This document describes the CI/CD pipelines for the monorepo using GitHub Actions.
.github/workflows/
├── ci.yml # Main CI pipeline
├── deploy-extensions.yml # Extension publishing
├── deploy-cloudflare.yml # Cloudflare Workers
├── deploy-vercel.yml # Vercel deployment
├── deploy-website.yml # GitHub Pages
└── release.yml # Release automation
- Push to
main,develop - Pull requests to
main,develop - Manual dispatch
jobs:
lint:
- Run ESLint
- Run Prettier check
- Check TypeScript
build:
- Install dependencies (pnpm)
- Build all packages (Turbo)
- Cache build artifacts
test:
- Run unit tests
- Run integration tests
- Generate coverage report
- Upload to Codecov
type-check:
- TypeScript compilation
- Check all packages
validate:
- Validate package.json files
- Check dependencies
- Verify monorepo structurename: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
jobs:
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v2
with:
version: 8
- uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Lint
run: pnpm lint
- name: Build
run: pnpm build
- name: Test
run: pnpm test- Tag push matching
v*.*.* - Manual dispatch
jobs:
package:
- Build extensions
- Run tests
- Package .vsix files
- Upload artifacts
publish-marketplace:
- Download artifacts
- Publish to VS Code Marketplace
- Verify publication
publish-openvsx:
- Download artifacts
- Publish to Open VSX
- Verify publication
create-release:
- Create GitHub Release
- Attach .vsix files
- Generate release notesVSCODE_PAT: VS Code Marketplace tokenOPEN_VSX_TOKEN: Open VSX tokenGITHUB_TOKEN: (Automatically provided)
- Push to
main(production) - Push to
develop(staging) - Manual dispatch
jobs:
deploy-workers:
- Build Worker code
- Run tests
- Deploy to Cloudflare
- Verify deployment
migrate-database:
- Run D1 migrations
- Seed initial data
- Verify schema
update-kv:
- Update KV configuration
- Seed initial values
smoke-test:
- Test API endpoints
- Verify authentication
- Check integrationsCLOUDFLARE_API_TOKENCLOUDFLARE_ACCOUNT_IDSTRIPE_SECRET_KEY(for webhooks)
- Push to
main(production) - Push to
develop(preview) - Pull requests (preview)
jobs:
deploy:
- Build edge functions
- Deploy to Vercel
- Get deployment URL
- Comment on PR with URL
test:
- Run smoke tests
- Verify edge functions
- Check API routesVERCEL_TOKENVERCEL_ORG_IDVERCEL_PROJECT_ID
- Push to
main - Changes in
website/directory
jobs:
build:
- Set up Ruby
- Install Jekyll
- Build site
- Upload artifact
deploy:
- Deploy to GitHub Pages
- Verify deployment- Manual dispatch with version input
jobs:
prepare-release:
- Bump version numbers
- Update CHANGELOG
- Commit changes
build-and-test:
- Run full CI pipeline
- Generate artifacts
create-release:
- Create git tag
- Create GitHub Release
- Upload artifacts
publish:
- Publish extensions
- Deploy workers
- Update websitejobs:
codeql:
- Initialize CodeQL
- Autobuild
- Perform analysis
- Upload resultsjobs:
dependency-review:
- Check for vulnerabilities
- Review license compliance
- Alert on issuesAdd to README.md:
- Require pull request reviews (2)
- Require status checks to pass:
- CI / lint
- CI / build
- CI / test
- CI / type-check
- Require linear history
- Include administrators
- Require pull request reviews (1)
- Require status checks to pass
- Allow force pushes (maintainers only)
Production (v1.2.3)
↓
Deploy v1.3.0 to staging
↓
Run smoke tests
↓
Switch traffic to v1.3.0
↓
Monitor for issues
↓
Rollback if needed
Deploy to 10% of users
↓
Monitor metrics
↓
If stable: Deploy to 50%
↓
Monitor metrics
↓
If stable: Deploy to 100%
# Revert to previous version
git revert <commit-hash>
git push origin main
# Re-tag and publish
git tag v1.2.3-hotfix
pnpm publish:extensions# Deploy previous version
cd cloudflare
wrangler rollback --env production# Via Vercel Dashboard or CLI
vercel rollback <deployment-url>✅ Use caching for dependencies ✅ Parallelize independent jobs ✅ Set appropriate timeouts ✅ Use matrix strategies for multi-version testing ✅ Store secrets securely ✅ Add status badges
❌ Commit secrets to workflows ❌ Run long tests on every commit ❌ Deploy without testing ❌ Skip smoke tests ❌ Ignore workflow failures
pnpm testpnpm test:integrationpnpm test:e2e- Build time
- Success rate
- Deployment frequency
- Mean time to recovery (MTTR)
- Failed deployments
- Test failures
- Security vulnerabilities
- Dependency updates
Issue: pnpm install fails Solution: Clear cache, verify lockfile
Issue: Build timeout Solution: Increase timeout, optimize build
Issue: Deployment fails Solution: Check secrets, verify permissions
Issue: Tests flaky Solution: Add retry logic, fix race conditions
When modifying workflows:
- Test locally with act
- Create PR with workflow changes
- Monitor first run carefully
- Update documentation