CI/CD

Roosevelt gebruikt GitHub Actions voor alle CI/CD. 13 workflows in .github/workflows/.

Workflow Overzicht

Deployment Workflows

Workflow	Trigger	Duur
`deploy-marketing.yml`	Push to `main`	~3 min
`deploy-docs.yml`	Push to `main`	~3 min
`deploy-api.yml`	Push to `main`	~5 min
`deploy-web.yml`	Push to `main`	~6 min

Quality Workflows

Workflow	Trigger	Duur
`test.yml`	PR, push	~4 min
`e2e.yml`	PR, push	~8 min
`security.yml`	PR, push	~3 min
`lint.yml`	PR, push	~2 min

Maintenance Workflows

Workflow	Trigger
`dependabot.yml`	Weekly
`codeql.yml`	Weekly

Deployment Flow

# Voorbeeld: deploy-docs.yml
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
      - run: pnpm install --filter @roosevelt/docs
      - run: pnpm --filter @roosevelt/docs build
      - name: Deploy via rsync
        run: |
          rsync -avz --delete apps/docs/out/ \
            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:/srv/docs.roosevelt.dev/

Secrets

Alle secrets worden opgeslagen in GitHub Secrets:

# Bekijk bestaande secrets
gh secret list
 
# Stel een secret in (via MCP output):
gh secret set SENTRY_DSN -b "$(mcp_output)"

Regel: Nooit placeholder waarden. Altijd de echte waarde ophalen via MCP of CLI.

Dependabot

Dependabot controleert wekelijks op dependency updates:

# .github/dependabot.yml
updates:
  - package-ecosystem: npm
    directory: /apps/web
    schedule:
      interval: weekly
    reviewers:
      - hansbeeksma

CI/CD

On this page