Move to infisical. Create local dev environment. Add ci gates. Modernize repo

.gitea/workflows/build-next.yml

@@ -2,49 +2,55 @@ name: Build and Push Next App
 
 on:
   push:
-    branches:
-      - main
+    branches: [main]
     paths:
-      - 'apps/next/**'
-      - 'packages/ui/**'
-      - 'scripts/build-next-app'
+      - 'apps/**'
+      - 'packages/**'
       - 'tools/**'
+      - 'scripts/**'
       - 'docker/**'
       - '.gitea/workflows/build-next.yml'
+      - '.infisical.json'
+      - 'package.json'
+      - 'bun.lock'
+      - 'turbo.json'
 
 jobs:
-  build-next:
+  quality:
     runs-on: ubuntu-latest
-
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Create .env file
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.10
+      - run: bun install --frozen-lockfile
+      - name: Lint, typecheck, and test
+        env:
+          DOTENV_PROD: ${{ secrets.DOTENV_PROD }}
         run: |
-          cat > .env <<'EOF'
-          ${{ secrets.DOTENV_PROD }}
-          EOF
+          env_file="$(mktemp)"
+          trap 'rm -f "$env_file"' EXIT
+          printf '%s\n' "$DOTENV_PROD" > "$env_file"
+          bunx dotenv -e "$env_file" -- env NODE_ENV=test SKIP_E2E=1 bun run ci:check
 
+  build-next:
+    needs: [quality]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
       - name: Log in to container registry
+        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login git.gbrown.org -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+      - name: Build image
+        env:
+          DOTENV_PROD: ${{ secrets.DOTENV_PROD }}
         run: |
-          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login git.gbrown.org -u "${{ secrets.REGISTRY_USER }}" --password-stdin
-
-      - name: Build app using project script
-        run: |
-          chmod +x ./scripts/build-next-app
-          ./scripts/build-next-app
-
-      - name: Show built images
-        run: |
-          docker images
-
-      - name: Tag built image
+          env_file="$(mktemp)"
+          trap 'rm -f "$env_file"' EXIT
+          printf '%s\n' "$DOTENV_PROD" > "$env_file"
+          CI_ENV_FILE="$env_file" ./scripts/build-next-app staging
+      - name: Tag and push image
         run: |
           docker tag convexmonorepo-next:latest git.gbrown.org/gib/convexmonorepo-next:${{ gitea.sha }}
           docker tag convexmonorepo-next:latest git.gbrown.org/gib/convexmonorepo-next:latest
-
-      - name: Push image tags
-        run: |
           docker push git.gbrown.org/gib/convexmonorepo-next:${{ gitea.sha }}
           docker push git.gbrown.org/gib/convexmonorepo-next:latest