name: CI/CD Pipeline on: push: branches: [main, develop, '001-*'] pull_request: branches: [main, develop] jobs: # NixOS VM integration tests (PostgreSQL + MinIO native services) nixos-vm-tests: name: VM Test - ${{ matrix.test }} runs-on: nixos strategy: fail-fast: false matrix: test: - backend-integration - full-stack - performance - security steps: - name: Checkout repository uses: actions/checkout@v4 - name: Configure Attic cache run: | attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }} - name: Run NixOS VM test run: | echo "Running ${{ matrix.test }} test..." nix build .#checks.${{ matrix.test }} -L --accept-flake-config - name: Push to Attic cache if: success() run: | nix build .#checks.${{ matrix.test }} --print-out-paths | attic push lan:webref --stdin # Quick checks (linting & formatting) lint: name: Linting & Formatting runs-on: nixos steps: - name: Checkout repository uses: actions/checkout@v4 - name: Configure Attic cache run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }} - name: Backend - Ruff check run: nix develop --command bash -c "cd backend && ruff check app/" - name: Backend - Ruff format check run: nix develop --command bash -c "cd backend && ruff format --check app/" - name: Frontend - Install deps run: nix develop --command bash -c "cd frontend && npm ci" - name: Frontend - ESLint run: nix develop --command bash -c "cd frontend && npm run lint" - name: Frontend - Prettier check run: nix develop --command bash -c "cd frontend && npx prettier --check ." - name: Frontend - Svelte check run: nix develop --command bash -c "cd frontend && npm run check" - name: Nix - Flake check run: nix flake check --accept-flake-config # Unit tests unit-tests: name: Unit Tests runs-on: nixos steps: - name: Checkout repository uses: actions/checkout@v4 - name: Configure Attic cache run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }} - name: Backend unit tests run: | nix develop --command bash -c " cd backend && pytest tests/unit/ -v \ --cov=app \ --cov-report=xml \ --cov-report=term-missing \ --cov-fail-under=80 " - name: Frontend - Install deps run: nix develop --command bash -c "cd frontend && npm ci" - name: Frontend unit tests run: nix develop --command bash -c "cd frontend && npm run test:coverage" # Build packages build: name: Build Packages runs-on: nixos steps: - name: Checkout repository uses: actions/checkout@v4 - name: Configure Attic cache run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }} - name: Build backend package run: | echo "Building backend package..." nix build .#backend -L --accept-flake-config - name: Push backend to Attic if: success() run: nix build .#backend --print-out-paths | attic push lan:webref --stdin - name: Build frontend package run: | echo "Building frontend package..." nix build .#frontend -L --accept-flake-config - name: Push frontend to Attic if: success() run: nix build .#frontend --print-out-paths | attic push lan:webref --stdin # Summary summary: name: CI Summary runs-on: nixos needs: [nixos-vm-tests, lint, unit-tests, build] if: always() steps: - name: Check results run: | echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "📊 CI Pipeline Results" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "NixOS VMs: ${{ needs.nixos-vm-tests.result }}" echo "Linting: ${{ needs.lint.result }}" echo "Unit Tests: ${{ needs.unit-tests.result }}" echo "Build: ${{ needs.build.result }}" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" if [[ "${{ needs.nixos-vm-tests.result }}" != "success" ]] || \ [[ "${{ needs.lint.result }}" != "success" ]] || \ [[ "${{ needs.unit-tests.result }}" != "success" ]] || \ [[ "${{ needs.build.result }}" != "success" ]]; then echo "❌ Pipeline Failed" exit 1 fi echo "✅ All Checks Passed"