## Overview There is no CI pipeline. PRs can be merged with broken builds, failing tests, or lint errors. A GitHub Actions workflow that automatically checks every PR restores the team's confidence that `main` is always deployable. ## Context - The monorepo has two workspaces: `backend/` (NestJS) and `frontend/` (Next.js) - Both need separate lint, test, and build steps - Workflow files live in `.github/workflows/` - The backend requires PostgreSQL and Redis to run integration tests — use GitHub Actions service containers ## Acceptance Criteria - [ ] Create `.github/workflows/backend-ci.yml`: triggers on `pull_request` to `main`; runs `npm run lint`, `npm run test:cov`, `npm run build`; provisions a `postgres:16` and `redis:7` service container - [ ] Create `.github/workflows/frontend-ci.yml`: triggers on `pull_request` to `main`; runs `npm run lint`, `npm run type-check` (`tsc --noEmit`), `npm run build` - [ ] Both workflows use `actions/cache` to cache `node_modules` by `package-lock.json` hash - [ ] Add a `type-check` script to `frontend/package.json`: `tsc --noEmit` - [ ] Both workflows report status checks that must pass before a PR can be merged (set as required status checks in branch protection rules) - [ ] Document setup steps (required secrets, branch protection config) in `CONTRIBUTING.md`