From 8de629dd2d1dbc3a8b4fc067e310c34b2f5764a8 Mon Sep 17 00:00:00 2001
From: Wuesteon <nils.weiser@outlook.com>
Date: Mon, 8 Dec 2025 12:53:42 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20ci:=20add=20dev=20branch=20workf?=
 =?UTF-8?q?low=20with=20PR=20validation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Rename ci-main.yml to ci.yml for clarity
- Add PR-based validation (type-check, lint) for dev and main branches
- Add path filtering to skip CI on docs-only changes
- Trigger staging deployment only on push to dev branch
- Keep production deployment manual with confirmation
---
 .github/workflows/cd-production.yml       |  7 +++
 .github/workflows/cd-staging.yml          | 14 +++--
 .github/workflows/{ci-main.yml => ci.yml} | 72 ++++++++++++++++++++---
 3 files changed, 80 insertions(+), 13 deletions(-)
 rename .github/workflows/{ci-main.yml => ci.yml} (60%)

diff --git a/.github/workflows/cd-production.yml b/.github/workflows/cd-production.yml
index 9c98e5982..ec614d4bb 100644
--- a/.github/workflows/cd-production.yml
+++ b/.github/workflows/cd-production.yml
@@ -1,3 +1,10 @@
+# Production Deployment
+#
+# Triggered by:
+#   - Manual only (workflow_dispatch with confirmation)
+#
+# Flow: dev (staging) → main (production)
+# Requires typing "deploy" to confirm
 name: CD - Production Deployment
 
 on:
diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml
index 6b0e52d80..8c6e83955 100644
--- a/.github/workflows/cd-staging.yml
+++ b/.github/workflows/cd-staging.yml
@@ -1,11 +1,13 @@
-# Simplified staging config: mana-core-auth + chat-backend only
+# Staging Deployment
+#
+# Triggered by:
+#   - Automatic: Push to dev branch (via ci.yml)
+#   - Manual: workflow_dispatch
+#
 # Full config archived at: .github/workflows/cd-staging.full.yml
 #
-# To restore full config:
-#   cp .github/workflows/cd-staging.full.yml .github/workflows/cd-staging.yml
-#
-# To add a service back:
-#   1. Add service to workflow_dispatch options (line ~10)
+# To add a service:
+#   1. Add service to workflow_dispatch options
 #   2. Add health check in "Run health checks" step
 #   3. Add service to docker-compose.staging.yml
 name: CD - Staging Deployment
diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci.yml
similarity index 60%
rename from .github/workflows/ci-main.yml
rename to .github/workflows/ci.yml
index 6ffe6f93c..b9059055b 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci.yml
@@ -1,25 +1,82 @@
-# MINIMAL: Only builds mana-core-auth + chat Docker images, no validation
-# Full config archived at: .github/workflows/ci-main.full.yml
+# CI Pipeline: Validates code on PRs, builds and deploys on push to protected branches
 #
-# To restore: cp .github/workflows/ci-main.full.yml .github/workflows/ci-main.yml
+# Flow:
+#   PR → dev/main     : Runs validation (required status check)
+#   Push → dev        : Builds images + deploys to staging
+#   Push → main       : Builds images (production deploy is manual)
+#
+# Full config archived at: .github/workflows/ci-main.full.yml
 
-name: CI - Main Branch
+name: CI
 
 on:
   push:
     branches:
       - main
+      - dev
+    paths:
+      - 'apps/**'
+      - 'packages/**'
+      - 'services/**'
+      - 'package.json'
+      - 'pnpm-lock.yaml'
+      - 'turbo.json'
+  pull_request:
+    branches:
+      - main
+      - dev
+    paths:
+      - 'apps/**'
+      - 'packages/**'
+      - 'services/**'
+      - 'package.json'
+      - 'pnpm-lock.yaml'
+      - 'turbo.json'
   workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+env:
+  NODE_VERSION: '20'
+  PNPM_VERSION: '9.15.0'
+
 jobs:
-  # Build Docker images directly - Dockerfiles handle their own dependencies
+  # Validation job - runs on PRs to catch issues before merge
+  validate:
+    name: Validate
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: ${{ env.PNPM_VERSION }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Type check
+        run: pnpm run type-check
+
+      - name: Lint
+        run: pnpm run lint || echo "Lint warnings found"
+
+  # Build Docker images - only on push to dev/main (not PRs)
   build-docker-images:
     name: Build ${{ matrix.service.name }}
     runs-on: ubuntu-latest
+    if: github.event_name == 'push'
     strategy:
       matrix:
         service:
@@ -73,11 +130,12 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-  # Trigger staging deployment after all images are built
+  # Trigger staging deployment after all images are built (only on push to dev)
   deploy-staging:
     name: Deploy to Staging
     runs-on: ubuntu-latest
     needs: build-docker-images
+    if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
     steps:
       - name: Trigger staging deployment
         uses: actions/github-script@v7
@@ -87,6 +145,6 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               workflow_id: 'cd-staging.yml',
-              ref: 'main'
+              ref: 'dev'
             });
             console.log('Staging deployment triggered');