chore: align monorepo automation for blog split

Add professional root scripts and expand CI/E2E workflows to run portfolio, blog, and api checks consistently. Harden CSP hash updates to fail on fatal config issues and preserve original line endings to avoid noisy diffs.

Author: yacosta738

.github/actions/lint/action.yml

@@ -67,37 +67,11 @@ runs:
       id: astro
       if: inputs.check-astro == 'true'
       shell: bash
-      working-directory: apps/portfolio
       run: |
-        echo "🔍 Running Astro type checks..."
-        # Ensure node_modules are installed so `astro` and other local binaries are available.
-        # Make sure pnpm is available. Prefer Corepack if present.
-        if command -v corepack >/dev/null 2>&1; then
-          echo "⚙️ Corepack detected, preparing pnpm from packageManager..."
-          # Use the packageManager version declared in package.json if possible
-          if [ -f package.json ]; then
-            PM=$(node -e "console.log(require('./package.json').packageManager||'pnpm@latest')") || PM=pnpm@latest
-            echo "🔧 Preparing $PM"
-            corepack prepare "$PM" --activate || true
-          else
-            corepack prepare pnpm@latest --activate || true
-          fi
-        elif command -v pnpm >/dev/null 2>&1; then
-          echo "⚙️ pnpm already available"
-        else
-          echo "⚠️ pnpm and corepack not found, installing pnpm via npm..."
-          npm install -g pnpm@latest || true
-        fi
-
-        if [ -f pnpm-lock.yaml ] || [ -f package-lock.json ] || [ -f yarn.lock ]; then
-          echo "📦 Installing dependencies (pnpm install)..."
-          pnpm install --frozen-lockfile --ignore-scripts || pnpm install
-        else
-          echo "📦 No lockfile found, running pnpm install..."
-          pnpm install
-        fi
-
-        pnpm check:astro
+        echo "🔍 Running Astro type checks for portfolio and blog..."
+        pnpm install --frozen-lockfile --ignore-scripts || pnpm install
+        pnpm --filter=portfolio check:astro
+        pnpm --filter=blog check:astro
         STATUS=$?
         
         if [ $STATUS -eq 0 ]; then
@@ -111,11 +85,11 @@ runs:
 
     - name: Check accessibility
       shell: bash
-      working-directory: apps/portfolio
       continue-on-error: true
       run: |
-        echo "♿ Running accessibility checks..."
-        pnpm check:a11y || echo "⚠️ Accessibility warnings found"
+        echo "♿ Running accessibility checks for portfolio and blog..."
+        pnpm --filter=portfolio check:a11y || echo "⚠️ Portfolio accessibility warnings found"
+        pnpm --filter=blog check:a11y || echo "⚠️ Blog accessibility warnings found"
 
     - name: Generate lint summary
       shell: bash

.github/actions/test-playwright/action.yml

@@ -3,6 +3,10 @@ description: 'Run Playwright E2E tests with intelligent browser caching'
 author: 'yacosta738'
 
 inputs:
+  app:
+    description: 'App to test (portfolio/blog)'
+    required: false
+    default: 'portfolio'
   browser:
     description: 'Browser to test (chromium/firefox/webkit/all)'
     required: false
@@ -22,22 +26,22 @@ outputs:
     value: ${{ steps.run-tests.outputs.status }}
   report-path:
     description: 'Path to test report'
-    value: 'apps/portfolio/playwright-report'
+    value: apps/${{ inputs.app }}/playwright-report
 
 runs:
   using: "composite"
   steps:
     - name: Get Playwright version
       id: playwright-version
       shell: bash
-      working-directory: apps/portfolio
+      working-directory: apps/${{ inputs.app }}
       run: |
         VERSION=$(jq -r '.devDependencies["@playwright/test"] // .dependencies["@playwright/test"] // "latest"' package.json)
         echo "version=$VERSION" >> $GITHUB_OUTPUT
         echo "🎭 Playwright version: $VERSION"
     - name: Install dependencies
       shell: bash
-      working-directory: apps/portfolio
+      working-directory: apps/${{ inputs.app }}
       run: pnpm install --frozen-lockfile
     - name: Cache Playwright browsers
       id: playwright-cache
@@ -52,7 +56,7 @@ runs:
     - name: Install Playwright browsers
       if: steps.playwright-cache.outputs.cache-hit != 'true'
       shell: bash
-      working-directory: apps/portfolio
+      working-directory: apps/${{ inputs.app }}
       run: |
         echo "📥 Installing Playwright browsers..."
         
@@ -65,7 +69,7 @@ runs:
     - name: Ensure Playwright browsers (cached)
       if: steps.playwright-cache.outputs.cache-hit == 'true'
       shell: bash
-      working-directory: apps/portfolio
+      working-directory: apps/${{ inputs.app }}
       run: |
         echo "♻️ Using cached browsers, validating browser binaries and dependencies..."
         
@@ -80,7 +84,7 @@ runs:
     - name: Run Playwright tests
       id: run-tests
       shell: bash
-      working-directory: apps/portfolio
+      working-directory: apps/${{ inputs.app }}
       env:
         CI: true
         PW_USE_PREVIEW: '1'
@@ -113,17 +117,17 @@ runs:
       if: always() && inputs.upload-results == 'true'
       uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4
       with:
-        name: playwright-report-${{ inputs.browser }}-${{ github.run_number }}
-        path: apps/portfolio/playwright-report/
+        name: playwright-report-${{ inputs.app }}-${{ inputs.browser }}-${{ github.run_number }}
+        path: apps/${{ inputs.app }}/playwright-report/
         retention-days: 30
         if-no-files-found: warn
 
     - name: Upload test traces
       if: failure() && inputs.upload-results == 'true'
       uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4
       with:
-        name: playwright-traces-${{ inputs.browser }}-${{ github.run_number }}
-        path: apps/portfolio/test-results/
+        name: playwright-traces-${{ inputs.app }}-${{ inputs.browser }}-${{ github.run_number }}
+        path: apps/${{ inputs.app }}/test-results/
         retention-days: 30
         if-no-files-found: warn
 
@@ -133,11 +137,12 @@ runs:
       run: |
         echo "## 🎭 E2E Tests Summary" >> $GITHUB_STEP_SUMMARY
         echo "" >> $GITHUB_STEP_SUMMARY
+        echo "- **App**: ${{ inputs.app }}" >> $GITHUB_STEP_SUMMARY
         echo "- **Browser**: ${{ inputs.browser }}" >> $GITHUB_STEP_SUMMARY
         echo "- **Status**: ${{ steps.run-tests.outputs.status == 'success' && '✅ Passed' || '❌ Failed' }}" >> $GITHUB_STEP_SUMMARY
         echo "- **Mode**: ${{ inputs.headed == 'true' && 'Headed' || 'Headless' }}" >> $GITHUB_STEP_SUMMARY
         
         # Try to extract test statistics
-        if [ -f "apps/portfolio/playwright-report/index.html" ]; then
+        if [ -f "apps/${{ inputs.app }}/playwright-report/index.html" ]; then
           echo "- **Report**: Available in artifacts" >> $GITHUB_STEP_SUMMARY
         fi

.github/actions/test-unit/action.yml

@@ -8,7 +8,7 @@ inputs:
     required: false
     default: 'true'
   project:
-    description: 'Specific project to test (portfolio/api/all)'
+    description: 'Specific project to test (portfolio/blog/api/all)'
     required: false
     default: 'all'
   upload-coverage:
@@ -39,13 +39,12 @@ runs:
     - name: Install dependencies
       shell: bash
       run: |
+        pnpm install --frozen-lockfile
+
         if [ "${{ inputs.project }}" == "all" ]; then
-          pnpm install --frozen-lockfile
-          cd apps/portfolio && pnpm install --frozen-lockfile
-          cd ../api && pnpm install --frozen-lockfile
+          echo "Installing workspace dependencies for all projects..."
         else
-          cd apps/${{ inputs.project }}
-          pnpm install --frozen-lockfile
+          echo "Installing workspace dependencies for ${{ inputs.project }}..."
         fi
     - name: Run unit tests
       id: run-tests

.github/workflows/ci.yml

@@ -28,7 +28,7 @@ permissions:
 
 env:
   NODE_VERSION: '22'
-  PNPM_VERSION: '10.18.2'
+  PNPM_VERSION: '10.30.1'
 
 jobs:
   # Job 1: Setup & Lint (fastest checks first)
@@ -67,7 +67,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        project: [portfolio, api]
+        project: [portfolio, blog, api]
     steps:
       - name: Checkout code
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
@@ -93,7 +93,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        project: [portfolio, api]
+        project: [portfolio, blog, api]
     steps:
       - name: Checkout code
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
@@ -116,6 +116,10 @@ jobs:
         with:
           dry-run: 'true'
 
+      - name: Build Blog
+        if: matrix.project == 'blog'
+        run: pnpm install --frozen-lockfile && pnpm --filter=blog build
+
   # Job 4: E2E Tests (depends on build)
   e2e-tests:
     name: 🎭 E2E Tests
@@ -125,7 +129,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        browser: [chromium, firefox, webkit]
+        include:
+          - app: portfolio
+            browser: chromium
+          - app: portfolio
+            browser: firefox
+          - app: portfolio
+            browser: webkit
+          - app: blog
+            browser: chromium
     steps:
       - name: Checkout code
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
@@ -136,6 +148,7 @@ jobs:
           node-version: ${{ env.NODE_VERSION }}
 
       - name: Download portfolio build
+        if: matrix.app == 'portfolio'
         uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           name: portfolio-dist-${{ github.sha }}
@@ -145,6 +158,7 @@ jobs:
       - name: Run E2E tests
         uses: ./.github/actions/test-playwright
         with:
+          app: ${{ matrix.app }}
           browser: ${{ matrix.browser }}
           upload-results: 'true'
 

.github/workflows/playwright.yml

@@ -34,14 +34,22 @@ env:
 
 jobs:
   test:
-    name: E2E Tests - ${{ matrix.project }}
+    name: E2E Tests - ${{ matrix.app }} (${{ matrix.browser }})
     runs-on: ubuntu-latest
     timeout-minutes: 60
 
     strategy:
       fail-fast: false
       matrix:
-        project: [chromium, firefox, webkit]
+        include:
+          - app: portfolio
+            browser: chromium
+          - app: portfolio
+            browser: firefox
+          - app: portfolio
+            browser: webkit
+          - app: blog
+            browser: chromium
 
     steps:
       - name: Checkout code
@@ -55,7 +63,8 @@ jobs:
       - name: Run Playwright E2E tests
         uses: ./.github/actions/test-playwright
         with:
-          browser: ${{ matrix.project }}
+          app: ${{ matrix.app }}
+          browser: ${{ matrix.browser }}
           upload-results: 'true'
 
   report:

apps/api/package.json

@@ -5,6 +5,7 @@
 	"packageManager": "pnpm@10.30.1",
 	"scripts": {
 		"build": "echo '🚀 Validating configuration...' && wrangler deploy --dry-run",
+		"check": "pnpm test:unit && pnpm build",
 		"deploy": "wrangler deploy",
 		"dev": "wrangler dev",
 		"start": "wrangler dev",

apps/portfolio/scripts/update-csp-script-hashes.mjs

@@ -59,7 +59,20 @@ const extractHashesFromHtml = (html) => {
 		const startTagIndex = lowerHtml.indexOf("<script", pos);
 		if (startTagIndex === -1) break;
 
-		const endTagIndex = lowerHtml.indexOf("</script>", startTagIndex);
+		let endTagIndex = lowerHtml.indexOf("</script>", startTagIndex);
+		let endTagLength = 9;
+
+		if (endTagIndex === -1) {
+			const closeTagPattern = /<\s*\/\s*script\b[^>]*>/gi;
+			closeTagPattern.lastIndex = startTagIndex;
+			const fallbackMatch = closeTagPattern.exec(lowerHtml);
+
+			if (fallbackMatch) {
+				endTagIndex = fallbackMatch.index;
+				endTagLength = fallbackMatch[0].length;
+			}
+		}
+
 		if (endTagIndex === -1) {
 			pos = startTagIndex + 7;
 			continue;
@@ -83,7 +96,7 @@ const extractHashesFromHtml = (html) => {
 				hashes.add(hashInlineScript(content));
 			}
 		}
-		pos = endTagIndex + 9;
+		pos = endTagIndex + endTagLength;
 	}
 	return hashes;
 };
@@ -111,10 +124,11 @@ const main = () => {
 
 	if (!existsSync(headersPath)) {
 		console.error(`_headers file not found at ${headersPath}`);
-		return;
+		process.exit(1);
 	}
 
 	const headersContent = readFileSync(headersPath, "utf8");
+	const separator = headersContent.includes("\r\n") ? "\r\n" : "\n";
 	const lines = headersContent.split(/\r?\n/);
 	let cspLineIndex = -1;
 
@@ -127,7 +141,7 @@ const main = () => {
 
 	if (cspLineIndex === -1) {
 		console.error("Could not find Content-Security-Policy line in _headers.");
-		return;
+		process.exit(1);
 	}
 
 	const originalLine = lines[cspLineIndex];
@@ -151,7 +165,7 @@ const main = () => {
 
 	if (scriptSrcIndex === -1) {
 		console.error("Could not find script-src directive in CSP.");
-		return;
+		process.exit(1);
 	}
 
 	const scriptSrcDirective = directives[scriptSrcIndex];
@@ -172,7 +186,7 @@ const main = () => {
 	const nextCspValue = `${directives.join("; ")};`;
 	lines[cspLineIndex] = prefix + nextCspValue;
 
-	writeFileSync(headersPath, lines.join("\n"), "utf8");
+	writeFileSync(headersPath, lines.join(separator), "utf8");
 
 	console.log(
 		`Updated CSP script-src with ${allHashes.size} inline script hash(es) in ${headersPath}`,