2025-11-02 15:58:57 -06:00
1 changed files with 45 additions and 54 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -1,7 +1,4 @@
-# CI/CD Pipeline - NixOS VM Tests Only
+name: CI/CD Pipeline
 # All tests run in isolated NixOS VMs with native services (no Docker)
 name: CI/CD
 on:
  push:
@@ -13,51 +10,45 @@ jobs:
  # NixOS VM integration tests (PostgreSQL + MinIO native services)
  nixos-vm-tests:
    name: VM Test - ${{ matrix.test }}
-    runs-on: nix
+    runs-on: nixos
    strategy:
      fail-fast: false
      matrix:
        test:
-          - backend-integration    # Backend + PostgreSQL + MinIO
+          - backend-integration
-          - full-stack            # Complete API stack
+          - full-stack
-          - performance           # Benchmarks
+          - performance
-          - security              # Security suite
+          - security
    steps:
-      # Repository is automatically cloned by Gitea Actions
+      - name: Checkout repository
-      
+        uses: actions/checkout@v4
-      # Configure Attic binary cache
+
      - name: Configure Attic cache
        run: |
          attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
          attic use lan:webref
-      # Run NixOS VM test
+      - name: Run NixOS VM test
      - name: Run ${{ matrix.test }}
        run: |
-          echo "🚀 Starting NixOS VM test: ${{ matrix.test }}"
+          echo "Running ${{ matrix.test }} test..."
          nix build .#checks.${{ matrix.test }} -L --accept-flake-config
          echo "✅ Test passed"
      # Push to Attic cache
      - name: Push to Attic cache
        if: success()
        run: |
-          attic push lan:webref result
+          nix build .#checks.${{ matrix.test }} --print-out-paths | attic push lan:webref --stdin
-  # Quick checks (no VM needed)
+  # Quick checks (linting & formatting)
  lint:
    name: Linting & Formatting
-    runs-on: nix
+    runs-on: nixos
    steps:
-      # Repository is automatically cloned by Gitea Actions
+      - name: Checkout repository
-      
+        uses: actions/checkout@v4
-      # Configure Attic cache
+
      - name: Configure Attic cache
-        run: |
+        run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
          attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
          attic use lan:webref
      - name: Backend - Ruff check
        run: nix develop --command bash -c "cd backend && ruff check app/"
@@ -65,8 +56,8 @@ jobs:
      - name: Backend - Ruff format check
        run: nix develop --command bash -c "cd backend && ruff format --check app/"
-      - name: Frontend - Install deps (if needed)
+      - name: Frontend - Install deps
-        run: nix develop --command bash -c "cd frontend && [ -d node_modules ] || npm ci"
+        run: nix develop --command bash -c "cd frontend && npm ci"
      - name: Frontend - ESLint
        run: nix develop --command bash -c "cd frontend && npm run lint"
@@ -80,19 +71,17 @@ jobs:
      - name: Nix - Flake check
        run: nix flake check --accept-flake-config
-  # Unit tests (fast, no services needed)
+  # Unit tests
  unit-tests:
    name: Unit Tests
-    runs-on: nix
+    runs-on: nixos
    steps:
-      # Repository is automatically cloned by Gitea Actions
+      - name: Checkout repository
-      
+        uses: actions/checkout@v4
-      # Configure Attic cache
+
      - name: Configure Attic cache
-        run: |
+        run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
          attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
          attic use lan:webref
      - name: Backend unit tests
        run: |
@@ -105,49 +94,51 @@ jobs:
              --cov-fail-under=80
          "
-      - name: Frontend - Install deps (if needed)
+      - name: Frontend - Install deps
-        run: nix develop --command bash -c "cd frontend && [ -d node_modules ] || npm ci"
+        run: nix develop --command bash -c "cd frontend && npm ci"
      - name: Frontend unit tests
        run: nix develop --command bash -c "cd frontend && npm run test:coverage"
-  # Verify packages build
+  # Build packages
  build:
    name: Build Packages
-    runs-on: nix
+    runs-on: nixos
    steps:
-      # Repository is automatically cloned by Gitea Actions
+      - name: Checkout repository
-      
+        uses: actions/checkout@v4
-      # Configure Attic cache
+
      - name: Configure Attic cache
-        run: |
+        run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
          attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
          attic use lan:webref
      - name: Build backend package
-        run: nix build .#backend -L --accept-flake-config
+        run: |
          echo "Building backend package..."
          nix build .#backend -L --accept-flake-config
      - name: Push backend to Attic
        if: success()
-        run: attic push lan:webref result
+        run: nix build .#backend --print-out-paths | attic push lan:webref --stdin
-      - name: Build frontend package  
+      - name: Build frontend package
-        run: nix build .#frontend -L --accept-flake-config
+        run: |
          echo "Building frontend package..."
          nix build .#frontend -L --accept-flake-config
      - name: Push frontend to Attic
        if: success()
-        run: attic push lan:webref result
+        run: nix build .#frontend --print-out-paths | attic push lan:webref --stdin
  # Summary
  summary:
    name: CI Summary
-    runs-on: nix
+    runs-on: nixos
    needs: [nixos-vm-tests, lint, unit-tests, build]
    if: always()
    steps:
-      - name: Results
+      - name: Check results
        run: |
          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
          echo "📊 CI Pipeline Results"