222 lines
6.8 KiB
YAML
222 lines
6.8 KiB
YAML
# CI/CD Pipeline - NixOS VM Tests Only
|
|
# All tests run in isolated NixOS VMs with native services (no Docker)
|
|
|
|
name: CI/CD
|
|
|
|
on:
|
|
push:
|
|
branches: [main, develop, '001-*']
|
|
pull_request:
|
|
branches: [main, develop]
|
|
|
|
jobs:
|
|
# NixOS VM integration tests (PostgreSQL + MinIO native services)
|
|
nixos-vm-tests:
|
|
name: VM Test - ${{ matrix.test }}
|
|
runs-on: nix
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
test:
|
|
- backend-integration # Backend + PostgreSQL + MinIO
|
|
- full-stack # Complete API stack
|
|
- performance # Benchmarks
|
|
- security # Security suite
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# Configure Attic binary cache
|
|
- name: Configure Attic cache
|
|
run: |
|
|
attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
|
|
attic use lan:webref
|
|
|
|
# Cache Nix store for faster VM builds
|
|
- name: Cache Nix store
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/.cache/nix
|
|
key: nix-vm-${{ matrix.test }}-${{ hashFiles('flake.nix', 'flake.lock', 'nixos/tests.nix') }}
|
|
restore-keys: |
|
|
nix-vm-${{ matrix.test }}-
|
|
nix-vm-
|
|
|
|
# Run NixOS VM test
|
|
- name: Run ${{ matrix.test }}
|
|
run: |
|
|
echo "🚀 Starting NixOS VM test: ${{ matrix.test }}"
|
|
nix build .#checks.${{ matrix.test }} -L --accept-flake-config
|
|
echo "✅ Test passed"
|
|
|
|
# Push to Attic cache
|
|
- name: Push to Attic cache
|
|
if: success()
|
|
run: |
|
|
attic push lan:webref result
|
|
|
|
# Archive logs on failure
|
|
- name: Archive test logs
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: vm-logs-${{ matrix.test }}
|
|
path: result/
|
|
retention-days: 3
|
|
|
|
# Quick checks (no VM needed)
|
|
lint:
|
|
name: Linting & Formatting
|
|
runs-on: nix
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# Configure Attic cache
|
|
- name: Configure Attic cache
|
|
run: |
|
|
attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
|
|
attic use lan:webref
|
|
|
|
# Cache node_modules for linting
|
|
- name: Cache node_modules
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: frontend/node_modules
|
|
key: npm-${{ hashFiles('frontend/package-lock.json') }}
|
|
restore-keys: npm-
|
|
|
|
- name: Backend - Ruff check
|
|
run: nix develop --command bash -c "cd backend && ruff check app/"
|
|
|
|
- name: Backend - Ruff format check
|
|
run: nix develop --command bash -c "cd backend && ruff format --check app/"
|
|
|
|
- name: Frontend - Install deps (if needed)
|
|
run: nix develop --command bash -c "cd frontend && [ -d node_modules ] || npm ci"
|
|
|
|
- name: Frontend - ESLint
|
|
run: nix develop --command bash -c "cd frontend && npm run lint"
|
|
|
|
- name: Frontend - Prettier check
|
|
run: nix develop --command bash -c "cd frontend && npx prettier --check ."
|
|
|
|
- name: Frontend - Svelte check
|
|
run: nix develop --command bash -c "cd frontend && npm run check"
|
|
|
|
- name: Nix - Flake check
|
|
run: nix flake check --accept-flake-config
|
|
|
|
# Unit tests (fast, no services needed)
|
|
unit-tests:
|
|
name: Unit Tests
|
|
runs-on: nix
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# Configure Attic cache
|
|
- name: Configure Attic cache
|
|
run: |
|
|
attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
|
|
attic use lan:webref
|
|
|
|
# Cache pytest discovery
|
|
- name: Cache pytest
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: backend/.pytest_cache
|
|
key: pytest-${{ hashFiles('backend/tests/**/*.py') }}
|
|
|
|
# Cache node_modules
|
|
- name: Cache node_modules
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: frontend/node_modules
|
|
key: npm-${{ hashFiles('frontend/package-lock.json') }}
|
|
restore-keys: npm-
|
|
|
|
- name: Backend unit tests
|
|
run: |
|
|
nix develop --command bash -c "
|
|
cd backend &&
|
|
pytest tests/unit/ -v \
|
|
--cov=app \
|
|
--cov-report=xml \
|
|
--cov-report=term-missing \
|
|
--cov-fail-under=80
|
|
"
|
|
|
|
- name: Frontend - Install deps (if needed)
|
|
run: nix develop --command bash -c "cd frontend && [ -d node_modules ] || npm ci"
|
|
|
|
- name: Frontend unit tests
|
|
run: nix develop --command bash -c "cd frontend && npm run test:coverage"
|
|
|
|
- name: Upload coverage
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: coverage-reports
|
|
path: |
|
|
backend/coverage.xml
|
|
backend/htmlcov/
|
|
frontend/coverage/
|
|
retention-days: 7
|
|
|
|
# Verify packages build
|
|
build:
|
|
name: Build Packages
|
|
runs-on: nix
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# Configure Attic cache
|
|
- name: Configure Attic cache
|
|
run: |
|
|
attic login lan http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
|
|
attic use lan:webref
|
|
|
|
- name: Build backend package
|
|
run: nix build .#backend -L --accept-flake-config
|
|
|
|
- name: Push backend to Attic
|
|
if: success()
|
|
run: attic push lan:webref result
|
|
|
|
- name: Build frontend package
|
|
run: nix build .#frontend -L --accept-flake-config
|
|
|
|
- name: Push frontend to Attic
|
|
if: success()
|
|
run: attic push lan:webref result
|
|
|
|
# Summary
|
|
summary:
|
|
name: CI Summary
|
|
runs-on: nix
|
|
needs: [nixos-vm-tests, lint, unit-tests, build]
|
|
if: always()
|
|
|
|
steps:
|
|
- name: Results
|
|
run: |
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo "📊 CI Pipeline Results"
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo "NixOS VMs: ${{ needs.nixos-vm-tests.result }}"
|
|
echo "Linting: ${{ needs.lint.result }}"
|
|
echo "Unit Tests: ${{ needs.unit-tests.result }}"
|
|
echo "Build: ${{ needs.build.result }}"
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
|
|
if [[ "${{ needs.nixos-vm-tests.result }}" != "success" ]] || \
|
|
[[ "${{ needs.lint.result }}" != "success" ]] || \
|
|
[[ "${{ needs.unit-tests.result }}" != "success" ]] || \
|
|
[[ "${{ needs.build.result }}" != "success" ]]; then
|
|
echo "❌ Pipeline Failed"
|
|
exit 1
|
|
fi
|
|
|
|
echo "✅ All Checks Passed"
|