Skip to content
CI/CD Pipeline

Merge pull request #9 from Shivansh-hub495/main #109

Sign in to view logs

Merge pull request #9 from Shivansh-hub495/main

Merge pull request #9 from Shivansh-hub495/main #109

Workflow file for this run

.github/workflows/ci-cd.yml at 61bf91c
name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
env:
NODE_VERSION: '18'
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
# Test and Build
test:
runs-on: ubuntu-latest
services:
mongodb:
image: mongo:7.0
env:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_INITDB_ROOT_PASSWORD: password
ports:
- 27017:27017
options: >-
--health-cmd "mongosh --eval 'db.adminCommand(\"ping\")'"
--health-interval 10s
--health-timeout 5s
--health-retries 5
redis:
image: redis:7.2-alpine
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: |
backend/package-lock.json
frontend/package-lock.json
# Backend Tests
- name: Install backend dependencies
run: |
cd backend
npm ci
- name: Run backend linting
run: |
cd backend
npm run lint || true
- name: Run backend tests
run: |
cd backend
npm test
env:
NODE_ENV: test
MONGODB_URI: mongodb://admin:password@localhost:27017/autogitpilot_test?authSource=admin
REDIS_URL: redis://localhost:6379
JWT_SECRET: test_jwt_secret_32_characters_long
SESSION_SECRET: test_session_secret_32_characters_long
# Frontend Tests
- name: Install frontend dependencies
run: |
cd frontend
npm ci
- name: Run frontend linting
run: |
cd frontend
npm run lint || true
- name: Build frontend
run: |
cd frontend
npm run build
env:
VITE_CLERK_PUBLISHABLE_KEY: ${{ secrets.VITE_CLERK_PUBLISHABLE_KEY }}
VITE_API_BASE_URL: http://localhost:5000/api
# Security Scanning
- name: Run security audit
run: |
cd backend && npm audit --audit-level moderate || true
cd ../frontend && npm audit --audit-level moderate || true
# Upload test results
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results
path: |
backend/coverage/
frontend/coverage/
# Build Docker Images
build:
needs: test
runs-on: ubuntu-latest
if: github.event_name == 'push'
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for backend
id: meta-backend
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-backend
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: Extract metadata (tags, labels) for frontend
id: meta-frontend
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-frontend
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push backend image
uses: docker/build-push-action@v5
with:
context: ./backend
file: ./backend/Dockerfile.prod
push: true
tags: ${{ steps.meta-backend.outputs.tags }}
labels: ${{ steps.meta-backend.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push frontend image
uses: docker/build-push-action@v5
with:
context: ./frontend
file: ./frontend/Dockerfile.prod
push: true
tags: ${{ steps.meta-frontend.outputs.tags }}
labels: ${{ steps.meta-frontend.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Deploy to Staging
deploy-staging:
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop'
environment: staging
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Deploy to staging
run: |
echo "Deploying to staging environment..."
# Add your staging deployment commands here
# Example: SSH to staging server and run deployment script
# Deploy to Production
deploy-production:
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Deploy to production
run: |
echo "Deploying to production environment..."
# Add your production deployment commands here
# Example: SSH to production server and run deployment script
- name: Health check
run: |
echo "Performing health check..."
# Add health check commands here
- name: Notify deployment
if: always()
run: |
echo "Deployment completed. Status: ${{ job.status }}"
# Add notification logic here (Slack, Discord, etc.)
# Security Scanning
security:
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'