From 408fc1b846f1d2496abcf439b3755aa29b18dde0 Mon Sep 17 00:00:00 2001
From: Lotus Bot <lotus@lotusguild.org>
Date: Thu, 21 May 2026 20:42:45 -0400
Subject: [PATCH] ci: add TypeScript, ESLint, Prettier, audit, and bundle size
 report

Build is the only hard gate. TS/ESLint/Prettier/audit run as informational
checks (continue-on-error) since the codebase has pre-existing issues from
matrix-js-sdk type incompatibilities and upstream formatting.

Bundle size table is written to the job summary after every build so regressions
are visible without digging into logs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 37 ++++++++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index cc78fb0e2..6a8a0b9f8 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   build:
-    name: Build check
+    name: Build & Quality Checks
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -23,14 +23,41 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      # ── Critical gate — if this fails, nothing deploys ──────────────────
       - name: Build
         run: npm run build
         env:
           NODE_OPTIONS: "--max_old_space_size=4096"
-          # No auth token — skip source map upload in CI (done by deploy script)
           SENTRY_AUTH_TOKEN: ""
 
-      - name: Audit (high/critical only)
-        run: npm audit --audit-level=high
-        # Informational — don't fail the build on existing known vulns
+      # ── Quality checks (informational — pre-existing issues exist) ───────
+      - name: TypeScript
+        run: npm run typecheck
         continue-on-error: true
+
+      - name: ESLint
+        run: npm run check:eslint
+        continue-on-error: true
+
+      - name: Prettier
+        run: npm run check:prettier
+        continue-on-error: true
+
+      # ── Security ─────────────────────────────────────────────────────────
+      - name: Audit (high/critical)
+        run: npm audit --audit-level=high
+        continue-on-error: true
+
+      # ── Bundle size report ───────────────────────────────────────────────
+      - name: Report bundle sizes
+        run: |
+          echo "### Bundle sizes" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| File | Size | Gzip |" >> $GITHUB_STEP_SUMMARY
+          echo "|------|------|------|" >> $GITHUB_STEP_SUMMARY
+          find dist/assets -name "*.js" -not -name "*.map" | sort | while read f; do
+            name=$(basename "$f")
+            size=$(du -sh "$f" | cut -f1)
+            gzip_size=$(gzip -c "$f" | wc -c | awk '{printf "%.1f kB", $1/1024}')
+            echo "| $name | $size | $gzip_size |" >> $GITHUB_STEP_SUMMARY
+          done