level.
  • Dependency caching enabled.

Blast radius

safe — additive; introduces no runtime changes. May surface latent lint/type/build failures, which should be fixed or annotated as part of the CI PR.

Dependencies

None — this is the prerequisite safety net for the dependency-major and SDK-upgrade issues in this sweep.

Metadata

Metadata

Assignees

Labels

maintenanceRepo maintenance sweep

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions