Skip to content

fix(api): serialize global_config updates to prevent lost writes #702

fix(api): serialize global_config updates to prevent lost writes

fix(api): serialize global_config updates to prevent lost writes #702

name: frontend-build-sentinel
# Fast-fail guard against frontend builds that break on the protected
# branch but slipped past pre-commit + PR CI. Catches:
# - Rebases (pre-commit hooks don't run on rebase).
# - Merge commits authored via the GitHub UI (no pre-commit there).
# - Push races where two commits interleave on the protected branch
# in an unintended order.
#
# Designed to fire within ~1 minute of landing so the team gets paged
# before the per-cloud deploys (which run the same build inside their
# Docker frontend-builder stage) hit the failure 30+ minutes later.
#
# See #177 for the post-mortem of the PR #160 / PR #172 incident that
# motivated this.
on:
push:
branches:
- main
- "feat/**"
permissions:
contents: read
concurrency:
# Successive pushes to the same ref only need the latest tip built.
group: frontend-build-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: Build frontend
runs-on: ubuntu-latest
timeout-minutes: 5
defaults:
run:
working-directory: frontend
steps:
- name: Checkout
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
- name: Set up Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "24"
cache: "npm"
cache-dependency-path: frontend/package-lock.json
- name: Install dependencies
run: npm ci
- name: TypeScript typecheck
run: npx tsc --noEmit
- name: Build
run: npm run build
- name: Run frontend tests
run: npx jest --no-coverage --silent