Skip to content
Continuous Integration

Continuous Integration #860

Sign in to view logs

Continuous Integration

Continuous Integration #860

Workflow file for this run

.github/workflows/ci.yml at a590c96
name: Continuous Integration
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
schedule:
- cron: '0 0 * * 0' # Weekly on Sunday at midnight
env:
CI: true
FORCE_COLOR: true
NODE_ENV: test
jobs:
backend-ci:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x]
defaults:
run:
working-directory: src/backend
steps:
- uses: actions/checkout@v3
- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Cache dependencies
uses: actions/cache@v3
with:
path: |
src/backend/node_modules
~/.npm
key: npm-deps-${{ runner.os }}-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
npm-deps-${{ runner.os }}-${{ matrix.node-version }}-
npm-deps-${{ runner.os }}-
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint:fix
- name: Type checking
run: npm run typecheck
- name: Run unit tests
run: npm run test:coverage
env:
JEST_JUNIT_OUTPUT_DIR: ./test-results/
JEST_JUNIT_OUTPUT_NAME: backend-test-results.xml
- name: Run integration tests
run: npm run test -- --testPathPattern=integration
env:
JEST_JUNIT_OUTPUT_DIR: ./test-results/
JEST_JUNIT_OUTPUT_NAME: backend-integration-results.xml
- name: Security audit
run: npm run test:security
- name: Upload test coverage
uses: actions/upload-artifact@v3
with:
name: backend-coverage-${{ matrix.node-version }}
path: src/backend/coverage
retention-days: 30
- name: Upload security report
uses: actions/upload-artifact@v3
with:
name: backend-security-${{ matrix.node-version }}
path: src/backend/security-reports
retention-days: 30
frontend-ci:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x]
defaults:
run:
working-directory: src/web
steps:
- uses: actions/checkout@v3
- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Cache dependencies
uses: actions/cache@v3
with:
path: |
src/web/node_modules
~/.npm
key: npm-deps-${{ runner.os }}-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
npm-deps-${{ runner.os }}-${{ matrix.node-version }}-
npm-deps-${{ runner.os }}-
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint:fix
- name: Type checking
run: npm run typecheck
- name: Run unit tests
run: npm run test:coverage
env:
JEST_JUNIT_OUTPUT_DIR: ./test-results/
JEST_JUNIT_OUTPUT_NAME: frontend-test-results.xml
- name: Build application
run: npm run build
- name: Security audit
run: npm audit
- name: Upload test coverage
uses: actions/upload-artifact@v3
with:
name: frontend-coverage-${{ matrix.node-version }}
path: src/web/coverage
retention-days: 30
- name: Upload security report
uses: actions/upload-artifact@v3
with:
name: frontend-security-${{ matrix.node-version }}
path: src/web/security-reports
retention-days: 30
security-scan:
runs-on: ubuntu-latest
needs: [backend-ci, frontend-ci]
steps:
- uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript, typescript
queries: security-extended,security-and-quality
- name: Run CodeQL Analysis
uses: github/codeql-action/analyze@v2
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18.x'
- name: Run OWASP Dependency Check
run: |
npm install -g @owasp/dependency-check
dependency-check --project "Startup Metrics" --scan . --format HTML --format JSON
- name: Run Snyk Security Scan
run: |
npm install -g snyk
snyk test --all-projects --severity-threshold=high
- name: Upload Security Reports
uses: actions/upload-artifact@v3
with:
name: security-reports
path: |
**/security-reports/
**/dependency-check-report.html
**/snyk-report.json
retention-days: 30