CISCODE-MA · Zaiidmo · Mar 2, 2026 · Mar 1, 2026 · Mar 1, 2026 · Mar 1, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
@@ -0,0 +1,41 @@
+name: CI - PR Validation
+
+on:
+  pull_request:
+    branches: [develop]
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    name: CI - PR Validation
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+
+      - name: Install
+        run: npm ci
+
+      - name: Format (check)
+        run: npm run format
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Typecheck
+        run: npm run typecheck
+
+      - name: Test
+        run: npm test
+
+      - name: Build
+        run: npm run build
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,47 +1,44 @@
-# Publish to npm - Runs on version tags
-name: Publish to npm
+name: Publish to NPM
 
 on:
   push:
     tags:
       - "v*.*.*"
-    branches:
-      - master
+  workflow_dispatch:
 
 jobs:
   publish:
-    name: Build & Publish
     runs-on: ubuntu-latest
+
     permissions:
       contents: read
-      id-token: write
+      packages: write
+
     steps:
-      - name: Checkout
+      - name: Checkout code
         uses: actions/checkout@v4
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "20"
           registry-url: "https://registry.npmjs.org"
-          cache: "npm"
 
       - name: Install dependencies
         run: npm ci
 
-      - name: Run lint
-        run: npm run lint
+      - name: Run lint (if present)
+        run: npm run lint --if-present
+        continue-on-error: false
 
-      - name: Run tests
-        run: npm test
+      - name: Run tests (if present)
+        run: npm test --if-present
+        continue-on-error: false
 
       - name: Build package
         run: npm run build
 
-      - name: Verify package contents
-        run: npm pack --dry-run
-
-      - name: Publish to npm
-        run: npm publish --provenance --access public
+      - name: Publish to NPM
+        run: npm publish --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml
@@ -0,0 +1,83 @@
+name: CI - Release Check
+
+on:
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+    inputs:
+      sonar:
+        description: "Run SonarCloud analysis"
+        required: true
+        default: "false"
+        type: choice
+        options:
+          - "false"
+          - "true"
+
+concurrency:
+  group: ci-release-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  ci:
+    name: release checks
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+
+    # Config stays in the workflow file (token stays in repo secrets)
+    env:
+      SONAR_HOST_URL: "https://sonarcloud.io"
+      SONAR_ORGANIZATION: "ciscode"
+      SONAR_PROJECT_KEY: "CISCODE-MA_DatabaseKit"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          cache: "npm"
+
+      - name: Install
+        run: npm ci
+
+      - name: Format
+        run: npm run format
+
+      - name: Typecheck
+        run: npm run typecheck
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Test (with coverage)
+        run: npm run test:cov
+
+      - name: Build
+        run: npm run build
+
+      - name: SonarCloud Scan
+        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.sonar == 'true' }}
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ env.SONAR_HOST_URL }}
+        with:
+          args: >
+            -Dsonar.organization=${{ env.SONAR_ORGANIZATION }} \
+            -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} \
+            -Dsonar.sources=src \
+            -Dsonar.tests=test \
+            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
+
+      - name: SonarCloud Quality Gate
+        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.sonar == 'true' }}
+        uses: SonarSource/sonarqube-quality-gate-action@v1
+        timeout-minutes: 10
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ env.SONAR_HOST_URL }}
diff --git a/.husky/_/.gitignore b/.husky/_/.gitignore
@@ -0,0 +1 @@
+*
diff --git a/.husky/_/applypatch-msg b/.husky/_/applypatch-msg
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/commit-msg b/.husky/_/commit-msg
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/h b/.husky/_/h
@@ -0,0 +1,22 @@
+#!/usr/bin/env sh
+[ "$HUSKY" = "2" ] && set -x
+n=$(basename "$0")
+s=$(dirname "$(dirname "$0")")/$n
+
+[ ! -f "$s" ] && exit 0
+
+if [ -f "$HOME/.huskyrc" ]; then
+	echo "husky - '~/.huskyrc' is DEPRECATED, please move your code to ~/.config/husky/init.sh"
+fi
+i="${XDG_CONFIG_HOME:-$HOME/.config}/husky/init.sh"
+[ -f "$i" ] && . "$i"
+
+[ "${HUSKY-}" = "0" ] && exit 0
+
+export PATH="node_modules/.bin:$PATH"
+sh -e "$s" "$@"
+c=$?
+
+[ $c != 0 ] && echo "husky - $n script failed (code $c)"
+[ $c = 127 ] && echo "husky - command not found in PATH=$PATH"
+exit $c
diff --git a/.husky/_/husky.sh b/.husky/_/husky.sh
@@ -0,0 +1,9 @@
+echo "husky - DEPRECATED
+
+Please remove the following two lines from $0:
+
+#!/usr/bin/env sh
+. \"\$(dirname -- \"\$0\")/_/husky.sh\"
+
+They WILL FAIL in v10.0.0
+"
-echo "husky - DEPRECATED
-
-Please remove the following two lines from $0:
-
-#!/usr/bin/env sh
-. \"\$(dirname -- \"\$0\")/_/husky.sh\"
-
-They WILL FAIL in v10.0.0
-"
+#!/usr/bin/env sh
+
+# Husky bootstrap script
+# Initializes environment and delegates execution to .husky/_/h
+
+if [ -z "$husky_skip_init" ]; then
+  # Enable debug output when HUSKY_DEBUG=1
+  debug () {
+    [ "$HUSKY_DEBUG" = "1" ] && echo "husky (debug) - $1"
+  }
+
+  readonly hook_name="$(basename -- "$0")"
+  debug "starting $hook_name..."
+
+  # Allow disabling Husky by setting HUSKY=0
+  if [ "$HUSKY" = "0" ]; then
+    debug "HUSKY env variable is set to 0, skipping hook"
+    exit 0
+  fi
+
+  # Skip if not in a project with package.json
+  if [ ! -f package.json ]; then
+    debug "no package.json, skipping hook"
+    exit 0
+  fi
+
+  # Husky runner
+  command=".husky/_/h"
+
+  if [ ! -f "$command" ]; then
+    debug "can't find husky runner at $command, skipping hook"
+    exit 0
+  fi
+
+  if [ ! -x "$command" ]; then
+    debug "husky runner is not executable, skipping hook"
+    exit 0
+  fi
+
+  export husky_skip_init=1
+  sh -e "$command" "$hook_name" "$@"
+  exitCode="$?"
+
+  if [ "$exitCode" != 0 ]; then
+    echo "husky - $hook_name hook exited with code $exitCode (error)"
+  fi
+
+  exit "$exitCode"
+fi
-echo "husky - DEPRECATED
-
-Please remove the following two lines from $0:
-
-#!/usr/bin/env sh
-. \"\$(dirname -- \"\$0\")/_/husky.sh\"
-
-They WILL FAIL in v10.0.0
-"
+#!/usr/bin/env sh
+
+# Husky bootstrap script
+# Initializes environment and delegates execution to .husky/_/h
+
+if [ -z "$husky_skip_init" ]; then
+  # Enable debug output when HUSKY_DEBUG=1
+  debug () {
+    [ "$HUSKY_DEBUG" = "1" ] && echo "husky (debug) - $1"
+  }
+
+  readonly hook_name="$(basename -- "$0")"
+  debug "starting $hook_name..."
+
+  # Allow disabling Husky by setting HUSKY=0
+  if [ "$HUSKY" = "0" ]; then
+    debug "HUSKY env variable is set to 0, skipping hook"
+    exit 0
+  fi
+
+  # Skip if not in a project with package.json
+  if [ ! -f package.json ]; then
+    debug "no package.json, skipping hook"
+    exit 0
+  fi
+
+  # Husky runner
+  command=".husky/_/h"
+
+  if [ ! -f "$command" ]; then
+    debug "can't find husky runner at $command, skipping hook"
+    exit 0
+  fi
+
+  if [ ! -x "$command" ]; then
+    debug "husky runner is not executable, skipping hook"
+    exit 0
+  fi
+
+  export husky_skip_init=1
+  sh -e "$command" "$hook_name" "$@"
+  exitCode="$?"
+
+  if [ "$exitCode" != 0 ]; then
+    echo "husky - $hook_name hook exited with code $exitCode (error)"
+  fi
+
+  exit "$exitCode"
+fi
diff --git a/.husky/_/post-applypatch b/.husky/_/post-applypatch
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/post-checkout b/.husky/_/post-checkout
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/post-commit b/.husky/_/post-commit
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/post-merge b/.husky/_/post-merge
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/post-rewrite b/.husky/_/post-rewrite
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/pre-applypatch b/.husky/_/pre-applypatch
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/pre-auto-gc b/.husky/_/pre-auto-gc
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/pre-commit b/.husky/_/pre-commit
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/pre-merge-commit b/.husky/_/pre-merge-commit
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/pre-push b/.husky/_/pre-push
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/pre-rebase b/.husky/_/pre-rebase
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/_/prepare-commit-msg b/.husky/_/prepare-commit-msg
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/h"
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx lint-staged
-npx lint-staged
+npm run lint
-npx lint-staged
+npm run lint
diff --git a/.husky/pre-push b/.husky/pre-push
@@ -0,0 +1,2 @@
+npm run typecheck
+npm test