CI Pipeline (Rails + JS)

CI Pipeline (Rails + JS)

This is the standard CI pipeline we run for most changes. It validates security, dependencies, code style, frontend builds, and backend/system behavior.

1) bin/brakeman --no-pager

What it does: Scans Rails code for common security issues (SQL injection, mass‑assignment, XSS, unsafe redirects, etc.). Why it matters: Catches dangerous patterns early — a fast first line of defense.

2) bin/bundler-audit

What it does: Checks Gemfile.lock against known CVEs in Ruby gems. Why it matters: Prevents shipping vulnerable dependencies.

3) bin/rubocop -f github

What it does: Enforces Ruby style and flags bug‑prone patterns (unused vars, risky constructs). Why it matters: Keeps the codebase consistent and reduces subtle bugs.

4) pnpm install

What it does: Installs JS dependencies from package.json. Why it matters: Required before building assets or running JS tooling.

5) pnpm build (esbuild)

What it does: Bundles JS into app/assets/builds. Why it matters: Ensures frontend JS compiles and can be served.

6) pnpm build:css or bin/rails tailwindcss:build

What it does: Compiles Tailwind CSS. Why it matters: Confirms UI styles build correctly (especially after UI changes).

7) bin/rails db:test:prepare test

What it does: Prepares the test database and runs unit + integration tests. Why it matters: Verifies business logic and controller behavior.

8) bin/rails db:test:prepare test:system

What it does: Prepares test DB and runs system tests (Capybara + headless browser). Why it matters: Validates end‑to‑end user flows in a browser‑like environment.

---

Guidance for contributors

• If a CI step fails, fix it before asking for review.
• For doc‑only changes, you may skip heavy steps, but call it out in the PR.