ci: add CI/CD pipeline and Astro Starlight docs site#21
Conversation
- Add .github/workflows/ci.yml (lint, tests, security scan, Docker build) - Add .github/workflows/deploy-docs.yml (GitHub Pages deployment) - Add Astro Starlight docs site with API reference, quickstart, architecture, and contribution guides - Update .gitignore for Astro build artifacts
There was a problem hiding this comment.
Pull request overview
This PR introduces a GitHub Actions CI pipeline for GS360 and adds an Astro Starlight documentation site, including a GitHub Pages deployment workflow for the docs.
Changes:
- Added a multi-job CI workflow covering Python lint/security scans, backend checks, frontend lint/typecheck/build, secret scanning, and Docker build validation.
- Added an Astro Starlight docs site under
docs/with initial Getting Started, Architecture, Content Packs, and Contributing pages. - Added a GitHub Pages workflow to build and deploy the docs site on changes under
docs/**, plus updated.gitignorefor Astro outputs.
Reviewed changes
Copilot reviewed 13 out of 15 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/ci.yml |
Adds CI pipeline for linting, testing, scanning, and build validation. |
.github/workflows/deploy-docs.yml |
Builds and deploys the docs site to GitHub Pages. |
.gitignore |
Introduces ignore rules for local/dev artifacts and Astro build outputs. |
docs/package.json |
Defines docs site dependencies and scripts (Astro/Starlight). |
docs/package-lock.json |
Locks docs site dependency versions for reproducible installs. |
docs/astro.config.mjs |
Configures Starlight site, GitHub Pages site/base, and sidebar. |
docs/tsconfig.json |
Sets strict Astro TypeScript config for docs. |
docs/src/content.config.ts |
Configures Starlight content collection loader/schema. |
docs/src/content/docs/getting-started/introduction.md |
Adds introduction documentation page. |
docs/src/content/docs/getting-started/quickstart.md |
Adds local + Docker quickstart instructions. |
docs/src/content/docs/getting-started/configuration.md |
Documents environment variables and security guidance. |
docs/src/content/docs/architecture/overview.md |
Describes high-level system architecture and repo layout. |
docs/src/content/docs/architecture/api-reference.md |
Documents REST/WebSocket endpoints (high-level). |
docs/src/content/docs/content-packs/guide.md |
Documents content pack structure and contribution flow. |
docs/src/content/docs/contributing/guide.md |
Adds contributor setup and standards guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| fetch-depth: 0 | ||
|
|
||
| - name: TruffleHog secret scan | ||
| uses: trufflesecurity/trufflehog@main |
There was a problem hiding this comment.
The TruffleHog GitHub Action is referenced via @main, which can introduce unreviewed breaking changes into your CI unexpectedly. Pin to a tagged release or a specific commit SHA to make the workflow deterministic and more secure.
| uses: trufflesecurity/trufflehog@main | |
| uses: trufflesecurity/trufflehog@v3.88.18 |
|
|
||
| export default defineConfig({ | ||
| site: "https://jina-code-systems.github.io", | ||
| base: "/GS360", |
There was a problem hiding this comment.
For GitHub Pages project sites, Astro’s base is typically expected to include a trailing slash (e.g., /GS360/). Without it, generated asset and link URLs can be incorrect depending on how paths are joined during build. Consider switching base to /GS360/ and ensuring internal links don’t hardcode the repo name.
| base: "/GS360", | |
| base: "/GS360/", |
| 3. Run `python scripts/validate-pack.py` to check it. | ||
| 4. Submit a PR. | ||
|
|
||
| See the [Content Pack Guide](/GS360/content-packs/guide/) for full details. |
There was a problem hiding this comment.
This link hardcodes the repo base path (/GS360/...). That tends to break local dev/preview where the site is served from /, and it couples content to the deployment target. Prefer a base-agnostic internal link like /content-packs/guide/ (letting Astro’s base handle the prefix) or a relative link.
| See the [Content Pack Guide](/GS360/content-packs/guide/) for full details. | |
| See the [Content Pack Guide](/content-packs/guide/) for full details. |
| pytest --tb=short --no-header -q \ | ||
| --cov=backend --cov=core \ | ||
| --cov-report=term-missing \ | ||
| --cov-report=xml:coverage.xml \ | ||
| || echo "No test files found — skipping coverage" | ||
|
|
There was a problem hiding this comment.
The pytest ... || echo "No test files found — skipping coverage" construct will mark the step successful for any pytest failure (including failing tests), because the echo runs on any non-zero exit code. This effectively disables backend test enforcement in CI. Prefer an explicit “no tests” check (e.g., pytest --collect-only), or fail the job on test failures while only skipping when the test discovery truly finds zero tests.
| pytest --tb=short --no-header -q \ | |
| --cov=backend --cov=core \ | |
| --cov-report=term-missing \ | |
| --cov-report=xml:coverage.xml \ | |
| || echo "No test files found — skipping coverage" | |
| pytest --collect-only --no-header -q > /tmp/pytest-collect.txt 2>&1 | |
| collect_status=$? | |
| cat /tmp/pytest-collect.txt | |
| if [ $collect_status -ne 0 ]; then | |
| exit $collect_status | |
| fi | |
| if grep -q "collected 0 items" /tmp/pytest-collect.txt; then | |
| echo "No test files found — skipping coverage" | |
| else | |
| pytest --tb=short --no-header -q \ | |
| --cov=backend --cov=core \ | |
| --cov-report=term-missing \ | |
| --cov-report=xml:coverage.xml | |
| fi |
| - name: Run integration checks | ||
| run: python scripts/run_integration_checks.py || true | ||
|
|
||
| - name: Validate content packs | ||
| run: python scripts/validate-pack.py || true |
There was a problem hiding this comment.
run_integration_checks.py and validate-pack.py are currently allowed to fail (|| true), so CI will still pass even if these checks detect regressions. The PR description lists these as part of the CI pipeline (not marked optional), so this is a mismatch; consider removing || true (or clearly documenting/renaming them as non-blocking informational checks).
| cache-dependency-path: gs360-live/web/package-lock.json | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci --legacy-peer-deps 2>/dev/null || npm install |
There was a problem hiding this comment.
npm ci failures are being silenced (2>/dev/null) and then replaced with npm install, which can mask lockfile drift and make builds non-reproducible. In CI it’s usually better to rely on npm ci (and fail loudly) so the dependency graph exactly matches package-lock.json.
| run: npm ci --legacy-peer-deps 2>/dev/null || npm install | |
| run: npm ci --legacy-peer-deps |
- Pin TruffleHog action to v3.88.18 instead of @main - Fix Astro base path to include trailing slash - Remove hardcoded base path from content link - Improve pytest step: collect-only check before running tests - Mark integration checks and pack validation as informational (continue-on-error) - Use strict npm ci without fallback to npm install
What changed
This PR adds a full CI/CD pipeline and a documentation site for GS360, mirroring the pattern from Jina Connect Unified CPaaS.
CI Pipeline (
.github/workflows/ci.yml)Docs Site (
docs/)Docs Deploy (
.github/workflows/deploy-docs.yml)docs/**Other
.gitignoreto exclude Astro build artifacts