Merge branch 'main' of https://github.com/Aniruddha434/AutoMaxLib #110
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| NODE_VERSION: '18' | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # Test and Build | |
| test: | |
| runs-on: ubuntu-latest | |
| services: | |
| mongodb: | |
| image: mongo:7.0 | |
| env: | |
| MONGO_INITDB_ROOT_USERNAME: admin | |
| MONGO_INITDB_ROOT_PASSWORD: password | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --health-cmd "mongosh --eval 'db.adminCommand(\"ping\")'" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:7.2-alpine | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: | | |
| backend/package-lock.json | |
| frontend/package-lock.json | |
| # Backend Tests | |
| - name: Install backend dependencies | |
| run: | | |
| cd backend | |
| npm ci | |
| - name: Run backend linting | |
| run: | | |
| cd backend | |
| npm run lint || true | |
| - name: Run backend tests | |
| run: | | |
| cd backend | |
| npm test | |
| env: | |
| NODE_ENV: test | |
| MONGODB_URI: mongodb://admin:password@localhost:27017/autogitpilot_test?authSource=admin | |
| REDIS_URL: redis://localhost:6379 | |
| JWT_SECRET: test_jwt_secret_32_characters_long | |
| SESSION_SECRET: test_session_secret_32_characters_long | |
| # Frontend Tests | |
| - name: Install frontend dependencies | |
| run: | | |
| cd frontend | |
| npm ci | |
| - name: Run frontend linting | |
| run: | | |
| cd frontend | |
| npm run lint || true | |
| - name: Build frontend | |
| run: | | |
| cd frontend | |
| npm run build | |
| env: | |
| VITE_CLERK_PUBLISHABLE_KEY: ${{ secrets.VITE_CLERK_PUBLISHABLE_KEY }} | |
| VITE_API_BASE_URL: http://localhost:5000/api | |
| # Security Scanning | |
| - name: Run security audit | |
| run: | | |
| cd backend && npm audit --audit-level moderate || true | |
| cd ../frontend && npm audit --audit-level moderate || true | |
| # Upload test results | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: test-results | |
| path: | | |
| backend/coverage/ | |
| frontend/coverage/ | |
| # Build Docker Images | |
| build: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for backend | |
| id: meta-backend | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-backend | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Extract metadata (tags, labels) for frontend | |
| id: meta-frontend | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-frontend | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push backend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./backend | |
| file: ./backend/Dockerfile.prod | |
| push: true | |
| tags: ${{ steps.meta-backend.outputs.tags }} | |
| labels: ${{ steps.meta-backend.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and push frontend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./frontend | |
| file: ./frontend/Dockerfile.prod | |
| push: true | |
| tags: ${{ steps.meta-frontend.outputs.tags }} | |
| labels: ${{ steps.meta-frontend.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Deploy to Staging | |
| deploy-staging: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/develop' | |
| environment: staging | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Deploy to staging | |
| run: | | |
| echo "Deploying to staging environment..." | |
| # Add your staging deployment commands here | |
| # Example: SSH to staging server and run deployment script | |
| # Deploy to Production | |
| deploy-production: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| environment: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Deploy to production | |
| run: | | |
| echo "Deploying to production environment..." | |
| # Add your production deployment commands here | |
| # Example: SSH to production server and run deployment script | |
| - name: Health check | |
| run: | | |
| echo "Performing health check..." | |
| # Add health check commands here | |
| - name: Notify deployment | |
| if: always() | |
| run: | | |
| echo "Deployment completed. Status: ${{ job.status }}" | |
| # Add notification logic here (Slack, Discord, etc.) | |
| # Security Scanning | |
| security: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' |