name: Nightly QA on: schedule: - cron: '0 3 * * *' workflow_dispatch: env: TARGET_URL: 'https://testing.klz-cables.com' PROJECT_NAME: 'klz-2026' jobs: # ──────────────────────────────────────────────────── # 1. Static Checks (HTML, Assets, HTTP) # ──────────────────────────────────────────────────── static: name: 🔍 Static Analysis runs-on: docker container: image: catthehacker/ubuntu:act-latest steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v3 with: version: 10 - uses: actions/setup-node@v4 with: node-version: 20 - name: 🔐 Registry Auth run: | echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm" > .npmrc echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc - name: 📦 Cache node_modules uses: actions/cache@v4 id: cache-deps with: path: node_modules key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} - name: Install if: steps.cache-deps.outputs.cache-hit != 'true' run: | pnpm store prune pnpm install --no-frozen-lockfile - name: 🌐 Install Chrome & Dependencies run: | apt-get update && apt-get install -y libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxrandr2 libgbm1 libasound2t64 libpango-1.0-0 libcairo2 npx puppeteer browsers install chrome - name: 🌐 HTML Validation env: NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} run: pnpm run check:html - name: 🖼️ Broken Assets env: NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} ASSET_CHECK_LIMIT: 10 run: pnpm run check:assets - name: 🔒 HTTP Headers env: NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} run: pnpm run check:http # ──────────────────────────────────────────────────── # 2. Accessibility (WCAG) # ──────────────────────────────────────────────────── a11y: name: ♿ Accessibility runs-on: docker container: image: catthehacker/ubuntu:act-latest steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v3 with: version: 10 - uses: actions/setup-node@v4 with: node-version: 20 - name: 🔐 Registry Auth run: | echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm" > .npmrc echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc - name: 📦 Cache node_modules uses: actions/cache@v4 id: cache-deps with: path: node_modules key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} - name: Install if: steps.cache-deps.outputs.cache-hit != 'true' run: | pnpm store prune pnpm install --no-frozen-lockfile - name: 🌐 Install Chrome & Dependencies run: | apt-get update && apt-get install -y libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxrandr2 libgbm1 libasound2t64 libpango-1.0-0 libcairo2 npx puppeteer browsers install chrome - name: ♿ WCAG Scan continue-on-error: true env: NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} run: pnpm run check:wcag # ──────────────────────────────────────────────────── # 3. Performance (Lighthouse) # ──────────────────────────────────────────────────── lighthouse: name: 🎭 Lighthouse runs-on: docker container: image: catthehacker/ubuntu:act-latest steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v3 with: version: 10 - uses: actions/setup-node@v4 with: node-version: 20 - name: 🔐 Registry Auth run: | echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm" > .npmrc echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc - name: 📦 Cache node_modules uses: actions/cache@v4 id: cache-deps with: path: node_modules key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} - name: Install if: steps.cache-deps.outputs.cache-hit != 'true' run: | pnpm store prune pnpm install --no-frozen-lockfile - name: 🌐 Install Chrome & Dependencies run: | apt-get update && apt-get install -y libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxrandr2 libgbm1 libasound2t64 libpango-1.0-0 libcairo2 npx puppeteer browsers install chrome - name: 🎭 Desktop env: NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} PAGESPEED_LIMIT: 5 run: pnpm run pagespeed:test -- --collect.settings.preset=desktop - name: 📱 Mobile env: NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} PAGESPEED_LIMIT: 5 run: pnpm run pagespeed:test -- --collect.settings.preset=mobile # ──────────────────────────────────────────────────── # 4. Link Check & Dependency Audit # ──────────────────────────────────────────────────── links: name: 🔗 Links & Deps runs-on: docker container: image: catthehacker/ubuntu:act-latest steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v3 with: version: 10 - uses: actions/setup-node@v4 with: node-version: 20 - name: 🔐 Registry Auth run: | echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm" > .npmrc echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc - name: 📦 Cache node_modules uses: actions/cache@v4 id: cache-deps with: path: node_modules key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} - name: Install if: steps.cache-deps.outputs.cache-hit != 'true' run: | pnpm store prune pnpm install --no-frozen-lockfile - name: 📦 Depcheck continue-on-error: true run: pnpm dlx depcheck --ignores="*eslint*,*typescript*,*tailwindcss*,*postcss*,*prettier*,*@types/*,*husky*,*lint-staged*,*@next/*,*@lhci/*,*commitlint*,*cspell*,*rimraf*,*@payloadcms/*,*start-server-and-test*,*html-validate*,*critters*,*dotenv*,*turbo*" || true - name: 🔗 Lychee Link Check uses: lycheeverse/lychee-action@v2 with: args: --accept 200,204,429 --timeout 15 --insecure --exclude "file://*" --exclude "https://logs.infra.***.me/*" --exclude "https://git.infra.***.me/*" --exclude "https://umami.is/docs/best-practices" --exclude "https://***/*" . fail: true # ──────────────────────────────────────────────────── # 5. Notification # ──────────────────────────────────────────────────── notify: name: 🔔 Notify needs: [static, a11y, lighthouse, links] if: always() runs-on: docker container: image: catthehacker/ubuntu:act-latest steps: - name: 🔔 Gotify shell: bash run: | STATIC="${{ needs.static.result }}" A11Y="${{ needs.a11y.result }}" LIGHTHOUSE="${{ needs.lighthouse.result }}" LINKS="${{ needs.links.result }}" if [[ "$STATIC" != "success" || "$LIGHTHOUSE" != "success" ]]; then PRIORITY=8 EMOJI="🚨" STATUS="Failed" else PRIORITY=2 EMOJI="✅" STATUS="Passed" fi TITLE="$EMOJI ${{ env.PROJECT_NAME }} QA $STATUS" MESSAGE="Static: $STATIC | A11y: $A11Y | Lighthouse: $LIGHTHOUSE | Links: $LINKS ${{ env.TARGET_URL }}" if [[ -z "${{ secrets.GOTIFY_URL }}" || -z "${{ secrets.GOTIFY_TOKEN }}" ]]; then echo "⚠️ Gotify credentials missing, skipping notification." exit 0 fi curl -s -k -X POST "${{ secrets.GOTIFY_URL }}/message?token=${{ secrets.GOTIFY_TOKEN }}" \ -F "title=$TITLE" \ -F "message=$MESSAGE" \ -F "priority=$PRIORITY" || true