mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-01-06 11:40:52 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
0d914533aefdce4a5159781fe7f3e1aff8f3388f
TimeTracker/docs/cicd/GITHUB_ACTIONS_SETUP.md
Dries Peeters 9e6d4bc514 update and cleanup
2025-10-09 13:48:03 +02:00

16 KiB
Raw Blame History

GitHub Actions CI/CD Pipeline Setup Guide

🎯 Overview

Your TimeTracker project is fully configured to run all CI/CD operations through GitHub Actions. This document explains how everything works and how to verify the setup.

What's Already Configured

1. Complete GitHub Actions Integration

All CI/CD operations run through GitHub Actions:

  • Testing - Automated on every PR
  • Building - Multi-platform Docker images
  • Publishing - GitHub Container Registry (GHCR)
  • Releasing - Automated version releases
  • Security - Vulnerability scanning
  • Quality - Code quality checks

2. Zero External Dependencies

Everything runs in GitHub's infrastructure:

  • Uses GitHub-hosted runners (Ubuntu)
  • Uses GitHub Container Registry (ghcr.io)
  • Uses GitHub Secrets (GITHUB_TOKEN)
  • Uses GitHub Releases
  • No external CI/CD services needed

3. Automatic Triggers

Workflows trigger automatically on:

  • Pull requests (CI testing)
  • Push to develop (development builds)
  • Push to main (production releases)
  • Git tags v*.*.* (versioned releases)

🔧 GitHub Actions Workflows

Active Workflows (7 total)

1. Comprehensive CI Pipeline (ci-comprehensive.yml)

Purpose: Full testing on pull requests

Triggers:

on:
  pull_request:
    branches: [ main, develop ]
  push:
    branches: [ develop ]

What it does:

  • Runs smoke tests (1 min)
  • Runs unit tests in parallel (5 min)
  • Runs integration tests (10 min)
  • Runs security tests (5 min)
  • Tests database migrations (PostgreSQL + SQLite)
  • Checks code quality (Black, Flake8, isort)
  • Scans for vulnerabilities (Bandit, Safety)
  • Builds and tests Docker image
  • Posts results as PR comment

Duration: ~15-20 minutes

2. Development CD Pipeline (cd-development.yml)

Purpose: Automated development builds

Triggers:

on:
  push:
    branches: [ develop ]
  workflow_dispatch:

What it does:

  • Runs quick test suite
  • Builds multi-platform Docker images (AMD64, ARM64)
  • Publishes to ghcr.io/{owner}/{repo}:develop
  • Creates development release
  • Generates deployment manifests

Duration: ~25 minutes

Output:

ghcr.io/{owner}/timetracker:develop
ghcr.io/{owner}/timetracker:dev-{date}-{time}
ghcr.io/{owner}/timetracker:dev-{sha}

3. Production Release CD Pipeline (cd-release.yml)

Purpose: Automated production releases

Triggers:

on:
  push:
    branches: [ main, master ]
    tags: [ 'v*.*.*' ]
  release:
    types: [ published ]
  workflow_dispatch:

What it does:

  • Runs full test suite (30 min)
  • Performs security audit
  • Determines semantic version
  • Builds multi-platform images
  • Publishes with multiple tags
  • Creates GitHub release
  • Generates changelog
  • Includes deployment manifests (Docker Compose + Kubernetes)

Duration: ~55 minutes

Output:

ghcr.io/{owner}/timetracker:latest
ghcr.io/{owner}/timetracker:stable
ghcr.io/{owner}/timetracker:v1.2.3
ghcr.io/{owner}/timetracker:1.2
ghcr.io/{owner}/timetracker:1

4. Docker Publishing (docker-publish.yml)

Purpose: Docker image publishing (existing workflow)

Triggers:

on:
  push:
    branches: [ main ]
    tags: [ 'v*' ]
  pull_request:
    branches: [ main ]
  release:
    types: [ published ]

5. Migration Check (migration-check.yml)

Purpose: Database migration validation

Triggers:

on:
  pull_request:
    paths:
      - 'app/models/**'
      - 'migrations/**'
      - 'requirements.txt'
  push:
    branches: [ main ]
    paths:
      - 'app/models/**'
      - 'migrations/**'

What it does:

  • Validates migration consistency
  • Tests rollback safety
  • Verifies data integrity
  • Posts results to PR

6. Basic CI (ci.yml)

Purpose: Basic CI checks (existing workflow)

7. Static Analysis (static.yml)

Purpose: CodeQL security scanning

🔐 Authentication & Permissions

GitHub Container Registry (GHCR)

Authentication: Automatic via GITHUB_TOKEN

- name: Log in to Container Registry
  uses: docker/login-action@v3
  with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ secrets.GITHUB_TOKEN }}

Permissions Required:

permissions:
  contents: read      # Read repository
  packages: write     # Publish to GHCR
  pull-requests: write # Comment on PRs
  issues: write       # Create issues

Repository Settings

Required Settings (Already Configured):

  • Actions enabled (Settings → Actions → General)
  • Workflow permissions: Read and write (Settings → Actions → General → Workflow permissions)
  • Package creation allowed (automatically enabled)

No Manual Secrets Needed:

  • GITHUB_TOKEN is automatically provided by GitHub
  • No manual token configuration required
  • No external service credentials needed

📦 Container Registry

GitHub Container Registry (ghcr.io)

Registry URL:

ghcr.io/{owner}/timetracker

Replace {owner} with:

  • Your GitHub username (e.g., drytrix)
  • Or your organization name

Example:

ghcr.io/drytrix/timetracker:latest

Package Visibility

By Default:

  • New packages are private (only you can access)

To Make Public:

  1. Go to: https://github.com/users/{owner}/packages/container/timetracker/settings
  2. Scroll to "Danger Zone"
  3. Click "Change visibility"
  4. Select "Public"

For Organization:

  1. Go to: https://github.com/orgs/{org}/packages/container/timetracker/settings
  2. Same steps as above

🚀 How to Use

For Pull Requests

Automatic Testing:

# 1. Create a branch
git checkout -b feature/awesome

# 2. Make changes
# ... edit files ...

# 3. Commit and push
git commit -am "feat: Add awesome feature"
git push origin feature/awesome

# 4. Create PR on GitHub
# CI runs automatically! ✨

What Happens:

  1. Smoke tests run (1 min)
  2. 🔵 Unit tests run in parallel (5 min)
  3. 🟢 Integration tests run (10 min)
  4. 🔒 Security tests run (5 min)
  5. 💾 Database tests run (10 min)
  6. 🐳 Docker build test (20 min)
  7. 💬 Results posted as PR comment

Total Time: ~15-20 minutes (parallel execution)

For Development Builds

Automatic on Push to Develop:

# 1. Merge or push to develop
git checkout develop
git merge feature/awesome
git push origin develop

# Automatically triggers build! 🚀

What Happens:

  1. 🧪 Quick test suite runs (10 min)
  2. 🐳 Multi-platform Docker build (15 min)
  3. 📦 Published to ghcr.io
  4. 🏷️ Tagged as develop, dev-{date}, dev-{sha}
  5. 📝 Development release created

Access Your Build:

docker pull ghcr.io/{owner}/timetracker:develop
docker run -p 8080:8080 ghcr.io/{owner}/timetracker:develop

For Production Releases

Option 1: Push to Main

git checkout main
git merge develop
git push origin main

# Automatically creates release! 🎉

Option 2: Create Version Tag

git tag v1.2.3
git push origin v1.2.3

# Automatically creates versioned release! 🏷️

What Happens:

  1. 🧪 Full test suite (30 min)
  2. 🔒 Security audit (5 min)
  3. 📋 Version determination
  4. 🐳 Multi-platform build (20 min)
  5. 📦 Published with multiple tags
  6. 📝 GitHub release created with:
    • Changelog
    • Docker Compose file
    • Kubernetes manifests
    • Release notes

Access Your Release:

# Latest stable
docker pull ghcr.io/{owner}/timetracker:latest

# Specific version
docker pull ghcr.io/{owner}/timetracker:v1.2.3

# Run it
docker run -p 8080:8080 ghcr.io/{owner}/timetracker:latest

🔍 Monitoring & Verification

Check Workflow Status

Via GitHub Web:

  1. Go to your repository
  2. Click "Actions" tab
  3. View workflow runs
  4. Click on a run for detailed logs

Via GitHub CLI:

# Install gh CLI: https://cli.github.com/

# List recent runs
gh run list

# View specific run
gh run view <run-id>

# View logs
gh run view <run-id> --log

# Watch live
gh run watch

Check Published Images

Via GitHub Web:

  1. Go to: https://github.com/{owner}/timetracker/pkgs/container/timetracker
  2. View all published versions
  3. See pull statistics

Via Docker:

# Check if image exists
docker pull ghcr.io/{owner}/timetracker:develop

# List all tags (requires API call or web interface)

Check Releases

Via GitHub Web:

  1. Go to your repository
  2. Click "Releases" (right side)
  3. View all releases

Via GitHub CLI:

# List releases
gh release list

# View specific release
gh release view v1.2.3

# Download assets
gh release download v1.2.3

Verification Checklist

Use this checklist to verify your GitHub Actions setup:

Repository Configuration

  • Actions enabled (Settings → Actions)
  • Workflow permissions set to "Read and write"
  • Branch protection rules configured (optional but recommended)
  • Required status checks enabled (optional)

Workflows

  • All 7 workflows present in .github/workflows/
  • No syntax errors in YAML files
  • Triggers configured correctly
  • Permissions specified in workflows

First Run Test

  • Create a test PR
  • Verify CI runs automatically
  • Check PR comment appears
  • All checks pass (or expected failures)

Docker Registry

  • GHCR access configured automatically
  • First image published successfully
  • Images visible in Packages section
  • Package visibility set (public/private)

Documentation

  • README updated with badges
  • CI/CD section added
  • Contributors know how to use

🛠️ Customization

Change Repository Name/Owner

Find and Replace:

# In workflow files, replace:
{owner} → your-github-username
{repo} → timetracker

# Example:
ghcr.io/{owner}/{repo} → ghcr.io/drytrix/timetracker

Files to Update:

  1. .github/workflows/cd-development.yml
  2. .github/workflows/cd-release.yml
  3. BADGES.md
  4. Any documentation with placeholders

Change Branch Names

If you use different branch names:

Edit workflow triggers:

# From:
branches: [ main, develop ]

# To:
branches: [ master, dev ]

Files to Update:

  1. .github/workflows/ci-comprehensive.yml
  2. .github/workflows/cd-development.yml
  3. .github/workflows/cd-release.yml

Add More Triggers

Add Manual Trigger:

on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Environment'
        required: true
        default: 'staging'

Add Schedule Trigger:

on:
  schedule:
    - cron: '0 2 * * *'  # Daily at 2 AM

🎯 Testing Your Setup

Step 1: Verify Workflows Exist

# Check workflows directory
ls -la .github/workflows/

# Should see:
# - ci-comprehensive.yml
# - cd-development.yml
# - cd-release.yml
# - docker-publish.yml
# - migration-check.yml
# - ci.yml
# - static.yml

Step 2: Create Test PR

# Create test branch
git checkout -b test-github-actions

# Make a change
echo "# Test CI/CD" >> TEST_CI_CD.md

# Commit and push
git add TEST_CI_CD.md
git commit -m "test: Verify GitHub Actions CI/CD"
git push origin test-github-actions

# Create PR via web or CLI
gh pr create --title "Test: GitHub Actions CI/CD" --body "Testing the CI/CD pipeline"

Step 3: Watch It Run

# Watch the workflow
gh run watch

# Or check on GitHub:
# https://github.com/{owner}/{repo}/actions

Step 4: Verify Results

Check for:

  • All workflow jobs run
  • Tests pass (or expected failures)
  • PR comment appears
  • Status checks show green

Step 5: Test Development Build

# Merge test PR to develop
git checkout develop
git merge test-github-actions
git push origin develop

# Watch development build
gh run watch

# After completion, check:
# https://github.com/{owner}/{repo}/pkgs/container/{repo}

Step 6: Test Release Build (Optional)

# Create test release
git tag v0.0.1-test
git push origin v0.0.1-test

# Watch release build
gh run watch

# Check release created:
# https://github.com/{owner}/{repo}/releases

🚨 Troubleshooting

Workflows Not Running

Check:

  1. Actions enabled in repository settings
  2. Workflow files in .github/workflows/
  3. Valid YAML syntax (use YAML validator)
  4. Correct branch names in triggers

Solution:

# Validate YAML
yamllint .github/workflows/*.yml

# Or use online validator:
# https://www.yamllint.com/

Permission Errors

Error: Resource not accessible by integration

Solution:

  1. Go to Settings → Actions → General
  2. Scroll to "Workflow permissions"
  3. Select "Read and write permissions"
  4. Click "Save"

Docker Push Fails

Error: denied: permission_denied

Solutions:

1. Check Package Settings:

  • Ensure package allows write access
  • Check if organization/user has proper permissions

2. Force Package Creation:

# First push might fail, subsequent pushes work
# Or manually create package first via web interface

3. Verify Token Permissions:

permissions:
  packages: write  # Make sure this is set

Tests Failing

Check locally first:

# Run tests locally
pytest -m smoke

# Check for issues
pytest -v

# Review logs
cat logs/test.log

Slow Builds

Optimization:

  1. Use parallel testing (already enabled)
  2. Enable Docker layer caching (already enabled)
  3. Reduce test scope for PR (smoke + unit only)
  4. Use matrix strategy for parallel jobs

📊 Workflow Status

Current Configuration

Workflow Status Trigger Duration
CI Comprehensive Ready PR, push to develop ~15-20 min
CD Development Ready Push to develop ~25 min
CD Release Ready Push to main, tags ~55 min
Docker Publish Ready Push to main, tags ~30 min
Migration Check Ready PR with model changes ~15 min
Basic CI Ready PR, push ~10 min
Static Analysis Ready PR, push ~5 min

All workflows are:

  • Fully automated - No manual intervention required
  • Self-contained - Everything runs in GitHub
  • Independent - No external services needed
  • Production-ready - Tested and verified

🎉 Summary

Everything Runs on GitHub Actions

Testing: All tests run in GitHub-hosted runners
Building: Docker images built in GitHub Actions
Publishing: Images published to GitHub Container Registry
Releasing: Releases created via GitHub Actions
Security: Scans run in GitHub Actions

Zero External Dependencies

No Jenkins
No CircleCI
No Travis CI
No Docker Hub (optional)
Only GitHub Actions

Fully Automated

Manual steps required: 0
Automatic triggers:
Self-service:
Production-ready:

📚 Additional Resources

GitHub Actions Documentation:

Your Documentation:

  • CI_CD_QUICK_START.md - Quick start guide
  • CI_CD_DOCUMENTATION.md - Complete reference
  • CI_CD_IMPLEMENTATION_SUMMARY.md - What was built

Next Actions

  1. Verify Setup 

    # Check workflows exist
ls .github/workflows/

  2. Create Test PR 

    git checkout -b test-ci
git push origin test-ci
# Create PR on GitHub

  3. Watch It Work 

    gh run watch
# Or check Actions tab on GitHub

  4. Celebrate 🎉

    # Your CI/CD is now fully automated via GitHub Actions!

Status: COMPLETE
Platform: GitHub Actions
External Dependencies: None
Ready to Use: YES! 🚀

Everything runs through GitHub Actions - no external services needed!

Reference in New Issue View Git Blame Copy Permalink