185 lines
5.6 KiB
YAML
185 lines
5.6 KiB
YAML
name: CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [main, develop, '001-*']
|
|
pull_request:
|
|
branches: [main, develop]
|
|
|
|
jobs:
|
|
# NixOS VM integration tests (PostgreSQL + MinIO native services)
|
|
nixos-vm-tests:
|
|
name: VM Test - ${{ matrix.test }}
|
|
runs-on: nixos
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
test:
|
|
- backend-integration
|
|
- full-stack
|
|
- performance
|
|
- security
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Configure Attic cache
|
|
run: |
|
|
attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
|
|
|
|
- name: Run NixOS VM test
|
|
run: |
|
|
echo "Running ${{ matrix.test }} test..."
|
|
nix build .#checks.x86_64-linux.${{ matrix.test }} --quiet --accept-flake-config
|
|
|
|
- name: Push to Attic cache
|
|
if: success()
|
|
run: |
|
|
nix build .#checks.x86_64-linux.${{ matrix.test }} --print-out-paths | attic push lan:webref --stdin
|
|
|
|
# Backend linting (using Nix flake app)
|
|
lint-backend:
|
|
name: Backend Linting
|
|
runs-on: nixos
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run backend linting
|
|
run: nix run .#lint-backend
|
|
|
|
# Frontend linting (using Nix flake app)
|
|
lint-frontend:
|
|
name: Frontend Linting
|
|
runs-on: nixos
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install dependencies and run linting
|
|
run: |
|
|
# Copy frontend to /tmp to avoid noexec issues with DynamicUser
|
|
cp -r frontend /tmp/frontend-build
|
|
|
|
# Install dependencies in executable location
|
|
nix develop --quiet --command bash -c "
|
|
cd /tmp/frontend-build
|
|
npm ci --prefer-offline --no-audit
|
|
|
|
# Run linting from the executable location
|
|
echo '🔍 Linting frontend TypeScript/Svelte code...'
|
|
npm run lint
|
|
npx prettier --check src/
|
|
npm run check
|
|
"
|
|
|
|
# Cleanup
|
|
rm -rf /tmp/frontend-build
|
|
|
|
# Nix flake check (needs Nix)
|
|
nix-check:
|
|
name: Nix Flake Check
|
|
runs-on: nixos
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Flake check
|
|
run: nix flake check --quiet --accept-flake-config
|
|
|
|
# Unit tests - DISABLED until tests are written (Phase 23)
|
|
# unit-tests:
|
|
# name: Unit Tests
|
|
# runs-on: nixos
|
|
#
|
|
# steps:
|
|
# - name: Checkout repository
|
|
# uses: actions/checkout@v4
|
|
#
|
|
# - name: Configure Attic cache
|
|
# run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
|
|
#
|
|
# - name: Backend unit tests
|
|
# run: |
|
|
# nix develop --command bash -c "
|
|
# cd backend &&
|
|
# pytest tests/unit/ -v \
|
|
# --cov=app \
|
|
# --cov-report=xml \
|
|
# --cov-report=term-missing
|
|
# "
|
|
#
|
|
# - name: Frontend - Install deps
|
|
# run: |
|
|
# nix develop --command bash -c "
|
|
# cd frontend &&
|
|
# npm ci --prefer-offline --no-audit
|
|
# "
|
|
#
|
|
# - name: Frontend unit tests
|
|
# run: nix develop --command bash -c "cd frontend && npm run test:coverage"
|
|
|
|
# Build packages - DISABLED until packages are properly configured
|
|
# TODO: Enable when backend pyproject.toml is set up and frontend package is ready
|
|
# build:
|
|
# name: Build Packages
|
|
# runs-on: nixos
|
|
#
|
|
# steps:
|
|
# - name: Checkout repository
|
|
# uses: actions/checkout@v4
|
|
#
|
|
# - name: Configure Attic cache
|
|
# run: attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
|
|
#
|
|
# - name: Build backend package
|
|
# run: |
|
|
# echo "Building backend package..."
|
|
# nix build .#backend --quiet --accept-flake-config
|
|
#
|
|
# - name: Push backend to Attic
|
|
# if: success()
|
|
# run: nix build .#backend --print-out-paths | attic push lan:webref --stdin
|
|
#
|
|
# - name: Build frontend package
|
|
# run: |
|
|
# echo "Building frontend package..."
|
|
# nix build .#frontend --quiet --accept-flake-config
|
|
#
|
|
# - name: Push frontend to Attic
|
|
# if: success()
|
|
# run: nix build .#frontend --print-out-paths | attic push lan:webref --stdin
|
|
|
|
# Summary
|
|
summary:
|
|
name: CI Summary
|
|
runs-on: nixos
|
|
needs: [nixos-vm-tests, lint-backend, lint-frontend, nix-check]
|
|
if: always()
|
|
|
|
steps:
|
|
- name: Check results
|
|
run: |
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo "📊 CI Pipeline Results"
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo "NixOS VMs: ${{ needs.nixos-vm-tests.result }}"
|
|
echo "Backend Lint: ${{ needs.lint-backend.result }}"
|
|
echo "Frontend Lint: ${{ needs.lint-frontend.result }}"
|
|
echo "Nix Check: ${{ needs.nix-check.result }}"
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
|
|
if [[ "${{ needs.nixos-vm-tests.result }}" != "success" ]] || \
|
|
[[ "${{ needs.lint-backend.result }}" != "success" ]] || \
|
|
[[ "${{ needs.lint-frontend.result }}" != "success" ]] || \
|
|
[[ "${{ needs.nix-check.result }}" != "success" ]]; then
|
|
echo "❌ Pipeline Failed"
|
|
exit 1
|
|
fi
|
|
|
|
echo "✅ All Checks Passed"
|