Skip to content

ci: enforce full pipeline as required checks for PR merge#134

Merged
FSM1 merged 2 commits into
mainfrom
fix/ci-pipeline-required-checks
Feb 17, 2026
Merged

ci: enforce full pipeline as required checks for PR merge#134
FSM1 merged 2 commits into
mainfrom
fix/ci-pipeline-required-checks

Conversation

@FSM1

@FSM1 FSM1 commented Feb 17, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add Typecheck job to CI workflow (pnpm typecheck — runs tsc --noEmit on crypto + web packages)
  • Restructure CI dependency chain: lint + typecheck (parallel) -> test (needs lint+typecheck) -> build (needs all)
  • Remove continue-on-error: true from E2E workflow — was a leftover from Phase 12.3.1/12.4 auth rework, no longer needed
  • Update branch protection to require all 7 checks: Lint, Typecheck, Verify API Spec & Client, Test, Build, E2E Tests, lint-pr-title
  • Also set strict: true so PRs must be up-to-date with main before merging

Before

Only "Build" was required. PRs could merge with failing tests, failing E2E, and no type checking.

After

lint ──────┐
typecheck ─┤──> test ──> build
api-spec ──┘              │
                          └──> all required
e2e ─────────────────────────> required
lint-pr-title ───────────────> required

Every check must pass before the merge button is enabled.

Test plan

  • Push this PR and verify all 7 checks appear in the PR checks list
  • Verify merge is blocked until all checks pass
  • Verify typecheck catches real type errors (tested locally — catches stale v2 types)

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores

    • Added TypeScript type checking as a required CI step and added a project script to run it.
    • Updated build and test pipelines to require successful lint and typecheck before proceeding.
  • Tests

    • End-to-end workflow now fails immediately on errors instead of continuing after failures.

- Add Typecheck job to CI (pnpm typecheck: crypto + web)
- Restructure CI dependency chain: lint + typecheck -> test -> build
- Remove continue-on-error from E2E workflow (was a leftover from
  Phase 12.3.1/12.4 auth rework)
- Update branch protection to require all 7 checks: Lint, Typecheck,
  Verify API Spec & Client, Test, Build, E2E Tests, lint-pr-title
- Previously only "Build" was required, allowing PRs to merge with
  failing tests or E2E

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Feb 17, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉


Walkthrough

Adds a typecheck job to CI that runs workspace TypeScript checks and wires it into test/build job dependencies; adjusts CI job dependency graph. Removes continue-on-error: true from the e2e workflow. Adds a typecheck npm script invoking filtered pnpm build/tsc commands.

Changes

Cohort / File(s) Summary
CI workflow
.github/workflows/ci.yml
Added typecheck job (checkout, pnpm setup, Node setup, deps install, run typechecker). Updated test job needs to include typecheck. Updated build job needs to include typecheck (and existing lint, api-spec, test). api-spec unchanged aside from dependency chain adjustments.
E2E workflow
.github/workflows/e2e.yml
Removed continue-on-error: true from the e2e job so failures now fail the job.
Package config
package.json
Added typecheck npm script that runs pnpm --filter @cipherbox/crypto build and pnpm --filter @cipherbox/web exec tsc -b (workspace filtered TypeScript build/check steps).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately captures the main objective: enforcing the full CI pipeline as required checks for PR merges, which aligns with the primary changes across CI workflow files and branch protection rules.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection ✅ Passed ✅ No merge conflicts detected when merging into main

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/ci-pipeline-required-checks

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

tsc --noEmit validates but produces no output, so web's tsc -b
couldn't resolve @cipherbox/crypto types. Build crypto first to
emit dist/index.d.ts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/ci.yml (1)

186-188: Nit: lint and typecheck in needs are redundant since test already depends on them.

This is purely cosmetic — GitHub Actions resolves transitive dependencies — but removing them would reduce maintenance surface if the upstream graph changes. Totally fine to keep for explicitness.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 186 - 188, The workflow's build job
lists redundant dependencies—remove "lint" and "typecheck" from the build job's
needs array (the job named build with needs: [...]) so it only depends on the
upstream jobs that are not already transitively required (e.g., keep "api-spec"
and "test"); update the needs field in the build job to exclude "lint" and
"typecheck".
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 186-188: The workflow's build job lists redundant
dependencies—remove "lint" and "typecheck" from the build job's needs array (the
job named build with needs: [...]) so it only depends on the upstream jobs that
are not already transitively required (e.g., keep "api-spec" and "test"); update
the needs field in the build job to exclude "lint" and "typecheck".

@FSM1 FSM1 enabled auto-merge (squash) February 17, 2026 01:21
@FSM1 FSM1 merged commit e620074 into main Feb 17, 2026
10 checks passed
@FSM1 FSM1 deleted the fix/ci-pipeline-required-checks branch February 21, 2026 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant