ci: pre-merge frontend build gate (closes #191)

[cristim]

Summary

• Adds .github/workflows/frontend-build.yml — a pull_request-triggered job that runs npm run typecheck (tsc --noEmit) and npm run build (webpack) for any PR targeting feat/multicloud-web-frontend or main that touches frontend/**.
• Catches TypeScript errors once, before merge, in <1 min — instead of three times after merge across AWS/GCP/Azure deploy jobs that each spend ~5 min before hitting the same tsc failure (see ci: pre-merge frontend build gate (catch TS errors before deploy, not after) #191 post-mortem).
• Companion to frontend-build-sentinel.yml (ci: add a frontend-build sentinel workflow on push to protected branches #177, post-merge defence-in-depth); not a replacement.

Security note: pull_request vs pull_request_target

Uses pull_request (not pull_request_target). pull_request_target runs with base-branch secrets and is a known fork-exfiltration vector. pull_request runs in the PR-head context with no secrets — safe for untrusted-code builds.

Paths filter

Restricts execution to PRs that touch frontend/** or the workflow file itself. Avoids wasting ~60s of runner time on Go/Terraform-only PRs.

Test plan

• Open a PR against feat/multicloud-web-frontend that changes a file in frontend/ — confirm "Frontend build (PR)" check appears and passes.
• Introduce a deliberate TypeScript error in frontend/src/*.ts in a PR — confirm the check fails and blocks merge.
• Open a PR that only touches Go or Terraform files — confirm the check is skipped (no run triggered).
• Add Frontend build (PR) to branch protection required status checks for feat/multicloud-web-frontend and main.

Summary by CodeRabbit

• Chores
  • Added automated build and type-checking validation for pull requests to ensure code quality before merging.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3f0e4743-e5dc-4c9a-a230-be4814e192c1

📥 Commits

Reviewing files that changed from the base of the PR and between c84fd02 and ba6c49c.

📒 Files selected for processing (1)

• .github/workflows/frontend-build.yml

---

📝 Walkthrough

Walkthrough

This PR adds a GitHub Actions workflow that automatically builds and typechecks the frontend on pull requests targeting specific branches, with concurrency control to cancel redundant runs.

Changes

Frontend CI Workflow

Layer / File(s)	Summary
Workflow Configuration .github/workflows/frontend-build.yml	New GitHub Actions workflow triggered on pull_request events to feat/multicloud-web-frontend and main branches; configured with read-only permissions, concurrency-based cancellation, and Node.js v24 with npm caching. Build job runs from frontend/ directory with npm ci, npm run typecheck, and npm run build steps (5-minute timeout).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

• ci: pre-merge frontend build gate (catch TS errors before deploy, not after) #191: Describes the same pre-merge frontend CI workflow for feat/multicloud-web-frontend and main branches with identical build steps (checkout, Node setup, npm ci, typecheck, build).

Possibly related PRs

• ci(frontend): fast-fail build sentinel on push to protected branches (closes #177) #179: Adds a frontend CI workflow with nearly identical build steps and configuration (checkout, setup-node, npm ci, typecheck, build), differing only in trigger event (push vs pull_request) and some cache/test configuration details.

Suggested labels

triaged, priority/p2, severity/medium, urgency/this-sprint, impact/internal, effort/xs, type/chore

Poem

🐰 A workflow so clean, a build so divine,
TypeScript checks pass at node twenty-four's line,
Pull requests now race through the automated spine,
Frontend builds steady with cache bells that chime! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding a pre-merge CI check for frontend builds via GitHub Actions workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/issue-191-pr-build-gate

---

_{Review rate limit: 0/5 reviews remaining, refill in 57 minutes and 58 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cristim]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[cristim]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.