CPF 155 Playwright e2e test framework #244

	name: CI Frontend

	on:
	workflow_dispatch:
	pull_request:
	types:
	- opened
	- synchronize
	- reopened
	- ready_for_review
	branches:
	- main
	- develop

	jobs:
	checks:
	name: Frontend checks
	timeout-minutes: 15
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: frontend
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup Node.js environment
	uses: actions/setup-node@v4
	with:
	node-version-file: 'frontend/.nvmrc'

	- name: Restore cache
	uses: actions/cache@v4
	with:
	path: \|
	${{ github.workspace }}/frontend/.next/cache
	key: ${{ runner.os }}-nextjs-${{ hashFiles('frontend/yarn.lock') }}-${{ hashFiles('frontend/*/.js', 'frontend/*/.jsx', 'frontend/*/.ts', 'frontend/*/.tsx') }}
	restore-keys: \|
	${{ runner.os }}-nextjs-${{ hashFiles('frontend/yarn.lock') }}-

	- name: Install dependencies
	run: yarn

	- name: Test
	run: yarn test

	- name: Lint
	run: yarn lint

	- name: Type check
	run: yarn compile

	- name: Audit dependencies
	run: yarn audit --severity high --environment production

	semgrep:
	name: Semgrep
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: frontend
	container:
	image: returntocorp/semgrep:1.75
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Run Semgrep checks
	env:
	SEMGREP_TIMEOUT: 300
	SEMGREP_SEND_METRICS: off
	SEMGREP_RULES: >-
	p/react
	p/typescript
	p/javascript
	p/owasp-top-ten
	p/secrets
	p/security-audit
	p/nodejsscan
	run: \|
	semgrep scan --error --jobs 2 --disable-version-check --exclude yarn.lock

Provide feedback