This directory contains CI/CD workflows for the TuvixRSS project.
feature branch → development branch → main branch
Triggers: Pull requests targeting the development branch
Jobs:
- Lint & Format Check
- Type Check
- Test API
- Test App
- Build
Purpose: Validate code quality and ensure builds succeed before merging to development.
Triggers: Pull requests targeting the main branch
Jobs:
- Lint & Format Check
- Type Check
- Test API (with coverage upload)
- Test App (with coverage upload)
- Build (with artifact upload)
Purpose: Comprehensive validation before merging to main, including test coverage tracking.
Triggers:
- Pull requests affecting
packages/tricorder/** - Pushes to
mainordevelopmentaffecting tricorder - Manual workflow dispatch
Jobs:
- Lint Tricorder
- Format Check Tricorder
- Type Check Tricorder
- Test Tricorder (with coverage upload)
- Build Tricorder
Purpose: Independent CI for the tricorder package. Only runs when tricorder-related files change to optimize CI performance.
Path Filtering: This workflow uses GitHub's paths filter to only run when:
- Files in
packages/tricorder/are modified - The workflow file itself is modified
- Shared actions are modified
Triggers:
- Tags matching
tricorder-v*.*.*(e.g.,tricorder-v1.0.1) - Manual workflow dispatch with version input
Jobs:
- Verify: Lint, format, type-check, test, and build tricorder
- Publish: Publish to NPM registry and create GitHub release
Purpose: Automated publishing of @tuvixrss/tricorder package to NPM.
Safety Features:
- Version validation (tag must match package.json)
- Duplicate check (won't republish existing versions)
- Dry-run mode for testing
- Package contents verification
- Automatic GitHub release creation with changelog
Triggers:
- Published releases
- Manual workflow dispatch
Jobs:
- Deploy API to Cloudflare Workers
- Deploy App to Cloudflare Pages
- Run database migrations
- Notify deployment status
Purpose: Automated deployment to production on releases.
Configure these secrets in your GitHub repository settings:
NPM_TOKEN- NPM authentication token for publishing packages
How to Get NPM Token:
- Log in to npmjs.com
- Click your profile → "Access Tokens"
- Click "Generate New Token" → Choose "Automation" type
- Copy the token
- Add to GitHub: Settings → Secrets and variables → Actions → New repository secret
- Name:
NPM_TOKEN, Value: (paste token)
NPM Scope Setup:
- If using
@tuvixrss/tricorder: Create organization at https://www.npmjs.com/org/create - If using
@techsquidtv/tricorder: No setup needed (uses your username automatically) - Ensure your token has publish permissions for the scope
CLOUDFLARE_API_TOKEN- Cloudflare API token with Workers and Pages permissionsCLOUDFLARE_ACCOUNT_ID- Your Cloudflare account IDD1_DATABASE_ID- Your D1 database ID (fromwrangler d1 create tuvix)CLOUDFLARE_WORKER_NAME- Name of your Cloudflare Worker (e.g.,tuvix-api)CLOUDFLARE_PAGES_PROJECT_NAME- Name of your Cloudflare Pages projectVITE_API_URL- API URL for the frontend build (e.g.,https://api.yourdomain.com/trpc)
-
API Token:
- Go to Cloudflare Dashboard → My Profile → API Tokens
- Create token with permissions:
Account.Cloudflare Workers:Edit,Account.Cloudflare Pages:Edit - Copy the token
-
Account ID:
- Found in Cloudflare Dashboard → Right sidebar under "Account ID"
-
D1 Database ID:
- Run
npx wrangler d1 create tuvixlocally - Copy the
database_idfrom the output - Go to GitHub repository → Settings → Secrets and variables → Actions
- Click the "Secrets" tab (not "Variables" - we use Secrets for sensitive data)
- Click "New repository secret"
- Name:
D1_DATABASE_ID(must match exactly - this is used by the workflow) - Value: Paste your database ID
- Click "Add secret"
- The workflow reads this secret (via
${{ secrets.D1_DATABASE_ID }}) and sets it as an environment variable for the deployment step
- Run
-
Worker Name:
- Check
packages/api/wrangler.toml→namefield
- Check
-
Pages Project Name:
- Create a Pages project in Cloudflare Dashboard or use existing name
- Create a feature branch from
development - Make changes and push
- Create a PR targeting
development - CI runs automatically on PR open/update
- Merge feature branch to
development - Create a PR from
developmenttomain - CI runs automatically with coverage tracking
- Once merged, code is on
mainand ready for release
The tricorder package is published independently from the main TuvixRSS application.
- Update
packages/tricorder/CHANGELOG.mdwith changes - Bump version in
packages/tricorder/package.json:cd packages/tricorder npm version patch # or minor/major
- Commit changes:
git add . git commit -m "chore(tricorder): release v1.0.1"
- Create and push tag:
git tag tricorder-v1.0.1 git push origin main --tags
- Workflow automatically runs and publishes to NPM
- Go to Actions → Publish Tricorder Package
- Click "Run workflow"
- Enter version (e.g.,
1.0.1) - Optionally enable "Dry run" to test without publishing
- Click "Run workflow"
- CHANGELOG.md updated with changes
- Version bumped in package.json
- All tests passing locally (
pnpm --filter @tuvixrss/tricorder test) - Build successful (
pnpm --filter @tuvixrss/tricorder build) - NPM_TOKEN secret configured in GitHub
- NPM scope ownership confirmed (@tuvix or @techsquidtv)
- GitHub release is automatically created with changelog
- Verify package on NPM: https://www.npmjs.com/package/@tuvixrss/tricorder
- Update API package if needed to use new version
- Update browser extension to use new version
- Patch (1.0.x): Bug fixes, no breaking changes
- Minor (1.x.0): New features, backward compatible
- Major (x.0.0): Breaking API changes
Examples:
- Fixed error handling bug →
1.0.1 - Added YouTube discovery service →
1.1.0 - Changed telemetry interface →
2.0.0
- Create a new release in GitHub (tagged version, e.g.,
v1.0.0) - Workflow automatically deploys to Cloudflare
- Go to Actions → Deploy to Cloudflare Workers
- Click "Run workflow"
- Enter version tag (e.g.,
v1.0.0) - Click "Run workflow"
- Parallel Jobs: All CI jobs run in parallel for faster feedback
- Concurrency Control: Duplicate workflow runs are cancelled automatically
- Caching: pnpm and Node.js dependencies are cached
- Artifacts: Build artifacts and coverage reports are uploaded
- Coverage Reporting: Coverage is uploaded to GitHub and displayed in PRs
- Environment Protection: Production deployment uses GitHub environments
- Database Migrations: Automatically runs D1 migrations after successful deployment
- Status Notifications: Deployment summary in GitHub Actions
- Release Tag Checkout: Deployment workflow checks out the specific release tag
- Run
pnpm run lint:fixandpnpm run format:fixlocally - Commit and push fixes
- Check Cloudflare API token permissions
- Verify account ID is correct
- Ensure Worker and Pages projects exist
- Check Cloudflare dashboard for error details
- Run tests locally:
pnpm run test - Check test output for specific failures
- Ensure all dependencies are installed
- Coverage is generated automatically during test runs
- Check that
coverage/lcov.infofiles exist in package directories - Coverage reports appear in PR comments automatically
- View detailed coverage reports in the Actions artifacts
Edit the appropriate workflow file and add a new job:
new-check:
name: New Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
# ... your stepsUpdate the env section in workflow files or individual job steps.
Add additional deployment targets or steps in deploy-cloudflare.yml.
To ensure CI checks are enforced, configure branch protection rules:
- Go to Settings → Branches → Add rule
- Branch name pattern:
development - Enable:
- ✅ Require a pull request before merging
- ✅ Require status checks to pass before merging
- ✅ Require branches to be up to date before merging
- Required status checks:
lint-and-formattype-checktest-apitest-appbuild
- Go to Settings → Branches → Add rule
- Branch name pattern:
main - Enable:
- ✅ Require a pull request before merging
- ✅ Require status checks to pass before merging
- ✅ Require branches to be up to date before merging
- ✅ Require review from code owners (optional)
- Required status checks:
lint-and-formattype-checktest-apitest-appbuild
Dependabot is configured to:
- Check for updates monthly
- Group production and development dependencies separately
- Create PRs with appropriate labels
- Use conventional commit messages
PRs created by Dependabot will automatically trigger CI workflows.
Coverage is automatically generated and reported in several ways:
- Coverage comments are automatically posted to PRs showing:
- Overall coverage percentage
- Coverage changes (increase/decrease)
- Coverage by package (API vs App)
- Coverage diff shows what changed in the PR
- Full HTML coverage reports are uploaded as artifacts
- Download from Actions → Workflow run → Artifacts
- View detailed line-by-line coverage in your browser
Coverage is generated in multiple formats:
lcov.info- Used for GitHub integrationcoverage-final.json- JSON format for mergingindex.html- HTML report (in artifacts)
# Generate coverage for both packages
pnpm run test:coverage
# View merged coverage report
open coverage/index.html- App: 60% minimum (lines, branches, functions, statements)
- API: Currently no thresholds (aspirational - will increase over time)
Coverage reporting uses Codecov's GitHub Action, which works automatically for public repositories. For private repositories, you may need to add a CODECOV_TOKEN secret.