ci: split backend/frontend pipelines, pin SDK, dedupe test load#1250
Merged
Conversation
chore(docker): remove redundant root docker-compose.yml Local dev is covered by Aspire (FSH.Starter.AppHost) and production by deploy/docker/docker-compose.yml. The root quick-run compose duplicated infra config with no unique role; nothing references it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> @
Audit-driven fixes across the operator console. No backend or BuildingBlocks changes; all verified (tsc clean, eslint 2 errors -> 0, build OK, Playwright 93/93). Build-red + real bugs: - fix 2 lint errors: drop the unused `grant` prop on RowActions (active-grants-card) and the dangling `react/no-danger` disable directive that referenced an uninstalled rule (security). - App.tsx: wrap RouterProvider in a top-level Suspense so the public lazy routes (login, password reset, confirm-email) have a boundary on cold chunk fetch instead of throwing. Accessibility (admin had no eslint-plugin-jsx-a11y — now added): - Field primitive now threads aria-describedby + aria-invalid to its control, so every RHF form announces hints/errors (one fix, all forms). - notification-bell: drop the focusable aria-hidden click-away (tabIndex=-1), remove the invalid role="menu", add Escape-to-close, and stop redefining a component inside render. - skip-to-content link + <main id> landmark in AppShell. - accessible names on unlabelled search/filter inputs (users, audits x3, impersonate) and the icon-only webhook delete button. - Segmented toggle gets role="group" + aria-pressed; impersonation details disclosure gets aria-expanded. - role="alert" on login/users/tenants inline errors; role="status" on loaders; reduced-motion now also stops Tailwind's animate-spin. Performance: - impersonation list: collapse two overlapping 5s take:200 polls into one fetch + client-side filtering/counts. - notification-bell: coalesce the per-event invalidation burst. - security: lazy-import the ~50KB qrcode lib only at 2FA enrollment. Correctness: - sessions revoke: track in-flight ids in a Set so concurrent revokes don't clear each other's busy state (user-sessions-card + settings). - invoices row: real <button> inside the <li> instead of a noninteractive <li role="button">. - mobile-nav: capture the trigger node in the effect (ref-in-cleanup). Tooling: add eslint-plugin-jsx-a11y (recommended) with no-autofocus off and label-has-associated-control depth:3; lint passes clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ci: split backend/frontend pipelines, pin SDK, dedupe test load Replace the monolithic ci.yml with path-scoped backend.yml + frontend.yml so a client-only change never builds/tests the API and vice versa. - backend.yml: unit + integration each run ONCE with coverage collection; the coverage job now merges those reports instead of re-running the whole solution (the old double-run was the bulk of the load). Vuln scan gates on direct vulnerable packages. Drops the fragile bin/obj artifact hand-off. - frontend.yml: lint + tsc/vite build + Playwright E2E, matrixed over admin and dashboard (Node 22, npm-cached) — the frontend had no CI before. - global.json pins the .NET 10 GA SDK; all workflows use global-json-file and drop dotnet-quality: preview. Excluded from the template so scaffolded consumer projects are unaffected. - Always-running "Backend CI" / "Frontend CI" gate jobs report green when their side is skipped, so required status checks resolve on cross-cutting PRs. NOTE: branch protection must require the new "Backend CI"/"Frontend CI" checks. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> @
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
@
Brings the new CI pipeline onto main.
client-only change never builds/tests the API and vice versa.
instead of re-running the whole solution.
Both pipelines verified green on this branch.
🤖 Generated with Claude Code
@