ScaleRocket/Web
ENFR

CI/CD

GitHub Actions workflow for linting, type-checking, building, testing, and automatic deployment.

Overview

ScaleRocket includes a GitHub Actions workflow that runs on every push and pull request. It lints, type-checks, and builds all apps and packages to catch issues before they reach production.

Workflow File

Create .github/workflows/ci.yml:

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}

jobs:
  ci:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 9

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: "pnpm"

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Lint
        run: pnpm lint

      - name: Type check
        run: pnpm type-check

      - name: Build
        run: pnpm build
        env:
          NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }}
          NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }}
          NEXT_PUBLIC_APP_URL: https://app.example.com
          VITE_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }}
          VITE_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }}

      - name: Test
        run: pnpm test --if-present

What Each Step Does

StepCommandPurpose
Lintpnpm lintRuns ESLint across all apps and packages
Type checkpnpm type-checkRuns tsc --noEmit in all workspaces
Buildpnpm buildBuilds all packages then all apps via Turborepo
Testpnpm testRuns tests if configured (skips if no test script)

Turborepo handles the dependency graph -- packages build before apps that depend on them.

Required Secrets

Set these in your GitHub repository under Settings > Secrets and variables > Actions:

SecretPurpose
NEXT_PUBLIC_SUPABASE_URLSupabase URL for build-time
NEXT_PUBLIC_SUPABASE_ANON_KEYSupabase anon key for build-time
TURBO_TOKEN(Optional) Turborepo remote cache token
TURBO_TEAM(Optional) Turborepo team slug

The Supabase variables are needed because the apps reference them at build time. You can use your production or a staging project's credentials.

Automatic Deployment

Vercel (default)

Vercel automatically deploys when you push to main. No extra CI configuration needed for deployment -- the GitHub Actions workflow handles quality checks, and Vercel handles deployment separately.

The flow:

Push to main
  ├── GitHub Actions: lint, type-check, build, test
  └── Vercel: build and deploy (independent)

Supabase (migrations and functions)

Add a step to deploy database migrations and Edge Functions automatically:

  deploy-supabase:
    runs-on: ubuntu-latest
    needs: ci
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Supabase CLI
        uses: supabase/setup-cli@v1
        with:
          version: latest

      - name: Link Supabase project
        run: pnpm supabase link --project-ref ${{ secrets.SUPABASE_PROJECT_REF }}
        env:
          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}

      - name: Push database migrations
        run: pnpm supabase db push
        env:
          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}

      - name: Deploy Edge Functions
        run: pnpm supabase functions deploy
        env:
          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}

Additional secrets for Supabase deployment:

SecretPurpose
SUPABASE_ACCESS_TOKENPersonal access token from supabase.com/dashboard/account/tokens
SUPABASE_PROJECT_REFProject reference ID

Turborepo Remote Caching

Speed up CI builds by caching unchanged packages:

  1. Run locally:
pnpm turbo login
pnpm turbo link

  1. Copy the token and team from .turbo/config.json.

  2. Add them as GitHub secrets (TURBO_TOKEN, TURBO_TEAM).

With remote caching, unchanged packages are skipped in CI, reducing build times significantly.

Branch Preview Deployments

Vercel automatically creates preview deployments for pull requests. Each PR gets a unique URL to test changes before merging.

The CI workflow runs on PRs too, ensuring code quality before review:

on:
  pull_request:
    branches: [main]
  1. Create a feature branch: git checkout -b feature/my-feature
  2. Push to GitHub: git push -u origin feature/my-feature
  3. CI runs automatically (lint, type-check, build)
  4. Vercel creates a preview deployment
  5. Open a pull request, review the preview
  6. Merge to main
  7. CI runs on main, Vercel deploys to production
  8. Supabase migrations and functions deploy (if configured)

Done reading? Mark this page as complete.

On this page

OverviewWorkflow FileWhat Each Step DoesRequired SecretsAutomatic DeploymentVercel (default)Supabase (migrations and functions)Turborepo Remote CachingBranch Preview DeploymentsRecommended Workflow