fastapi
diff --git a/‎.env.example‎
Lines changed: 42 additions & 0 deletions b/‎.env.example‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 114 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-production.yml‎
Lines changed: 7 additions & 9 deletions b/‎.github/workflows/deploy-production.yml‎
Lines changed: 7 additions & 9 deletions
diff --git a/‎.github/workflows/deploy-staging.yml‎
Lines changed: 7 additions & 9 deletions b/‎.github/workflows/deploy-staging.yml‎
Lines changed: 7 additions & 9 deletions
diff --git a/‎.github/workflows/smokeshow.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/smokeshow.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test-backend.yml‎
Lines changed: 0 additions & 41 deletions b/‎.github/workflows/test-backend.yml‎
Lines changed: 0 additions & 41 deletions
diff --git a/‎.github/workflows/test-docker-compose.yml‎
Lines changed: 0 additions & 26 deletions b/‎.github/workflows/test-docker-compose.yml‎
Lines changed: 0 additions & 26 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 1 addition & 9 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 1 addition & 9 deletions
@@ -0,0 +1,42 @@
+# ─── Domain & Routing ────────────────────────────────────────────────────────
+# Domain used by Traefik for routing and TLS certificates
+DOMAIN=localhost
+# STACK_NAME=app              # Docker stack name prefix
+
+# ─── Environment ─────────────────────────────────────────────────────────────
+# Options: local | staging | production
+ENVIRONMENT=local
+
+# ─── Supabase (required) ──────────────────────────────────────────────────────
+SUPABASE_URL=https://your-project.supabase.co
+SUPABASE_SERVICE_KEY=your-supabase-service-key
+
+# ─── Clerk Authentication (required) ─────────────────────────────────────────
+CLERK_SECRET_KEY=sk_test_your-clerk-secret-key
+# CLERK_JWKS_URL=              # Optional: override the Clerk JWKS endpoint URL
+# CLERK_AUTHORIZED_PARTIES=    # Optional: comma-separated authorized parties
+
+# ─── Backend ──────────────────────────────────────────────────────────────────
+SERVICE_NAME=my-service
+SERVICE_VERSION=0.1.0
+BACKEND_CORS_ORIGINS=http://localhost,http://localhost:5173
+# API_V1_STR=/api/v1           # Default: /api/v1
+# HTTP_CLIENT_TIMEOUT=30       # HTTP client timeout in seconds
+# HTTP_CLIENT_MAX_RETRIES=3    # HTTP client retry count
+
+# ─── Logging ──────────────────────────────────────────────────────────────────
+# LOG_LEVEL options: DEBUG | INFO | WARNING | ERROR
+LOG_LEVEL=INFO
+# LOG_FORMAT options: json | console
+LOG_FORMAT=json
+
+# ─── Frontend ─────────────────────────────────────────────────────────────────
+# WITH_UI=false                # Set to true to enable frontend services
+DOCKER_IMAGE_BACKEND=backend
+DOCKER_IMAGE_FRONTEND=frontend
+# TAG=latest                   # Docker image tag
+
+# ─── Observability ────────────────────────────────────────────────────────────
+SENTRY_DSN=
+# GIT_COMMIT=                  # Set automatically by CI (git commit SHA)
+# BUILD_TIME=                  # Set automatically by CI (build timestamp)
@@ -0,0 +1,114 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+jobs:
+  backend-lint:
+    name: Backend Lint & Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.10"
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+      - name: Install dependencies
+        run: uv sync
+        working-directory: backend
+      - name: Ruff check
+        run: uv run ruff check backend/app/
+        working-directory: backend
+      - name: Ruff format check
+        run: uv run ruff format --check backend/app/
+        working-directory: backend
+      - name: Mypy
+        run: uv run mypy backend/app
+        working-directory: backend
+
+  backend-test:
+    name: Backend Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.10"
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+      - name: Install dependencies
+        run: uv sync
+        working-directory: backend
+      - name: Run tests
+        run: uv run coverage run -m pytest tests/unit/ tests/integration/ -v
+        working-directory: backend
+        env:
+          SUPABASE_URL: "http://localhost:54321"
+          SUPABASE_SERVICE_KEY: "test-service-key"
+          CLERK_SECRET_KEY: "test-clerk-key"
+          ENVIRONMENT: "local"
+      - name: Coverage report
+        run: uv run coverage report --fail-under=90
+        working-directory: backend
+      - name: Coverage HTML
+        run: uv run coverage html
+        working-directory: backend
+      - name: Store coverage files
+        uses: actions/upload-artifact@v6
+        with:
+          name: coverage-html
+          path: backend/htmlcov
+          include-hidden-files: true
+
+  frontend-ci:
+    name: Frontend Lint & Build
+    runs-on: ubuntu-latest
+    # Only run if frontend/ directory exists
+    if: hashFiles('frontend/package.json') != ''
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+      - name: Install dependencies
+        run: bun ci
+        working-directory: frontend
+      - name: Lint
+        run: bun run lint
+        working-directory: frontend
+      - name: Build
+        run: bun run build
+        working-directory: frontend
+
+  docker-build:
+    name: Docker Build
+    runs-on: ubuntu-latest
+    needs: [backend-lint, backend-test]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Build backend image
+        run: docker build -t test-backend backend/ -f backend/Dockerfile
+
+  # Branch protection gate
+  alls-green:
+    name: CI Complete
+    runs-on: ubuntu-latest
+    needs: [backend-lint, backend-test, docker-build]
+    if: always()
+    steps:
+      - name: Check all jobs
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
@@ -7,7 +7,6 @@ on:
 
 jobs:
   deploy:
-    # Do not deploy in the main repository, only in user projects
     if: github.repository_owner != 'fastapi'
     runs-on:
       - self-hosted
@@ -16,15 +15,14 @@ jobs:
       ENVIRONMENT: production
       DOMAIN: ${{ secrets.DOMAIN_PRODUCTION }}
       STACK_NAME: ${{ secrets.STACK_NAME_PRODUCTION }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      FIRST_SUPERUSER: ${{ secrets.FIRST_SUPERUSER }}
-      FIRST_SUPERUSER_PASSWORD: ${{ secrets.FIRST_SUPERUSER_PASSWORD }}
-      SMTP_HOST: ${{ secrets.SMTP_HOST }}
-      SMTP_USER: ${{ secrets.SMTP_USER }}
-      SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
-      EMAILS_FROM_EMAIL: ${{ secrets.EMAILS_FROM_EMAIL }}
-      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
+      SUPABASE_SERVICE_KEY: ${{ secrets.SUPABASE_SERVICE_KEY }}
+      CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
+      BACKEND_CORS_ORIGINS: ${{ secrets.BACKEND_CORS_ORIGINS }}
       SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+      SERVICE_NAME: ${{ secrets.SERVICE_NAME }}
+      DOCKER_IMAGE_BACKEND: ${{ secrets.DOCKER_IMAGE_BACKEND }}
+      DOCKER_IMAGE_FRONTEND: ${{ secrets.DOCKER_IMAGE_FRONTEND }}
     steps:
       - name: Checkout
         uses: actions/checkout@v6
 
@@ -7,7 +7,6 @@ on:
 
 jobs:
   deploy:
-    # Do not deploy in the main repository, only in user projects
     if: github.repository_owner != 'fastapi'
     runs-on:
       - self-hosted
@@ -16,15 +15,14 @@ jobs:
       ENVIRONMENT: staging
       DOMAIN: ${{ secrets.DOMAIN_STAGING }}
       STACK_NAME: ${{ secrets.STACK_NAME_STAGING }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      FIRST_SUPERUSER: ${{ secrets.FIRST_SUPERUSER }}
-      FIRST_SUPERUSER_PASSWORD: ${{ secrets.FIRST_SUPERUSER_PASSWORD }}
-      SMTP_HOST: ${{ secrets.SMTP_HOST }}
-      SMTP_USER: ${{ secrets.SMTP_USER }}
-      SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
-      EMAILS_FROM_EMAIL: ${{ secrets.EMAILS_FROM_EMAIL }}
-      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
+      SUPABASE_SERVICE_KEY: ${{ secrets.SUPABASE_SERVICE_KEY }}
+      CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
+      BACKEND_CORS_ORIGINS: ${{ secrets.BACKEND_CORS_ORIGINS }}
       SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+      SERVICE_NAME: ${{ secrets.SERVICE_NAME }}
+      DOCKER_IMAGE_BACKEND: ${{ secrets.DOCKER_IMAGE_BACKEND }}
+      DOCKER_IMAGE_FRONTEND: ${{ secrets.DOCKER_IMAGE_FRONTEND }}
     steps:
       - name: Checkout
         uses: actions/checkout@v6
 
@@ -2,7 +2,7 @@ name: Smokeshow
 
 on:
   workflow_run:
-    workflows: [Test Backend]
+    workflows: [CI]
     types: [completed]
 
 jobs:
 
@@ -12,8 +12,7 @@ repos:
       - id: end-of-file-fixer
         exclude: |
             (?x)^(
-                frontend/src/client/.*|
-                backend/app/email-templates/build/.*
+                frontend/src/client/.*
             )$
       - id: trailing-whitespace
         exclude: ^frontend/src/client/.*
@@ -46,10 +45,3 @@ repos:
         require_serial: true
         language: unsupported
         pass_filenames: false
-
-      - id: generate-frontend-sdk
-        name: Generate Frontend SDK
-        entry: bash ./scripts/generate-client.sh
-        pass_filenames: false
-        language: unsupported
-        files: ^backend/.*$|^scripts/generate-client\.sh$