mirror/ackify-ce
1
0
Fork 0
mirror of https://github.com/btouchard/ackify-ce.git synced 2026-02-11 00:09:47 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
289f8cd53b2771d64bd7cfc2375d1bd5de57da30
ackify-ce/.github/workflows/ci.yml

222 lines
6.6 KiB
YAML
Raw Blame History

name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
release:
types: [ published ]
env:
REGISTRY: docker.io
IMAGE_NAME: btouchard/ackify-ce
jobs:
test:
name: Run Tests
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15-alpine
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: testpassword
POSTGRES_DB: ackify_test
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.24.5'
cache: true
- name: Download dependencies
run: |
cd backend
go mod download
- name: Run go fmt check
run: |
cd backend
if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
echo "The following files need to be formatted:"
gofmt -s -l .
exit 1
fi
- name: Run go vet
run: |
cd backend
go vet ./...
- name: Run unit tests
env:
ACKIFY_BASE_URL: "http://localhost:8080"
ACKIFY_ORGANISATION: "Test Org"
ACKIFY_OAUTH_CLIENT_ID: "test-client-id"
ACKIFY_OAUTH_CLIENT_SECRET: "test-client-secret"
ACKIFY_OAUTH_COOKIE_SECRET: "dGVzdC1jb29raWUtc2VjcmV0LXRlc3QtY29va2llLXNlY3JldA=="
run: |
cd backend
go test -v -race -short ./...
- name: Run integration tests
env:
ACKIFY_DB_DSN: "postgres://postgres:testpassword@localhost:5432/ackify_test?sslmode=disable"
INTEGRATION_TESTS: "1"
run: |
cd backend
# Run DB + admin integration tests, serialized to avoid CI flakiness
go test -v -race -tags=integration -p 1 -count=1 ./internal/infrastructure/database/... ./internal/presentation/api/admin
- name: Generate coverage report (unit+integration)
env:
ACKIFY_DB_DSN: "postgres://postgres:testpassword@localhost:5432/ackify_test?sslmode=disable"
INTEGRATION_TESTS: "1"
ACKIFY_BASE_URL: "http://localhost:8080"
ACKIFY_ORGANISATION: "Test Org"
ACKIFY_OAUTH_CLIENT_ID: "test-client-id"
ACKIFY_OAUTH_CLIENT_SECRET: "test-client-secret"
ACKIFY_OAUTH_COOKIE_SECRET: "dGVzdC1jb29raWUtc2VjcmV0LXRlc3QtY29va2llLXNlY3JldA=="
run: |
cd backend
# 1) Unit coverage (no integration tag)
go test -v -race -short -covermode=atomic -coverprofile=coverage-unit.out ./...
# 2) Integration coverage only for integration packages, serialized
go test -v -race -tags=integration -p 1 -count=1 -covermode=atomic -coverprofile=coverage-integration.out \
./internal/infrastructure/database/... \
./internal/presentation/api/admin
# 3) Merge coverage
echo "mode: atomic" > coverage.out
tail -n +2 coverage-unit.out >> coverage.out
tail -n +2 coverage-integration.out >> coverage.out
go tool cover -func=coverage.out | tail -1
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: ./backend/coverage.out
flags: unittests,integration
name: codecov-ackify-ce
fail_ci_if_error: false
verbose: true
token: ${{ secrets.CODECOV_TOKEN }}
build:
name: Build and Push Docker Image
runs-on: ubuntu-latest
needs: test
if: github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Compute IMAGE_TAG
run: |
# Strip leading 'v' from tag refs; leave branches unchanged
echo "IMAGE_TAG=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,prefix={{branch}}-,enable={{is_default_branch}}
type=sha,enable=false
type=raw,value=latest,enable=${{ github.event_name == 'release' }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ steps.meta.outputs.tags }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
VERSION=${{ github.ref_name }}
COMMIT=${{ github.sha }}
BUILD_DATE=${{ github.event.head_commit.timestamp }}
security:
name: Security Scan
runs-on: ubuntu-latest
needs: build
if: github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Compute IMAGE_TAG
run: |
# Strip leading 'v' from tag refs; leave branches unchanged
echo "IMAGE_TAG=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}'
format: 'sarif'
output: 'trivy-results.sarif'
# - name: Upload Trivy scan results to GitHub Security tab
# uses: github/codeql-action/upload-sarif@v2
# if: always()
# with:
# sarif_file: 'trivy-results.sarif'
notify:
name: Notify
runs-on: ubuntu-latest
needs: [test, build, security]
if: always() && github.event_name != 'pull_request'
steps:
- name: Notify success
if: needs.test.result == 'success' && needs.build.result == 'success'
run: |
echo "✅ CI/CD Pipeline completed successfully!"
echo "🚀 Image pushed: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
- name: Notify failure
if: needs.test.result == 'failure' || needs.build.result == 'failure'
run: |
echo "❌ CI/CD Pipeline failed!"
echo "Please check the logs above for details."
exit 1
Reference in New Issue View Git Blame Copy Permalink