chore: improve CI/CD pipelines and tighten Biome config

- ci.yml: parallel lint/test jobs, concurrency cancel, coverage summary,
  dependency-review on PRs
- android-ci.yml: tag v* trigger, Gradle cache, .env seeding, AAB/Sentry stubs
- ios-ci.yml: tag v* trigger, CocoaPods cache, .env seeding, Sentry stub
- biome.json: noDebugger/noFocusedTests → error; remove 3 dead overrides;
  relax noConsole in test files
- docs/OPERATIONS.md, CHANGELOG.md: reflect all workflow changes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: maximcoding

.github/workflows/android-ci.yml

@@ -1,8 +1,16 @@
 name: Android CI Build
 
-# Manual native release build (template). PR quality checks live in ci.yml.
+# Manual build or tag-triggered release build.
+# PR quality checks (lint, tests, type-check) live in ci.yml.
 on:
   workflow_dispatch:
+  push:
+    tags:
+      - 'v*'
+
+concurrency:
+  group: android-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   android-build:
@@ -27,12 +35,39 @@ jobs:
           distribution: 'temurin'
           java-version: 17
 
+      - name: Cache Gradle packages
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: gradle-${{ hashFiles('android/gradle/wrapper/gradle-wrapper.properties', 'android/**/*.gradle*') }}
+          restore-keys: gradle-
+
       - name: Install Android SDK
         uses: android-actions/setup-android@v3
 
-      - name: Build Android Release
+      - name: Seed .env for build
+        run: cp .env.example .env
+
+      # Template uses the debug keystore. Replace with a real signing step
+      # (e.g. decode a base64-encoded keystore from secrets) before store upload.
+      - name: Build Android Release APK
         run: cd android && ./gradlew assembleRelease
 
+      # Uncomment for Play Store upload (requires signing + Google service account secret):
+      # - name: Build Android Release Bundle (AAB)
+      #   run: cd android && ./gradlew bundleRelease
+
+      # Upload Sentry source maps if DSN is configured.
+      # Uncomment and set SENTRY_AUTH_TOKEN + SENTRY_ORG + SENTRY_PROJECT secrets.
+      # - name: Upload Sentry source maps
+      #   env:
+      #     SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+      #     SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+      #     SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+      #   run: npx @sentry/cli releases files "${{ github.ref_name }}" upload-sourcemaps android/app/build
+
       - name: Upload APK Artifact
         uses: actions/upload-artifact@v4
         with:

.github/workflows/ci.yml

@@ -6,8 +6,14 @@ on:
   pull_request:
     branches: [master, main]
 
+# Cancel in-flight runs for the same PR / branch so stale runs don't queue up.
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
-  quality:
+  lint:
+    name: Lint & type-check
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -26,11 +32,33 @@ jobs:
       - name: Typecheck
         run: npx tsc --noEmit
 
+  test:
+    name: Tests & guards
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
       - name: Unit tests
-        run: npm test
+        run: npm test -- --coverage --coverageReporters=text-summary
 
       - name: Check icons registry
         run: npm run check:icons
 
       - name: Check import paths
         run: npm run check:imports
+
+  dependency-review:
+    name: Dependency review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/dependency-review-action@v4

.github/workflows/ios-ci.yml

@@ -1,8 +1,16 @@
 name: iOS CI Build
 
-# Manual simulator build (no signing). PR quality checks live in ci.yml.
+# Manual build or tag-triggered release build.
+# PR quality checks (lint, tests, type-check) live in ci.yml.
 on:
   workflow_dispatch:
+  push:
+    tags:
+      - 'v*'
+
+concurrency:
+  group: ios-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   ios-build:
@@ -21,9 +29,23 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Cache CocoaPods specs
+        uses: actions/cache@v4
+        with:
+          path: ~/.cocoapods
+          key: cocoapods-${{ hashFiles('ios/Podfile.lock') }}
+          restore-keys: cocoapods-
+
       - name: Install Pods
         run: cd ios && pod install
 
+      - name: Seed .env for build
+        run: cp .env.example .env
+
+      # Simulator / CI build (no signing required).
+      # For a real device/TestFlight build, switch to -configuration Release,
+      # add code signing setup (e.g. Fastlane match or manual cert import),
+      # and change -destination to 'generic/platform=iOS'.
       - name: Build iOS (Simulator)
         run: |
           cd ios
@@ -36,6 +58,15 @@ jobs:
             -derivedDataPath build \
             build
 
+      # Upload Sentry source maps if DSN is configured.
+      # Uncomment and set SENTRY_AUTH_TOKEN + SENTRY_ORG + SENTRY_PROJECT secrets.
+      # - name: Upload Sentry source maps
+      #   env:
+      #     SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+      #     SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+      #     SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+      #   run: npx @sentry/cli releases files "${{ github.ref_name }}" upload-sourcemaps ios/build
+
       - name: Upload Simulator app
         uses: actions/upload-artifact@v4
         with:

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [Unreleased]
+
+### Changed
+- **CI (`ci.yml`):** split quality gate into two parallel jobs (`lint`: Biome + TypeScript; `test`: Jest with coverage summary + `check:icons` + `check:imports`); add `concurrency` group to cancel stale PR runs; add `dependency-review` job on pull requests.
+- **Android CI (`android-ci.yml`):** add `v*` tag trigger alongside `workflow_dispatch`; add Gradle cache (`~/.gradle`); seed `.env` from `.env.example` before build; add commented stubs for AAB (`bundleRelease`) and Sentry source map upload.
+- **iOS CI (`ios-ci.yml`):** add `v*` tag trigger alongside `workflow_dispatch`; add CocoaPods specs cache (`~/.cocoapods`); seed `.env` from `.env.example` before build; add commented stub for Sentry source map upload.
+- **`docs/OPERATIONS.md`:** update GitHub Actions table and notes to reflect parallel jobs, caching, tag triggers, and Sentry upload stubs.
+
 ## [1.0.0] - 2026-03-23
 
 - Align **react-native-nitro-modules** with **react-native-mmkv** (pin mmkv 4.3.0 + nitro 0.35.0) to fix Android Kotlin compile (`CxxPart` / Nitrogen skew); **`package.json` `overrides`** pins nitro 0.35.0; refresh [`ios/Podfile.lock`](ios/Podfile.lock) (MMKVCore 2.4.0). Doc: [docs/development.md#react-native-mmkv-and-react-native-nitro-modules](docs/development.md#react-native-mmkv-and-react-native-nitro-modules).

biome.json

@@ -69,14 +69,14 @@
         "noConfusingLabels": "warn",
         "noConsole": "off",
         "noControlCharactersInRegex": "warn",
-        "noDebugger": "warn",
+        "noDebugger": "error",
         "noDoubleEquals": "warn",
         "noDuplicateClassMembers": "error",
         "noDuplicateJsxProps": "error",
         "noDuplicateObjectKeys": "error",
         "noEmptyBlockStatements": "off",
         "noFallthroughSwitchClause": "warn",
-        "noFocusedTests": "warn",
+        "noFocusedTests": "error",
         "noFunctionAssign": "warn",
         "noGlobalAssign": "error",
         "noLabelVar": "warn",
@@ -135,12 +135,6 @@
     }
   },
   "overrides": [
-    { "includes": ["*.js"], "linter": { "rules": {} } },
-    { "includes": ["*.jsx"] },
-    {
-      "includes": ["*.js", "*.jsx", "*.ts", "*.tsx"],
-      "linter": { "rules": {} }
-    },
     {
       "includes": ["*.ts", "*.tsx"],
       "linter": {
@@ -157,7 +151,11 @@
         "*.{spec,test}.{js,ts,tsx}",
         "**/__{mocks,tests}__/**/*.{js,ts,tsx}"
       ],
-      "linter": { "rules": {} }
+      "linter": {
+        "rules": {
+          "suspicious": { "noConsole": "off" }
+        }
+      }
     }
   ],
   "assist": {

docs/OPERATIONS.md

@@ -67,24 +67,26 @@ Add YAML flows under `maestro/` and keep them deterministic (seed data, locale,
 
 | File | Trigger | Purpose |
 |------|---------|---------|
-| [`.github/workflows/ci.yml`](../.github/workflows/ci.yml) | Push / PR to `master` or `main` | **Quality gate:** Biome, TypeScript, Jest, `check:icons`, `check:imports` (Node 20, `npm ci`). |
-| [`.github/workflows/android-ci.yml`](../.github/workflows/android-ci.yml) | Manual (`workflow_dispatch`) | **Android:** JDK 17, Android SDK, `assembleRelease` (uses debug keystore in template `build.gradle`). |
-| [`.github/workflows/ios-ci.yml`](../.github/workflows/ios-ci.yml) | Manual (`workflow_dispatch`) | **iOS:** CocoaPods, **simulator** `xcodebuild` for `ReactNativeStarter` scheme (no device signing). |
+| [`.github/workflows/ci.yml`](../.github/workflows/ci.yml) | Push / PR to `master` or `main` | **Quality gate** (two parallel jobs): `lint` — Biome + TypeScript; `test` — Jest (with coverage summary) + `check:icons` + `check:imports`. Plus a `dependency-review` job on PRs. Stale runs cancelled via `concurrency`. |
+| [`.github/workflows/android-ci.yml`](../.github/workflows/android-ci.yml) | Manual (`workflow_dispatch`) or tag `v*` push | **Android:** JDK 17, Android SDK, Gradle cache, `.env` seeded from `.env.example`, `assembleRelease` (debug keystore — replace with real signing before store upload). Commented stubs for AAB (`bundleRelease`) and Sentry source map upload. |
+| [`.github/workflows/ios-ci.yml`](../.github/workflows/ios-ci.yml) | Manual (`workflow_dispatch`) or tag `v*` push | **iOS:** CocoaPods (with specs cache), `.env` seeded from `.env.example`, **simulator** `xcodebuild` for `ReactNativeStarter` scheme (no device signing). Commented stub for Sentry source map upload. |
 
 ### Notes
 
-- **Release / Play / TestFlight** automation is not included; add Fastlane or your own jobs when you have signing secrets.
+- **Release / Play / TestFlight** automation is not included; add Fastlane or your own jobs when you have signing secrets. Commented stubs in each native workflow show where to add signing and upload steps.
+- Native workflows trigger automatically on `v*` tags (e.g. `v1.2.0`) in addition to `workflow_dispatch`.
 - Align **Node** with `package.json` `engines` (>= 20) across all workflows.
 - After renaming the app in Xcode / Gradle, update **workspace**, **scheme**, and **artifact paths** in the iOS workflow.
+- **Sentry source maps:** uncomment the upload step in both native workflows and set `SENTRY_AUTH_TOKEN`, `SENTRY_ORG`, `SENTRY_PROJECT` as repository secrets.
 
 ### Optional consolidation
 
-You can delete `android-ci.yml` / `ios-ci.yml` if you only want PR checks (`ci.yml`), or merge native builds into a single file with a matrix—keep one source of truth for Node version and install steps.
+You can delete `android-ci.yml` / `ios-ci.yml` if you only want PR checks (`ci.yml`), or merge native builds into a single file with a matrix — keep one source of truth for Node version and install steps.
 
 ### Feature branches and store automation
 
 - Run the same checks locally as **`ci.yml`** before push; CI runs them on push/PR to `main` / `master`.
-- **Store release automation** (tag-triggered builds, Google Play / TestFlight upload) is **not** in this template. Manual Android/iOS workflows produce artifacts only; add Fastlane or custom workflows when you need uploads.
+- **Store release automation** (Google Play / TestFlight upload) is not included. Native workflows produce artifacts on tag push; add Fastlane `supply` / `pilot` lanes and the corresponding repository secrets (`GOOGLE_SERVICE_ACCOUNT_JSON`, `APP_STORE_CONNECT_API_KEY_JSON`) when you need automated uploads.
 
 ## Android: native clean and CMake (`codegen/jni`)