Enhance CI/CD pipeline with test orchestration, linting, and security workflows

[Copilot]

Adds parallel quality checks, security auditing, and build verification to the CI/CD pipeline. Ensures tests run before deployments and prevents production deployment race conditions.

Modified Workflows

• github-pages-deploy.yml: Added test job dependency before build/deploy to staging

  jobs:
    test:
      uses: ./.github/workflows/test.yml
    build:
      needs: [test]

• netlify-deploy.yml: Added concurrency control for production deployments

  concurrency:
    group: netlify-production
    cancel-in-progress: false

• test.yml: Added build verification step after test execution

New Workflows

• lint.yml: Reusable linting workflow (PR triggers + workflow_call)

• security-audit.yml: Runs npm audit --audit-level=moderate on PRs and weekly schedule; includes non-failing outdated dependency check

• quality-checks.yml: Orchestrates test and lint workflows in parallel on PRs

  jobs:
    test:
      uses: ./.github/workflows/test.yml
    lint:
      uses: ./.github/workflows/lint.yml

All workflows use Node.js 24 with npm caching and explicit GITHUB_TOKEN permissions.

Original prompt

Problem Statement

Improve the CI/CD pipeline by implementing the following enhancements:

1. Update github-pages-deploy.yml

• Add test job before build/deploy to staging environment
• Call the reusable test workflow: uses: ./.github/workflows/test.yml
• Make build job depend on test job with needs: [test]

2. Update netlify-deploy.yml

• Add concurrency control to prevent race conditions during production deployments:

concurrency:
  group: netlify-production
  cancel-in-progress: false

3. Update test.yml

• Add build verification step after running tests
• Add step to verify the build succeeds:

- name: Verify build
  run: npm run build

4. Create new .github/workflows/lint.yml

• Run on pull requests to main and dev branches
• Run on workflow_call for reusability
• Use Node.js 24 with npm caching
• Run linting command: npm run lint (if it exists in package.json)
• If lint script doesn't exist in package.json, run npx eslint . --max-warnings 0 as a fallback

5. Create new .github/workflows/security-audit.yml

• Run on pull requests to main and dev branches
• Run weekly on schedule: cron: '0 0 * * 0'
• Use Node.js 24 with npm caching
• Run npm audit --audit-level=moderate
• Add step to check for outdated dependencies: npm outdated (should not fail the job)

6. Create new .github/workflows/quality-checks.yml

• Run on pull requests to main and dev branches
• Call both test and lint workflows in parallel
• Use workflow_call to invoke both .github/workflows/test.yml and .github/workflows/lint.yml
• Both jobs should run independently (no needs dependency between them)

Success Criteria

• All workflow files are valid YAML
• Test workflow includes build verification
• GitHub Pages deployment runs tests before deploying
• Netlify deployment has concurrency control
• New lint workflow is created and reusable
• New security audit workflow runs on PRs and weekly schedule
• New quality checks workflow orchestrates test and lint in parallel
• All workflows use consistent Node.js version (24) and caching strategy

Files to Modify/Create

• .github/workflows/github-pages-deploy.yml (update)
• .github/workflows/netlify-deploy.yml (update)
• .github/workflows/test.yml (update)
• .github/workflows/lint.yml (create)
• .github/workflows/security-audit.yml (create)
• .github/workflows/quality-checks.yml (create)

This pull request was created from Copilot chat.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.