Enhance CI/CD pipeline by adding pnpm cache setup and store directory… #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [18.x, 20.x] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| run_install: false | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - name: Setup pnpm cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run ESLint | |
| run: pnpm run lint | |
| - name: Run TypeScript check | |
| run: pnpm run type-check | |
| - name: Build application | |
| run: pnpm run build | |
| env: | |
| # Test environment variables | |
| NEXT_PUBLIC_SUPABASE_URL: "https://test.supabase.co" | |
| NEXT_PUBLIC_SUPABASE_ANON_KEY: "test_key" | |
| JWT_SECRET: "test_secret_key_for_ci_cd_pipeline_testing" | |
| NEXT_PUBLIC_RP_ID: "test.com" | |
| NEXT_PUBLIC_RP_NAME: "Test App" | |
| NEXT_PUBLIC_RP_ORIGIN: "https://test.com" | |
| NEXT_PUBLIC_APP_TITLE: "Test App" | |
| NEXT_PUBLIC_APP_DESCRIPTION: "Test Description" | |
| ENABLE_CAPTCHA: "false" | |
| NEXT_PUBLIC_ENABLE_CAPTCHA: "false" | |
| security: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18.x' | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run security audit | |
| run: pnpm audit --audit-level moderate | |
| - name: Check for secrets | |
| run: | | |
| # Basic check for potential secrets in code | |
| if grep -r "sk_.*" --exclude-dir=node_modules --exclude-dir=.git .; then | |
| echo "Potential secret found in code" | |
| exit 1 | |
| fi | |
| if grep -r "pk_.*" --exclude-dir=node_modules --exclude-dir=.git .; then | |
| echo "Potential API key found in code" | |
| exit 1 | |
| fi | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@v3 |