Twinbloc

Twinbloc Studios

CI/CD Pipelines

The starter template includes a comprehensive suite of GitHub Actions workflows designed to automate quality assurance, security checks, and release management. These workflows are pre-configured in .github/workflows.

Continuous Integration

The core CI pipeline (ci.yml) ensures that every change meets the project's quality standards. It is triggered on pushes to main and pull requests to main.

Pipeline Steps

  • setupConfigures Node.js 22 and pnpm with caching enabled for faster builds.
  • lintRuns pnpm lint to verify code style and potential errors.
  • typecheckRuns pnpm typecheck to validate TypeScript types across the entire project.
  • testExecutes unit and integration tests via pnpm test.

Code Quality & Security

Dependency Review

Defined in dependency-review.yml, this workflow scans pull requests for introduced vulnerabilities. It is configured to fail if any dependency with a severity of high or greater is added.

CodeQL Analysis

The codeql.yml workflow performs semantic code analysis using GitHub's CodeQL engine. It runs on pushes, PRs, and a weekly schedule (Wednesdays at 7:27 AM) to identify security vulnerabilities and bugs in your JavaScript and TypeScript code.

Expo Doctor

The expo-doctor.yml workflow runs npx expo-doctor to validate your Expo configuration. It checks for issues with package versions, deep links, and native project configuration. Runs on pushes, PRs, and weekly.

Workflow Automation

Commit Validation

The commitlint.yml workflow enforces Conventional Commits on all pull requests. It validates that the PR title and commits follow the standard format, which is crucial for automated versioning.

1# Valid formats
2feat: add dark mode support
3fix(auth): resolve token refresh issue
4chore: update dependencies
5

6# Invalid formats
7added dark mode
8fix bug

Release Automation

Release Drafter (release-drafter.yml) automatically drafts GitHub Releases based on merged pull requests. It categorizes changes (Features, Bug Fixes, Chores) and generates a changelog, keeping your release notes up-to-date without manual effort.

PR Labeler

The labeler.yml workflow automatically assigns labels to pull requests based on the files changed. This helps in categorizing PRs (e.g., adding a frontend label if components are modified) and filtering them easily.

Dependency Management

The project includes a dependabot.yml configuration that checks for npm package updates weekly. It automatically opens pull requests to upgrade dependencies, grouped together to minimize noise.

Last updated on 2/10/2026

Edit this page on GitHub