Two CI bugs the M0.2 ci-typescript.yaml template carried into portal:
1. 'pnpm test --coverage' is parsed as a pnpm option, not script args
('Unknown option: coverage'). Drop the extra flag; the package.json
test script already runs 'vitest run --coverage'.
2. 'next build' requires AUTH_SECRET at compile time because Auth.js
v5 reads it during route generation. Inject a per-build dummy
secret in CI (production gets the real one via Orca env from
Infisical).
Refs: M5.1
Gitea's act_runner doesn't evaluate hashFiles() at job-level if:
conditions, so the gate I added in M0.2 universally skipped the test
job even when package.json was committed. Drop it for portal —
package.json is a permanent fixture in this repo so we always want
test + e2e to run. e2e/image jobs keep their other conditions
(push-to-main, etc.)
Refs: M5.1
sharang