frckbrice · frckbrice · Jan 20, 2026 · Jan 20, 2026 · Jan 20, 2026 · Jan 20, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,43 @@
+# Dependabot Configuration
+# 
+# This file configures Dependabot to automatically check for and create PRs
+# for dependency updates. It helps keep your project dependencies secure and up-to-date.
+#
+# Dependabot will:
+# - Check for updates daily
+# - Create PRs for security updates immediately
+# - Group related updates together
+# - Use the same package manager (pnpm) as your project
+
+version: 2
+updates:
+  # Enable version updates for npm/pnpm packages
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily" # Check for updates daily
+      time: "04:00" # At 4 AM UTC
+    open-pull-requests-limit: 10 # Maximum number of open PRs
+    reviewers:
+      - "frckbrice" # Add your GitHub username here
+    labels:
+      - "dependencies"
+      - "automated"
+    # Group updates by dependency type
+    groups:
+      production-dependencies:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+    # Ignore specific packages if needed
+    ignore:
+      # Example: Ignore major version updates for a specific package
+      # - dependency-name: "package-name"
+      #   update-types: ["version-update:semver-major"]
+
+    # Commit message preferences
+    commit-message:
+      prefix: "chore"
+      include: "scope"
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,52 @@
+# Pull Request
+
+## Description
+<!-- Provide a brief description of what this PR does -->
+
+## Type of Change
+<!-- Mark the relevant option with an 'x' -->
+- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
+- [ ] ✨ New feature (non-breaking change which adds functionality)
+- [ ] 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] 📚 Documentation update
+- [ ] 🎨 Code style/formatting changes
+- [ ] ♻️ Code refactoring
+- [ ] ⚡ Performance improvement
+- [ ] ✅ Test updates
+- [ ] 🔧 Build/config changes
+
+## Related Issues
+<!-- Link to related issues using #issue_number -->
+Closes #
+Related to #
+
+## Changes Made
+<!-- List the main changes in this PR -->
+- 
+- 
+- 
+
+## Testing
+<!-- Describe how you tested your changes -->
+- [ ] Unit tests pass
+- [ ] Integration tests pass
+- [ ] Manual testing completed
+- [ ] Type checking passes
+- [ ] Linting passes
+
+## Checklist
+<!-- Mark completed items with an 'x' -->
+- [ ] My code follows the project's style guidelines
+- [ ] I have performed a self-review of my code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have updated the documentation accordingly
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published
+
+## Screenshots (if applicable)
+<!-- Add screenshots to help explain your changes -->
+
+## Additional Notes
+<!-- Any additional information that reviewers should know -->
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,123 @@
+# Continuous Integration Workflow
+# 
+# This workflow runs on every push and pull request to ensure code quality.
+# It performs the following checks:
+# 1. Type checking (TypeScript compilation without emitting files)
+# 2. Linting (ESLint)
+# 3. Testing (Jest)
+# 4. Building (TypeScript compilation)
+#
+# The workflow uses pnpm as the package manager and supports multiple Node.js versions.
+
+name: CI
+
+# Trigger the workflow on push and pull requests
+on:
+  push:
+    branches:
+      - main
+      - develop
+      - 'feature/**'
+      - 'fix/**'
+      - 'hotfix/**'
+      - 'release/**'
+  pull_request:
+    branches:
+      - main
+      - develop
+
+# Allow only one concurrent workflow per branch
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # Main CI job that runs all checks
+  ci:
+    name: CI Checks
+    runs-on: ubuntu-latest
+
+    # Strategy to test against multiple Node.js versions
+    strategy:
+      matrix:
+        node-version: [20.x, 22.x]
+      fail-fast: false
+
+    steps:
+      # Checkout the repository code
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Setup pnpm package manager
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 8
+
+      # Setup Node.js with the version from matrix
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'pnpm'
+
+      # Install dependencies
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      # Run TypeScript type checking
+      - name: Type check
+        run: pnpm check
+
+      # Run ESLint to check code quality
+      - name: Lint
+        run: pnpm lint
+        continue-on-error: false
+
+      # Run tests with Jest
+      - name: Test
+        run: pnpm test
+        env:
+          NODE_ENV: test
+
+      # Build the TypeScript project
+      - name: Build
+        run: pnpm build
+
+      # Upload test coverage reports (optional, for coverage visualization)
+      - name: Upload coverage reports
+        if: matrix.node-version == '20.x'
+        uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage/lcov.info
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false
+
+  # Separate job for security checks (dependencies vulnerability scanning)
+  security:
+    name: Security Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 8
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      # Run pnpm audit to check for known vulnerabilities
+      - name: Run security audit
+        run: pnpm audit --audit-level=moderate
+        continue-on-error: true
diff --git a/.github/workflows/database.yml b/.github/workflows/database.yml
@@ -0,0 +1,69 @@
+# Database Migration Workflow
+# 
+# This workflow handles database migrations and schema checks.
+# It can be used to:
+# - Validate database schema changes
+# - Run migrations in a test environment
+# - Generate migration files
+#
+# Note: This workflow requires database credentials to be set as GitHub secrets.
+# Required secrets:
+# - DATABASE_URL: PostgreSQL connection string
+
+name: Database
+
+# Trigger manually or on specific file changes
+on:
+  workflow_dispatch: # Allows manual triggering
+  push:
+    branches:
+      - main
+      - develop
+    paths:
+      - 'config/database/**'
+      - 'drizzle/**'
+      - 'drizzle.config.ts'
+
+jobs:
+  # Validate database schema
+  validate-schema:
+    name: Validate Schema
+    runs-on: ubuntu-latest
+
+    # Skip if database URL is not available
+    if: ${{ secrets.DATABASE_URL != '' }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 8
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      # Generate migration files to check for schema changes
+      - name: Generate migrations
+        run: pnpm db:generate
+        env:
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+
+      # Check if there are uncommitted migration files
+      - name: Check for uncommitted migrations
+        run: |
+          if [ -n "$(git status --porcelain drizzle/)" ]; then
+            echo "⚠️ Uncommitted migration files detected!"
+            git status
+            exit 1
+          else
+            echo "✅ All migrations are committed"
+          fi
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,57 @@
+# Dependabot Auto-Merge Workflow
+# 
+# This workflow automatically merges Dependabot PRs that pass all CI checks.
+# It helps keep dependencies up-to-date with minimal manual intervention.
+#
+# Requirements:
+# - Dependabot must be enabled in repository settings
+# - Branch protection rules should allow auto-merge
+
+name: Dependabot Auto-Merge
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  # Auto-merge Dependabot PRs that pass CI
+  auto-merge:
+    name: Auto-merge Dependabot PRs
+    runs-on: ubuntu-latest
+
+    # Only run for Dependabot PRs
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+      - name: Wait for CI to complete
+        uses: lewagon/wait-on-check-action@v1.3.4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          check-regexp: '^CI'
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 10
+          allowed-conclusions: success,neutral
+
+      # Approve the PR
+      - name: Approve PR
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+              event: 'APPROVE'
+            })
+
+      # Enable auto-merge
+      - name: Enable auto-merge
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.pulls.merge({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+              merge_method: 'squash'
+            })