Lathiya50 · Lathiya50 · Mar 14, 2026 · Mar 14, 2026 · Mar 14, 2026 · Mar 14, 2026
diff --git a/.env.example b/.env.example
@@ -5,14 +5,14 @@ BETTER_AUTH_SECRET="supersecretkey" # Replace with a strong secret key
 BETTER_AUTH_URL="https://app.example.com" # Base URL of your app
 NEXT_PUBLIC_APP_URL="https://app.example.com"
 
-GITHUB_CLIENT_ID=""
-GITHUB_CLIENT_SECRET=""
+GH_CLIENT_ID=""
+GH_CLIENT_SECRET=""
 
 GROQ_API_KEY="" # Free key from https://console.groq.com/keys
 OPENAI_API_KEY="" # Optional — only needed when using the "openai" provider
 OPENAI_BASE_URL="" # Optional — override for OpenAI-compatible endpoints (e.g. OpenRouter)
 
-GITHUB_WEBHOOK_SECRET="supersecretwebhooksecret" # Replace with a strong secret key
+GH_WEBHOOK_SECRET="supersecretwebhooksecret" # Replace with a strong secret key
 
 INNGEST_EVENT_KEY=""
 INNGEST_SIGNING_KEY=""
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,96 @@
+name: CI / CD
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  ci:
+    name: Lint, Type-check & Build
+    runs-on: ubuntu-latest
+
+    env:
+      DATABASE_URL: ${{ secrets.DATABASE_URL }}
+      BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }}
+      BETTER_AUTH_URL: ${{ secrets.BETTER_AUTH_URL }}
+      NEXT_PUBLIC_APP_URL: ${{ secrets.NEXT_PUBLIC_APP_URL }}
+      GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
+      GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
+      GH_WEBHOOK_SECRET: ${{ secrets.GH_WEBHOOK_SECRET }}
+      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
+      INNGEST_EVENT_KEY: ${{ secrets.INNGEST_EVENT_KEY }}
+      INNGEST_SIGNING_KEY: ${{ secrets.INNGEST_SIGNING_KEY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+          run_install: false
+
+      - name: Setup Node.js 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Generate Prisma Client
+        run: pnpm db:generate
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Build
+        run: pnpm build
+
+  deploy:
+    name: Deploy to Vercel (Production)
+    runs-on: ubuntu-latest
+    needs: ci
+    # Only deploy on direct pushes to main — not on pull requests
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+
+    env:
+      VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+      VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+          run_install: false
+
+      - name: Setup Node.js 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Install Vercel CLI
+        run: npm i -g vercel@latest
+
+      - name: Pull Vercel environment variables
+        run: vercel pull --yes --environment=production --token=${{ secrets.VERCEL_TOKEN }}
+
+      - name: Build project via Vercel
+        run: vercel build --prod --token=${{ secrets.VERCEL_TOKEN }}
+
+      - name: Deploy prebuilt project to Vercel
+        run: vercel deploy --prebuilt --prod --token=${{ secrets.VERCEL_TOKEN }}
diff --git a/.github/workflows/deploy-vps.yml b/.github/workflows/deploy-vps.yml
diff --git a/.husky/pre-push b/.husky/pre-push
@@ -0,0 +1,19 @@
+echo "Running lint check..."
+
+pnpm run lint
+
+if [ $? -ne 0 ]; then
+  echo "Lint failed! Push aborted."
+  exit 1
+fi
+
+echo "Lint passed. Running build..."
+
+pnpm run build
+
+if [ $? -ne 0 ]; then
+  echo "Build failed! Push aborted."
+  exit 1
+fi
+
+echo "Lint and build succeeded. Proceeding with push."
diff --git a/Dockerfile b/Dockerfile
@@ -18,10 +18,10 @@ ENV DATABASE_URL="postgresql://build:build@localhost:5432/codereviewai" \
     BETTER_AUTH_SECRET="build-time-better-auth-secret-change-at-runtime" \
     BETTER_AUTH_URL="https://example.com" \
     NEXT_PUBLIC_APP_URL="https://example.com" \
-    GITHUB_CLIENT_ID="build-github-client-id" \
-    GITHUB_CLIENT_SECRET="build-github-client-secret" \
+    GH_CLIENT_ID="build-github-client-id" \
+    GH_CLIENT_SECRET="build-github-client-secret" \
     OPENAI_API_KEY="sk-build-placeholder" \
-    GITHUB_WEBHOOK_SECRET="build-github-webhook-secret" \
+    GH_WEBHOOK_SECRET="build-github-webhook-secret" \
     INNGEST_EVENT_KEY="build-inngest-event-key" \
     INNGEST_SIGNING_KEY="build-inngest-signing-key"