Initial Backend Fixes #836
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| schedule: | |
| - cron: '0 0 * * 0' # Weekly on Sunday at midnight | |
| env: | |
| CI: true | |
| FORCE_COLOR: true | |
| NODE_ENV: test | |
| jobs: | |
| backend-ci: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [18.x, 20.x] | |
| defaults: | |
| run: | |
| working-directory: src/backend | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| src/backend/node_modules | |
| ~/.npm | |
| key: npm-deps-${{ runner.os }}-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| npm-deps-${{ runner.os }}-${{ matrix.node-version }}- | |
| npm-deps-${{ runner.os }}- | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run linting | |
| run: npm run lint:fix | |
| - name: Type checking | |
| run: npm run typecheck | |
| - name: Run unit tests | |
| run: npm run test:coverage | |
| env: | |
| JEST_JUNIT_OUTPUT_DIR: ./test-results/ | |
| JEST_JUNIT_OUTPUT_NAME: backend-test-results.xml | |
| - name: Run integration tests | |
| run: npm run test -- --testPathPattern=integration | |
| env: | |
| JEST_JUNIT_OUTPUT_DIR: ./test-results/ | |
| JEST_JUNIT_OUTPUT_NAME: backend-integration-results.xml | |
| - name: Security audit | |
| run: npm run test:security | |
| - name: Upload test coverage | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: backend-coverage-${{ matrix.node-version }} | |
| path: src/backend/coverage | |
| retention-days: 30 | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: backend-security-${{ matrix.node-version }} | |
| path: src/backend/security-reports | |
| retention-days: 30 | |
| frontend-ci: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [18.x, 20.x] | |
| defaults: | |
| run: | |
| working-directory: src/web | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| src/web/node_modules | |
| ~/.npm | |
| key: npm-deps-${{ runner.os }}-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| npm-deps-${{ runner.os }}-${{ matrix.node-version }}- | |
| npm-deps-${{ runner.os }}- | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run linting | |
| run: npm run lint:fix | |
| - name: Type checking | |
| run: npm run typecheck | |
| - name: Run unit tests | |
| run: npm run test:coverage | |
| env: | |
| JEST_JUNIT_OUTPUT_DIR: ./test-results/ | |
| JEST_JUNIT_OUTPUT_NAME: frontend-test-results.xml | |
| - name: Build application | |
| run: npm run build | |
| - name: Security audit | |
| run: npm audit | |
| - name: Upload test coverage | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: frontend-coverage-${{ matrix.node-version }} | |
| path: src/web/coverage | |
| retention-days: 30 | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: frontend-security-${{ matrix.node-version }} | |
| path: src/web/security-reports | |
| retention-days: 30 | |
| security-scan: | |
| runs-on: ubuntu-latest | |
| needs: [backend-ci, frontend-ci] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: javascript, typescript | |
| queries: security-extended,security-and-quality | |
| - name: Run CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '18.x' | |
| - name: Run OWASP Dependency Check | |
| run: | | |
| npm install -g @owasp/dependency-check | |
| dependency-check --project "Startup Metrics" --scan . --format HTML --format JSON | |
| - name: Run Snyk Security Scan | |
| run: | | |
| npm install -g snyk | |
| snyk test --all-projects --severity-threshold=high | |
| - name: Upload Security Reports | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: security-reports | |
| path: | | |
| **/security-reports/ | |
| **/dependency-check-report.html | |
| **/snyk-report.json | |
| retention-days: 30 |