Part 5: Automated Tools and CI/CD Integration

Series Navigation: ← Part 4: Testing During Refactoring | Back to Series Overview →

Introduction

After covering principles, processes, techniques, and testing in Parts 1-4, it's time to automate. Manual code review and refactoring are essential, but automation ensures consistency and catches issues before they reach reviewers.

In my TypeScript microservices, we process 50-100 pull requests weekly. Without automation, maintaining code quality at this scale would be impossible. Our CI/CD pipeline catches formatting issues, linting errors, type problems, test failures, and security vulnerabilities automatically—freeing reviewers to focus on architecture and logic rather than syntax.

This part covers the actual tools and configurations I use daily.

The Tool Stack

Our Complete Setup

Development Phase:
├── ESLint          → Code linting and style
├── Prettier        → Code formatting
├── TypeScript      → Type checking
├── Jest            → Testing
└── Husky           → Pre-commit hooks

CI/CD Phase:
├── GitHub Actions  → Automated workflows
├── SonarQube       → Code quality analysis
├── Snyk            → Security scanning
└── Codecov         → Coverage tracking

ESLint Configuration

My Production Configuration

// .eslintrc.js
module.exports = {
  parser: '@typescript-eslint/parser',
  parserOptions: {
    ecmaVersion: 2022,
    sourceType: 'module',
    project: './tsconfig.json'
  },
  plugins: ['@typescript-eslint', 'import', 'jest'],
  extends: [
    'eslint:recommended',
    'plugin:@typescript-eslint/recommended',
    'plugin:@typescript-eslint/recommended-requiring-type-checking',
    'plugin:import/recommended',
    'plugin:import/typescript',
    'prettier' // Must be last
  ],
  rules: {
    // Code Quality
    'complexity': ['error', 10],
    'max-lines-per-function': ['warn', 50],
    'max-depth': ['error', 3],
    'no-console': 'warn',
    
    // TypeScript Specific
    '@typescript-eslint/explicit-function-return-type': 'error',
    '@typescript-eslint/no-explicit-any': 'error',
    '@typescript-eslint/no-unused-vars': ['error', { 
      argsIgnorePattern: '^_' 
    }],
    '@typescript-eslint/no-floating-promises': 'error',
    '@typescript-eslint/strict-boolean-expressions': 'warn',
    
    // Import Organization
    'import/order': ['error', {
      'groups': [
        'builtin',
        'external',
        'internal',
        'parent',
        'sibling',
        'index'
      ],
      'newlines-between': 'always',
      'alphabetize': { order: 'asc' }
    }],
    'import/no-cycle': 'error',
    
    // Best Practices
    'eqeqeq': ['error', 'always'],
    'no-return-await': 'error',
    'require-await': 'error',
    'no-throw-literal': 'error'
  },
  overrides: [
    {
      files: ['**/*.test.ts', '**/*.spec.ts'],
      env: { jest: true },
      rules: {
        '@typescript-eslint/no-explicit-any': 'off',
        'max-lines-per-function': 'off'
      }
    }
  ]
};

Custom Rules for Our Domain

// .eslintrc.js (continued)
module.exports = {
  // ... previous config
  rules: {
    // ... previous rules
    
    // Prevent direct database access outside repositories
    'no-restricted-imports': ['error', {
      patterns: [{
        group: ['**/database', '**/db'],
        message: 'Import repositories instead of direct database access'
      }]
    }],
    
    // Require logger instead of console
    'no-console': ['error', { 
      allow: ['warn', 'error'] 
    }],
    
    // Prevent using deprecated methods
    'no-restricted-syntax': [
      'error',
      {
        selector: 'CallExpression[callee.property.name="mockReturnValue"]',
        message: 'Use mockResolvedValue for async functions'
      }
    ]
  }
};

Prettier Configuration

{
  "semi": true,
  "trailingComma": "es5",
  "singleQuote": true,
  "printWidth": 80,
  "tabWidth": 2,
  "arrowParens": "always",
  "endOfLine": "lf"
}

Integration with ESLint

npm install --save-dev eslint-config-prettier

This prevents ESLint and Prettier from conflicting.

TypeScript Configuration

Strict Mode Configuration

{
  "compilerOptions": {
    "target": "ES2022",
    "module": "commonjs",
    "lib": ["ES2022"],
    "outDir": "./dist",
    "rootDir": "./src",
    
    // Strict Type Checking
    "strict": true,
    "noImplicitAny": true,
    "strictNullChecks": true,
    "strictFunctionTypes": true,
    "strictBindCallApply": true,
    "strictPropertyInitialization": true,
    "noImplicitThis": true,
    "alwaysStrict": true,
    
    // Additional Checks
    "noUnusedLocals": true,
    "noUnusedParameters": true,
    "noImplicitReturns": true,
    "noFallthroughCasesInSwitch": true,
    "noUncheckedIndexedAccess": true,
    
    // Module Resolution
    "moduleResolution": "node",
    "esModuleInterop": true,
    "resolveJsonModule": true,
    "baseUrl": "./src",
    "paths": {
      "@services/*": ["services/*"],
      "@repositories/*": ["repositories/*"],
      "@domain/*": ["domain/*"],
      "@utils/*": ["utils/*"]
    },
    
    // Emit
    "declaration": true,
    "declarationMap": true,
    "sourceMap": true,
    "removeComments": true,
    
    // Advanced
    "skipLibCheck": true,
    "forceConsistentCasingInFileNames": true
  },
  "include": ["src/**/*"],
  "exclude": ["node_modules", "dist", "**/*.test.ts"]
}

This catches countless type errors during development.

Pre-commit Hooks with Husky

Setup

npm install --save-dev husky lint-staged
npx husky install

Configuration

{
  "scripts": {
    "prepare": "husky install"
  },
  "lint-staged": {
    "*.ts": [
      "eslint --fix",
      "prettier --write",
      "jest --bail --findRelatedTests"
    ]
  }
}

Husky Hook

# .husky/pre-commit
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"

npx lint-staged

This runs automatically before every commit, ensuring:

Code is formatted
Linting passes
Related tests pass

GitHub Actions CI/CD

Main Workflow

# .github/workflows/ci.yml
name: CI

on:
  pull_request:
    branches: [main, develop]
  push:
    branches: [main, develop]

jobs:
  quality-checks:
    runs-on: ubuntu-latest
    
    strategy:
      matrix:
        node-version: [18.x, 20.x]
    
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # For SonarQube
      
      - name: Setup Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      
      - name: Install dependencies
        run: npm ci
      
      - name: Type check
        run: npm run type-check
      
      - name: Lint
        run: npm run lint
      
      - name: Format check
        run: npm run format:check
      
      - name: Run tests
        run: npm test -- --coverage
      
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v3
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ./coverage/lcov.info
      
      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
      
      - name: Build
        run: npm run build

  security-scan:
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Run Snyk Security Scan
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high
      
      - name: Run npm audit
        run: npm audit --audit-level=high

  dependency-review:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    
    steps:
      - uses: actions/checkout@v4
      - uses: actions/dependency-review-action@v3

Package Scripts

{
  "scripts": {
    "type-check": "tsc --noEmit",
    "lint": "eslint . --ext .ts",
    "lint:fix": "eslint . --ext .ts --fix",
    "format": "prettier --write \"src/**/*.ts\"",
    "format:check": "prettier --check \"src/**/*.ts\"",
    "test": "jest",
    "test:watch": "jest --watch",
    "test:coverage": "jest --coverage",
    "build": "tsc",
    "clean": "rm -rf dist"
  }
}

SonarQube Configuration

Quality Gate

# sonar-project.properties
sonar.projectKey=my-microservice
sonar.organization=my-org
sonar.sources=src
sonar.tests=src
sonar.test.inclusions=**/*.test.ts,**/*.spec.ts
sonar.typescript.lcov.reportPaths=coverage/lcov.info
sonar.coverage.exclusions=**/*.test.ts,**/*.spec.ts

# Quality Gate Conditions
sonar.qualitygate.wait=true

# Code Smells
sonar.issue.ignore.multicriteria=e1

sonar.issue.ignore.multicriteria.e1.ruleKey=typescript:S1186
sonar.issue.ignore.multicriteria.e1.resourceKey=**/*.test.ts

Custom Quality Profile

In SonarQube UI, I configure:

Reliability: 0 bugs allowed
Security: 0 vulnerabilities (high/critical)
Maintainability: <5% code duplication
Coverage: >80% overall, >90% for critical paths
Complexity: Max cyclomatic complexity 10

Automated Dependency Updates

Dependabot Configuration

# .github/dependabot.yml
version: 2
updates:
  - package-ecosystem: npm
    directory: "/"
    schedule:
      interval: weekly
      day: monday
      time: "09:00"
    open-pull-requests-limit: 10
    reviewers:
      - "engineering-team"
    assignees:
      - "tech-lead"
    commit-message:
      prefix: "chore"
      include: "scope"
    versioning-strategy: increase
    labels:
      - "dependencies"
      - "automated"
    ignore:
      - dependency-name: "*"
        update-types: ["version-update:semver-major"]

Code Quality Dashboard

Our Metrics

I track these in our team dashboard:

interface QualityMetrics {
  // Test Coverage
  coverage: {
    overall: number;      // Target: 80%+
    critical: number;     // Target: 90%+
  };
  
  // Code Quality
  codeSmells: number;     // Target: <50
  technicalDebt: string;  // Target: <1 day
  duplications: number;   // Target: <5%
  
  // Security
  vulnerabilities: {
    critical: number;     // Target: 0
    high: number;         // Target: 0
    medium: number;       // Target: <5
  };
  
  // Maintainability
  complexity: {
    average: number;      // Target: <5
    files: number;        // Files with complexity >10
  };
  
  // Review Metrics
  prSize: {
    average: number;      // Target: <400 lines
    median: number;
  };
  reviewTime: {
    average: number;      // Target: <24 hours
    p95: number;
  };
}

Weekly Report

We generate automated weekly reports:

// scripts/generate-quality-report.ts
import { SonarQubeClient } from './sonarqube-client';
import { GitHubClient } from './github-client';

async function generateWeeklyReport(): Promise<void> {
  const sonar = new SonarQubeClient(process.env.SONAR_TOKEN!);
  const github = new GitHubClient(process.env.GITHUB_TOKEN!);
  
  const metrics = await sonar.getMetrics('my-microservice');
  const prs = await github.getPRsLastWeek('my-org/my-repo');
  
  const report = {
    week: getWeekNumber(),
    coverage: metrics.coverage,
    bugs: metrics.bugs,
    vulnerabilities: metrics.vulnerabilities,
    prsReviewed: prs.length,
    averagePRSize: calculateAverage(prs.map(pr => pr.additions)),
    averageReviewTime: calculateAverageReviewTime(prs)
  };
  
  await postToSlack(report);
  await saveToMetricsDB(report);
}

Custom Git Hooks

Additional Local Checks

# .husky/pre-push
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"

echo "Running pre-push checks..."

# Ensure we're not pushing to main directly
branch=$(git symbolic-ref HEAD | sed -e 's,.*/\(.*\),\1,')
if [ "$branch" = "main" ]; then
  echo "Direct push to main is not allowed!"
  exit 1
fi

# Run full test suite
npm test

# Check for console.log statements
if git diff --cached | grep -E "console\.(log|debug)" > /dev/null; then
  echo "Warning: Found console.log statements"
  read -p "Continue anyway? (y/n) " -n 1 -r
  echo
  if [[ ! $REPLY =~ ^[Yy]$ ]]; then
    exit 1
  fi
fi

# Check bundle size
npm run build
SIZE=$(du -k dist/main.js | cut -f1)
MAX_SIZE=500  # KB

if [ "$SIZE" -gt "$MAX_SIZE" ]; then
  echo "Bundle size ($SIZE KB) exceeds limit ($MAX_SIZE KB)"
  exit 1
fi

Automated Code Review Comments

Custom GitHub Action

# .github/workflows/auto-review.yml
name: Auto Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  auto-review:
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      
      - name: Check PR size
        uses: actions/github-script@v7
        with:
          script: |
            const pr = context.payload.pull_request;
            const additions = pr.additions;
            const deletions = pr.deletions;
            const total = additions + deletions;
            
            if (total > 600) {
              github.rest.issues.createComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: pr.number,
                body: `⚠️ This PR is quite large (${total} lines changed). Consider splitting into smaller PRs for easier review.`
              });
            }
      
      - name: Check for missing tests
        uses: actions/github-script@v7
        with:
          script: |
            const files = await github.rest.pulls.listFiles({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: context.payload.pull_request.number
            });
            
            const sourceFiles = files.data.filter(f => 
              f.filename.endsWith('.ts') && 
              !f.filename.includes('.test.') &&
              !f.filename.includes('.spec.')
            );
            
            const testFiles = files.data.filter(f => 
              f.filename.includes('.test.') || 
              f.filename.includes('.spec.')
            );
            
            if (sourceFiles.length > 0 && testFiles.length === 0) {
              github.rest.issues.createComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: context.payload.pull_request.number,
                body: '🧪 This PR adds/modifies code but doesn\'t include tests. Please add appropriate test coverage.'
              });
            }

Integration with IDEs

VS Code Configuration

{
  "editor.formatOnSave": true,
  "editor.defaultFormatter": "esbenp.prettier-vscode",
  "editor.codeActionsOnSave": {
    "source.fixAll.eslint": true,
    "source.organizeImports": true
  },
  "typescript.tsdk": "node_modules/typescript/lib",
  "typescript.preferences.importModuleSpecifier": "relative",
  "files.exclude": {
    "**/.git": true,
    "**/node_modules": true,
    "**/dist": true
  },
  "search.exclude": {
    "**/node_modules": true,
    "**/dist": true,
    "**/coverage": true
  }
}

Recommended Extensions

{
  "recommendations": [
    "dbaeumer.vscode-eslint",
    "esbenp.prettier-vscode",
    "orta.vscode-jest",
    "firsttris.vscode-jest-runner",
    "SonarSource.sonarlint-vscode"
  ]
}

Performance Optimization

Caching in CI

- name: Cache node modules
  uses: actions/cache@v3
  with:
    path: ~/.npm
    key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
    restore-keys: |
      ${{ runner.os }}-node-

- name: Cache TypeScript build
  uses: actions/cache@v3
  with:
    path: dist
    key: ${{ runner.os }}-build-${{ hashFiles('src/**') }}

Parallel Test Execution

{
  "jest": {
    "maxWorkers": "50%",
    "testTimeout": 10000
  }
}

Monitoring and Alerting

Slack Integration

# .github/workflows/notify-failures.yml
name: Notify on Failures

on:
  workflow_run:
    workflows: ["CI"]
    types: [completed]

jobs:
  notify:
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
    
    steps:
      - name: Send Slack notification
        uses: slackapi/slack-github-action@v1
        with:
          payload: |
            {
              "text": "CI Failed for ${{ github.repository }}",
              "blocks": [
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": "🔴 CI pipeline failed\n*Repository:* ${{ github.repository }}\n*Branch:* ${{ github.ref }}\n*Commit:* ${{ github.sha }}"
                  }
                },
                {
                  "type": "actions",
                  "elements": [
                    {
                      "type": "button",
                      "text": {
                        "type": "plain_text",
                        "text": "View Logs"
                      },
                      "url": "${{ github.event.workflow_run.html_url }}"
                    }
                  ]
                }
              ]
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

Conclusion

Automation is essential for maintaining code quality at scale. Key takeaways:

ESLint + Prettier: Enforce consistent style and catch common errors
TypeScript Strict Mode: Catch type errors early
Pre-commit Hooks: Prevent bad code from being committed
CI/CD Pipeline: Automated testing, linting, and security scanning
Code Quality Metrics: Track and improve over time
Custom Automation: Build tools specific to your needs

My Recommended Implementation Order

Week 1: Set up ESLint + Prettier
Week 2: Enable TypeScript strict mode (fix errors incrementally)
Week 3: Add Jest tests for critical paths
Week 4: Set up GitHub Actions CI
Week 5: Add pre-commit hooks
Week 6: Integrate SonarQube
Week 7: Add security scanning
Week 8: Set up metrics dashboard

Resources

{
  "devDependencies": {
    "@typescript-eslint/eslint-plugin": "^6.0.0",
    "@typescript-eslint/parser": "^6.0.0",
    "eslint": "^8.0.0",
    "eslint-config-prettier": "^9.0.0",
    "eslint-plugin-import": "^2.28.0",
    "prettier": "^3.0.0",
    "husky": "^8.0.0",
    "lint-staged": "^14.0.0",
    "jest": "^29.0.0",
    "@types/jest": "^29.0.0",
    "ts-jest": "^29.0.0",
    "typescript": "^5.0.0"
  }
}

This completes our Code Review and Refactoring 101 series. You now have the principles, processes, techniques, testing strategies, and automation tools to build and maintain high-quality TypeScript microservices.

Series Navigation: ← Part 4: Testing During Refactoring | Back to Series Overview →

PreviousPart 4: Testing During Refactoring NextPair Programming 101

Last updated 15 hours ago

hashtagIntroduction

hashtagThe Tool Stack

hashtagOur Complete Setup

hashtagESLint Configuration

hashtagMy Production Configuration

hashtagCustom Rules for Our Domain

hashtagPrettier Configuration

hashtagIntegration with ESLint

hashtagTypeScript Configuration

hashtagStrict Mode Configuration

hashtagPre-commit Hooks with Husky

hashtagSetup

hashtagConfiguration

hashtagHusky Hook

hashtagGitHub Actions CI/CD

hashtagMain Workflow

hashtagPackage Scripts

hashtagSonarQube Configuration

hashtagQuality Gate

hashtagCustom Quality Profile

hashtagAutomated Dependency Updates

hashtagDependabot Configuration

hashtagCode Quality Dashboard

hashtagOur Metrics

hashtagWeekly Report

hashtagCustom Git Hooks

hashtagAdditional Local Checks

hashtagAutomated Code Review Comments

hashtagCustom GitHub Action

hashtagIntegration with IDEs

hashtagVS Code Configuration

hashtagRecommended Extensions

hashtagPerformance Optimization

hashtagCaching in CI

hashtagParallel Test Execution

hashtagMonitoring and Alerting

hashtagSlack Integration

hashtagConclusion

hashtagMy Recommended Implementation Order

hashtagResources