edits to test files #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| NODE_VERSION: '18' | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # Test Job | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:15 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: worrybox_test | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| redis: | |
| image: redis:7 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 6379:6379 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: | | |
| backend/package-lock.json | |
| frontend/package-lock.json | |
| # Backend Tests | |
| - name: Install backend dependencies | |
| run: | | |
| cd backend | |
| npm ci | |
| - name: Run backend linting | |
| run: | | |
| cd backend | |
| npm run lint | |
| - name: Setup test database | |
| run: | | |
| cd backend | |
| npx prisma migrate deploy | |
| env: | |
| DATABASE_URL: postgresql://postgres:postgres@localhost:5432/worrybox_test | |
| - name: Run backend tests | |
| run: | | |
| cd backend | |
| npm run test:ci | |
| env: | |
| NODE_ENV: test | |
| DATABASE_URL: postgresql://postgres:postgres@localhost:5432/worrybox_test | |
| JWT_SECRET: test-jwt-secret-key-for-testing-only | |
| JWT_REFRESH_SECRET: test-refresh-secret-key-for-testing-only | |
| OPENAI_API_KEY: test-openai-key | |
| LEMONSQUEEZY_API_KEY: test-lemonsqueezy-key | |
| LEMONSQUEEZY_STORE_ID: test-store-id | |
| LEMONSQUEEZY_WEBHOOK_SECRET: test-webhook-secret | |
| EMAIL_HOST: smtp.test.com | |
| EMAIL_PORT: 587 | |
| EMAIL_USER: test@example.com | |
| EMAIL_PASS: test-password | |
| REDIS_URL: redis://localhost:6379 | |
| # Frontend Tests | |
| - name: Install frontend dependencies | |
| run: | | |
| cd frontend | |
| npm ci | |
| - name: Run frontend linting | |
| run: | | |
| cd frontend | |
| npm run lint | |
| - name: Run frontend tests | |
| run: | | |
| cd frontend | |
| npm run test -- --run | |
| - name: Build frontend | |
| run: | | |
| cd frontend | |
| npm run build | |
| # Security Scan | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| # Build and Push Docker Images | |
| build: | |
| name: Build Docker Images | |
| runs-on: ubuntu-latest | |
| needs: [test, security] | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for backend | |
| id: meta-backend | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-backend | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push backend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile.backend | |
| push: true | |
| tags: ${{ steps.meta-backend.outputs.tags }} | |
| labels: ${{ steps.meta-backend.outputs.labels }} | |
| - name: Extract metadata for frontend | |
| id: meta-frontend | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-frontend | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push frontend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile.frontend | |
| push: true | |
| tags: ${{ steps.meta-frontend.outputs.tags }} | |
| labels: ${{ steps.meta-frontend.outputs.labels }} | |
| # Deploy to Production | |
| deploy: | |
| name: Deploy to Production | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' | |
| environment: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Deploy to production server | |
| uses: appleboy/ssh-action@v1.0.0 | |
| with: | |
| host: ${{ secrets.PRODUCTION_HOST }} | |
| username: ${{ secrets.PRODUCTION_USER }} | |
| key: ${{ secrets.PRODUCTION_SSH_KEY }} | |
| port: ${{ secrets.PRODUCTION_PORT || 22 }} | |
| script: | | |
| cd /opt/worrybox | |
| git pull origin main | |
| chmod +x scripts/deploy.sh | |
| ./scripts/deploy.sh | |
| - name: Health Check | |
| run: | | |
| sleep 60 | |
| curl -f https://${{ secrets.PRODUCTION_DOMAIN }}/health || exit 1 | |
| echo "Production deployment successful!" | |
| # Notify on Success/Failure | |
| notify: | |
| name: Notify Deployment Status | |
| runs-on: ubuntu-latest | |
| needs: [deploy] | |
| if: always() | |
| steps: | |
| - name: Notify success | |
| if: needs.deploy.result == 'success' | |
| run: | | |
| echo "✅ Deployment successful!" | |
| # Add notification logic here (Slack, Discord, email, etc.) | |
| - name: Notify failure | |
| if: needs.deploy.result == 'failure' | |
| run: | | |
| echo "❌ Deployment failed!" | |
| # Add notification logic here (Slack, Discord, email, etc.) |