chore: cleanups

.github/workflows/typecheck.yml

@@ -0,0 +1,57 @@
+name: TypeScript Type Check
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+      - '**'
+  pull_request:
+    branches:
+      - main
+      - master
+      - develop
+
+jobs:
+  typecheck:
+    name: TypeScript Type Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run TypeScript type check
+        run: pnpm run typecheck
+
+      - name: Notify on failure
+        if: failure()
+        run: |
+          echo "::error::TypeScript type check failed. Please fix type errors before merging."

AGENTS.md

@@ -56,29 +56,40 @@
 ## Development Workflow
 
 ### Commands
-- `npm run dev` - Start dev server (port 4000)
-- `npm run lintfix` - Auto-fix linting issues
-- `npm run lint` - Check for issues
-- `npm run build` - Production build
+- `pnpm dev` - Start dev server (port 4000)
+- `pnpm build` - Production build
+- `pnpm start` - Start production server
+- `pnpm lint` - Check for linting issues
+- `pnpm lintfix` - Auto-fix linting issues
+- `pnpm typecheck` - Run TypeScript type checking
+- `pnpm security:audit` - Run security vulnerability scan
+- `pnpm security:check` - Generate security report (JSON)
+- `pnpm security:outdated` - Check for outdated dependencies
 
 ### Windsurf Commands Helper Script
 The project includes `windsurf-commands.sh` for common development tasks:
 
 ```bash
-./windsurf-commands.sh lint      # Run ESLint to check for code issues
-./windsurf-commands.sh lintfix   # Run ESLint with auto-fix enabled
-./windsurf-commands.sh help      # Show available commands
+./windsurf-commands.sh lint              # Run ESLint to check for code issues
+./windsurf-commands.sh lintfix           # Run ESLint with auto-fix enabled
+./windsurf-commands.sh typecheck         # Run TypeScript type checking
+./windsurf-commands.sh security:audit    # Run security vulnerability scan
+./windsurf-commands.sh security:check    # Generate security report (JSON)
+./windsurf-commands.sh security:outdated # Check for outdated dependencies
+./windsurf-commands.sh help              # Show available commands
 ```
 
-**Usage in AGENTS.md:**
-- When referencing linting in rules, can use either `npm run lint` or `./windsurf-commands.sh lint`
+**Usage:**
 - Script provides consistent interface for development commands
-- Includes error handling and user-friendly output
+- All commands use `pnpm` internally
+- Includes error handling and user-friendly output with emojis
+- Can be used interchangeably with direct `pnpm run` commands
 
 ### Before Committing
-1. Run `npm run lintfix` and `npm run lint`
-2. Ensure TypeScript compiles
-3. Test changes in browser
+1. Run `pnpm run lintfix` and `pnpm run lint` (or use `./windsurf-commands.sh lintfix` and `./windsurf-commands.sh lint`)
+2. Run `pnpm run typecheck` (or `./windsurf-commands.sh typecheck`) to ensure TypeScript compiles
+3. Run `pnpm run security:audit` (or `./windsurf-commands.sh security:audit`) to check for vulnerabilities
+4. Test changes in browser
 
 ## File Naming
 - **Components**: PascalCase (`MainPage.tsx`)
@@ -359,6 +370,63 @@ mcp0_browser_snapshot → review for proper labels
 4. **Console errors**: Review `mcp0_browser_console_messages` for stack traces
 5. **Timing issues**: Use `mcp0_browser_wait_for` to wait for elements/animations
 
+## CI/CD Pipelines
+
+The project includes automated GitHub Actions workflows for code quality and security:
+
+### Lint Check Workflows
+- **Push Lint Check** (`.github/workflows/push-lint-check.yml`)
+  - Runs on every push to any branch
+  - Executes ESLint checks
+  - Uses pnpm v10 with caching for faster builds
+  - Fails if linting errors are found
+
+- **PR Lint Check** (`.github/workflows/pr-lint-check.yml`)
+  - Runs on pull requests to main/master/develop
+  - Executes ESLint checks
+  - Posts comment on PR if linting fails
+  - Uses pnpm v10 with caching
+
+### TypeScript Type Check Workflow
+- **TypeScript Type Check** (`.github/workflows/typecheck.yml`)
+  - Runs on every push and pull request
+  - Executes `tsc --noEmit` to check for type errors
+  - Uses pnpm v10 with caching
+  - Fails if type errors are found
+
+### Security Audit Workflow
+- **Security Audit** (`.github/workflows/security-audit.yml`)
+  - Runs on push to main/master/develop
+  - Runs on all pull requests
+  - Runs weekly on Monday at 00:00 UTC (scheduled)
+  - Executes `pnpm audit` for vulnerability scanning
+  - Generates security report (JSON) as artifact
+  - Checks for outdated dependencies
+  - Uses pnpm v10 with caching
+  - Continues on error but uploads report for review
+
+### Pipeline Requirements
+All workflows require:
+- Node.js 18
+- pnpm v10 (matches lockfile version)
+- Frozen lockfile (`pnpm install --frozen-lockfile`)
+- Proper caching of pnpm store for performance
+
+### Docker Deployment
+- **Dockerfile**: Multi-stage build with Alpine Linux base
+  - Uses pnpm v10.30.1
+  - Non-root user (UID 1001)
+  - Read-only filesystem with security hardening
+  - Standalone Next.js output (~150MB image)
+
+- **docker-compose.yml**: One-command deployment
+  ```bash
+  docker-compose up -d
+  ```
+  - Includes health checks
+  - Security options (no-new-privileges, dropped capabilities)
+  - Runs on port 4000
+
 ## Notes
 - This is a **portfolio website** showcasing projects, experience, achievements, and skills
 - Runs on **port 4000** (not default 3000)

README.md

@@ -91,10 +91,6 @@ To learn more about Next.js, take a look at the following resources:
 
 You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js/) - your feedback and contributions are welcome!
 
-## Deployment
-
-Deploy to [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) or use Docker (see above).
-
 ## Available Scripts
 
 | Script | Description |

package.json

@@ -8,6 +8,7 @@
     "start": "next start -p 4000",
     "lint": "next lint",
     "lintfix": "next lint --fix",
+    "typecheck": "tsc --noEmit",
     "security:audit": "pnpm audit --audit-level=moderate",
     "security:check": "pnpm audit --json > security-report.json || true",
     "security:outdated": "pnpm outdated"

src/portfolio/sections/Intro/index.ts

@@ -1 +1,3 @@
-export { default } from "./Intro";
+import Intro from "./Intro";
+
+export default Intro;

src/portfolio/sections/SkillsAndLinks.tsx

@@ -1 +0,0 @@
-export { default } from "./SkillsAndLinks/SkillsAndLinks";

src/portfolio/sections/SkillsAndLinks/index.ts

@@ -1 +1,3 @@
-export { default } from "./SkillsAndLinks";
+import SkillsAndLinks from "./SkillsAndLinks";
+
+export default SkillsAndLinks;

windsurf-commands.sh

@@ -9,24 +9,52 @@ show_help() {
 	echo "Usage: ./windsurf-commands.sh [COMMAND]"
 	echo ""
 	echo "Available commands:"
-	echo "  lint      - Run ESLint to check for code issues"
-	echo "  lintfix   - Run ESLint with auto-fix enabled"
-	echo "  help      - Show this help message"
+	echo "  lint              - Run ESLint to check for code issues"
+	echo "  lintfix           - Run ESLint with auto-fix enabled"
+	echo "  typecheck         - Run TypeScript type checking"
+	echo "  security:audit    - Run security vulnerability scan"
+	echo "  security:check    - Generate security report (JSON)"
+	echo "  security:outdated - Check for outdated dependencies"
+	echo "  help              - Show this help message"
 	echo ""
 }
 
 run_lint() {
 	echo "🔍 Running ESLint..."
-	npm run lint
+	pnpm run lint
 	echo "✅ Linting complete!"
 }
 
 run_lintfix() {
 	echo "🔧 Running ESLint with auto-fix..."
-	npm run lintfix
+	pnpm run lintfix
 	echo "✅ Linting with auto-fix complete!"
 }
 
+run_typecheck() {
+	echo "🔎 Running TypeScript type check..."
+	pnpm run typecheck
+	echo "✅ Type checking complete!"
+}
+
+run_security_audit() {
+	echo "🔒 Running security audit..."
+	pnpm run security:audit
+	echo "✅ Security audit complete!"
+}
+
+run_security_check() {
+	echo "📋 Generating security report..."
+	pnpm run security:check
+	echo "✅ Security report generated: security-report.json"
+}
+
+run_security_outdated() {
+	echo "📦 Checking for outdated dependencies..."
+	pnpm run security:outdated
+	echo "✅ Outdated check complete!"
+}
+
 # Main script logic
 case "${1:-help}" in
 	lint)
@@ -35,6 +63,18 @@ case "${1:-help}" in
 	lintfix)
 		run_lintfix
 		;;
+	typecheck)
+		run_typecheck
+		;;
+	security:audit)
+		run_security_audit
+		;;
+	security:check)
+		run_security_check
+		;;
+	security:outdated)
+		run_security_outdated
+		;;
 	help|--help|-h)
 		show_help
 		;;