Merge pull request #85 from LaGodxy/feature/input-validation-security… #65
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop, 'feature/*' ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [18.x, 20.x] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run linting | |
| run: npm run lint | |
| - name: Run tests | |
| run: npm run test:cov | |
| - name: Build application | |
| run: npm run build | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage/lcov.info | |
| flags: unittests | |
| name: codecov-umbrella | |
| security-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run security audit | |
| run: npm audit --omit=dev --audit-level=critical | |
| integration-test: | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| services: | |
| mysql: | |
| image: mysql:8.4 | |
| env: | |
| MYSQL_ROOT_PASSWORD: root | |
| MYSQL_DATABASE: currentdao_test | |
| options: >- | |
| --health-cmd="mysqladmin ping -h 127.0.0.1 -proot" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 3306:3306 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build application | |
| run: npm run build | |
| - name: Run integration tests | |
| run: npm run test:e2e | |
| env: | |
| NODE_ENV: test | |
| - name: Test API endpoints | |
| run: | | |
| npm run start:prod & | |
| sleep 15 | |
| curl -f http://localhost:3000/api/health || exit 1 | |
| curl -f http://localhost:3000/api || exit 1 | |
| env: | |
| NODE_ENV: test | |
| DB_HOST: 127.0.0.1 | |
| DB_PORT: 3306 | |
| DB_USERNAME: root | |
| DB_PASSWORD: root | |
| DB_DATABASE: currentdao_test | |
| risk-management-specific: | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Test risk management services | |
| run: | | |
| npm run test:risk | |
| - name: Validate risk calculations performance | |
| run: | | |
| npm run test:performance | |
| - name: Check stress test scenarios | |
| run: npm run validate:stress-scenarios | |
| deploy-staging: | |
| runs-on: ubuntu-latest | |
| needs: [test, security-audit, integration-test, risk-management-specific] | |
| if: github.ref == 'refs/heads/develop' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build application | |
| run: npm run build | |
| - name: Deploy to staging | |
| run: | | |
| echo "Deploying to staging environment..." | |
| # Add your staging deployment commands here | |
| - name: Run smoke tests | |
| run: | | |
| echo "Running smoke tests..." | |
| # Add smoke test commands here | |
| deploy-production: | |
| runs-on: ubuntu-latest | |
| needs: [test, security-audit, integration-test, risk-management-specific] | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build application | |
| run: npm run build | |
| - name: Deploy to production | |
| run: | | |
| echo "Deploying to production environment..." | |
| # Add your production deployment commands here | |
| - name: Run production health checks | |
| run: | | |
| echo "Running production health checks..." | |
| # Add production health check commands here | |
| performance-test: | |
| runs-on: ubuntu-latest | |
| needs: [deploy-staging] | |
| if: github.ref == 'refs/heads/develop' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run performance tests | |
| run: | | |
| echo "Testing risk calculation performance..." | |
| # Test that risk calculations complete under 200ms | |
| timeout 10s npm run test:performance || exit 1 | |
| - name: Load testing | |
| run: | | |
| echo "Running load tests..." | |
| # Add load testing commands here |