yousafzeb-byte
diff --git a/‎.env.example‎
Lines changed: 17 additions & 0 deletions b/‎.env.example‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 179 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 179 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 9 additions & 0 deletions b/‎.gitignore‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 21 additions & 0 deletions b/‎LICENSE‎
Lines changed: 21 additions & 0 deletions
@@ -0,0 +1,17 @@
+# Required — application will NOT start without these
+SECRET_KEY=generate-a-strong-random-key-here
+JWT_SECRET_KEY=generate-a-different-strong-random-key-here
+DB_PASSWORD=generate-a-strong-database-password
+
+# Optional — AI analysis (falls back to mock if unset)
+OPENAI_API_KEY=
+
+# Optional — defaults shown
+FRONTEND_URL=http://localhost
+RATELIMIT_STORAGE_URI=redis://redis:6379/0
+
+# Frontend (used at build time)
+VITE_API_URL=/api
+
+# Development only
+FLASK_DEBUG=false
@@ -0,0 +1,179 @@
+name: CI/CD
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+env:
+  REGISTRY: ghcr.io
+  BACKEND_IMAGE: ghcr.io/${{ github.repository }}/backend
+  FRONTEND_IMAGE: ghcr.io/${{ github.repository }}/frontend
+
+jobs:
+  # ── CI: Lint, Test & Security Audit ──────────────────────────
+
+  backend-test:
+    name: Backend — Lint & Test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: backend
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: pip
+          cache-dependency-path: backend/requirements.txt
+
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Lint with pyright
+        run: pip install pyright && pyright app/
+
+      - name: Run tests
+        env:
+          SECRET_KEY: ci-test-secret
+          JWT_SECRET_KEY: ci-test-jwt-secret
+          DATABASE_URL: "sqlite:///:memory:"
+        run: python -m pytest tests/ -v --tb=short
+
+      - name: Security audit
+        continue-on-error: true
+        run: pip install pip-audit && pip-audit
+
+  frontend-test:
+    name: Frontend — Lint, Type Check & Test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: frontend
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npx tsc --noEmit
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Run tests
+        run: npm test
+
+      - name: Security audit
+        continue-on-error: true
+        run: npm audit --audit-level=high
+
+  # ── CD: Build & Push Docker Images ──────────────────────────
+
+  build-and-push:
+    name: Build & Push Docker Images
+    runs-on: ubuntu-latest
+    needs: [backend-test, frontend-test]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata
+        id: meta
+        run: |
+          echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT
+
+      - name: Build & push backend image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          push: true
+          tags: |
+            ${{ env.BACKEND_IMAGE }}:latest
+            ${{ env.BACKEND_IMAGE }}:${{ steps.meta.outputs.sha_short }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build & push frontend image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./frontend
+          push: true
+          tags: |
+            ${{ env.FRONTEND_IMAGE }}:latest
+            ${{ env.FRONTEND_IMAGE }}:${{ steps.meta.outputs.sha_short }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  # ── CD: Deploy (staging simulation) ─────────────────────────
+
+  deploy:
+    name: Deploy to Staging
+    runs-on: ubuntu-latest
+    needs: [build-and-push]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment:
+      name: staging
+      url: https://staging.example.com
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Deploy notification
+        run: |
+          echo "🚀 Deploying commit ${{ github.sha }}"
+          echo "   Backend:  ${{ env.BACKEND_IMAGE }}:latest"
+          echo "   Frontend: ${{ env.FRONTEND_IMAGE }}:latest"
+
+      - name: Verify Docker Compose config
+        env:
+          DB_PASSWORD: ci-placeholder
+          SECRET_KEY: ci-placeholder
+          JWT_SECRET_KEY: ci-placeholder
+        run: docker compose config --quiet
+
+      - name: Smoke test — container builds
+        env:
+          DB_PASSWORD: ci-placeholder
+          SECRET_KEY: ci-placeholder
+          JWT_SECRET_KEY: ci-placeholder
+          FRONTEND_URL: "https://staging.example.com"
+        run: |
+          docker compose build
+          echo "✅ All containers build successfully"
+
+      - name: Deployment summary
+        run: |
+          echo "## Deployment Summary" >> $GITHUB_STEP_SUMMARY
+          echo "| Item | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| **Commit** | \`$(git rev-parse --short HEAD)\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Backend Image** | \`${{ env.BACKEND_IMAGE }}:latest\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Frontend Image** | \`${{ env.FRONTEND_IMAGE }}:latest\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Status** | ✅ Ready for production |" >> $GITHUB_STEP_SUMMARY
@@ -0,0 +1,9 @@
+node_modules/
+dist/
+.env
+__pycache__/
+*.pyc
+uploads/
+migrations/
+*.db
+.venv/
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yousaf Zeb
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.