Update ci-cd.yml #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| env: | |
| NODE_VERSION: '18' | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # Frontend Tests and Build | |
| frontend: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| working-directory: ./frontend | |
| - name: Run linting | |
| run: npm run lint | |
| working-directory: ./frontend | |
| - name: Run type checking | |
| run: npm run type-check | |
| working-directory: ./frontend | |
| - name: Run tests | |
| run: npm test -- --coverage --watchAll=false | |
| working-directory: ./frontend | |
| - name: Build application | |
| run: npm run build | |
| working-directory: ./frontend | |
| env: | |
| REACT_APP_API_URL: ${{ secrets.REACT_APP_API_URL }} | |
| REACT_APP_WS_URL: ${{ secrets.REACT_APP_WS_URL }} | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./frontend/coverage/lcov.info | |
| flags: frontend | |
| # Backend Tests and Build | |
| backend: | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:15 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: networkneuron_test | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| redis: | |
| image: redis:7 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 6379:6379 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: backend/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| working-directory: ./backend | |
| - name: Run linting | |
| run: npm run lint | |
| working-directory: ./backend | |
| - name: Run type checking | |
| run: npx tsc --noEmit | |
| working-directory: ./backend | |
| - name: Run database migrations | |
| run: npm run migrate | |
| working-directory: ./backend | |
| env: | |
| NODE_ENV: test | |
| DB_HOST: localhost | |
| DB_PORT: 5432 | |
| DB_NAME: networkneuron_test | |
| DB_USER: postgres | |
| DB_PASSWORD: postgres | |
| REDIS_URL: redis://localhost:6379 | |
| JWT_SECRET: test-secret-key | |
| - name: Run tests | |
| run: npm run test:coverage | |
| working-directory: ./backend | |
| env: | |
| NODE_ENV: test | |
| DB_HOST: localhost | |
| DB_PORT: 5432 | |
| DB_NAME: networkneuron_test | |
| DB_USER: postgres | |
| DB_PASSWORD: postgres | |
| REDIS_URL: redis://localhost:6379 | |
| JWT_SECRET: test-secret-key | |
| - name: Build application | |
| run: npm run build | |
| working-directory: ./backend | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./backend/coverage/lcov.info | |
| flags: backend | |
| # Security Scanning | |
| security: | |
| runs-on: ubuntu-latest | |
| needs: [frontend, backend] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| # Docker Build and Push | |
| docker: | |
| runs-on: ubuntu-latest | |
| needs: [frontend, backend, security] | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-frontend | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-backend | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push frontend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./frontend | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-frontend:${{ github.sha }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and push backend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./backend | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-backend:${{ github.sha }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Deploy to Staging | |
| deploy-staging: | |
| runs-on: ubuntu-latest | |
| needs: [docker] | |
| if: github.ref == 'refs/heads/develop' | |
| environment: staging | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Deploy to staging | |
| run: | | |
| echo "Deploying to staging environment..." | |
| # Add your staging deployment commands here | |
| # Example: kubectl apply -f k8s/staging/ | |
| # Example: docker-compose -f docker-compose.staging.yml up -d | |
| # Deploy to Production | |
| deploy-production: | |
| runs-on: ubuntu-latest | |
| needs: [docker] | |
| if: github.ref == 'refs/heads/main' | |
| environment: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Deploy to production | |
| run: | | |
| echo "Deploying to production environment..." | |
| # Add your production deployment commands here | |
| # Example: kubectl apply -f k8s/production/ | |
| # Example: docker-compose -f docker-compose.prod.yml up -d | |
| - name: Run smoke tests | |
| run: | | |
| echo "Running smoke tests..." | |
| # Add smoke tests here | |
| # Example: curl -f ${{ secrets.PRODUCTION_URL }}/health | |
| # Notification | |
| notify: | |
| runs-on: ubuntu-latest | |
| needs: [deploy-staging, deploy-production] | |
| if: always() | |
| steps: | |
| - name: Notify deployment status | |
| uses: 8398a7/action-slack@v3 | |
| if: always() | |
| with: | |
| status: ${{ job.status }} | |
| channel: '#deployments' | |
| webhook_url: ${{ secrets.SLACK_WEBHOOK }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow |