admin
87 lines
2.9 KiB
YAML
87 lines
2.9 KiB
YAML
name: CI / CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [main, develop]
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
# ============================================================
|
|
# JOB 1 : CI & Quality Gate
|
|
# ============================================================
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: 📥 Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 📦 Install pnpm
|
|
run: npm install -g pnpm@10.32.1
|
|
|
|
- name: 🟢 Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: 'npm' # Note: cache: 'pnpm' requires additional setup action, using npm cache for basic caching or skipping, but we can just use simple setup
|
|
|
|
- name: 📦 Install deps
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: 🧹 Lint
|
|
run: pnpm lint
|
|
|
|
- name: 🔍 Security & quality checks
|
|
run: |
|
|
# UUID misuse check (ADR-019)
|
|
if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "parseInt(.*uuid" .; then
|
|
echo "❌ UUID misuse detected"
|
|
exit 1
|
|
fi
|
|
# console.log check (Clean Code)
|
|
if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "console.log" .; then
|
|
echo "❌ console.log detected"
|
|
exit 1
|
|
fi
|
|
|
|
- name: 🧪 Run Tests & Coverage
|
|
run: |
|
|
cd backend && pnpm test --watchAll=false
|
|
cd ../frontend && pnpm test run
|
|
|
|
# ============================================================
|
|
# JOB 2 : Deploy — Trigger Blue-Green on QNAP
|
|
# ============================================================
|
|
deploy:
|
|
needs: build
|
|
if: github.ref == 'refs/heads/main'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: 🚀 Trigger Deployment on QNAP
|
|
uses: appleboy/ssh-action@v1.0.3
|
|
with:
|
|
host: ${{ secrets.HOST }}
|
|
username: ${{ secrets.USERNAME }}
|
|
password: ${{ secrets.PASSWORD }}
|
|
port: ${{ secrets.PORT }}
|
|
timeout: 1200s
|
|
command_timeout: 900s
|
|
script_stop_signal: true
|
|
script: |
|
|
set -e
|
|
export PATH="/share/CACHEDEV1_DATA/.qpkg/container-station/bin:/opt/bin:/usr/local/bin:/usr/bin:/bin:$PATH"
|
|
|
|
# Sync scripts first
|
|
echo "📂 Syncing deployment scripts..."
|
|
cd /share/np-dms/app/source/lcbp3
|
|
git fetch origin main
|
|
git reset --hard origin/main
|
|
|
|
# Ensure scripts are executable
|
|
chmod +x scripts/deploy.sh scripts/rollback.sh
|
|
|
|
echo "🚀 Executing Blue-Green deployment..."
|
|
# Pass registry credentials if needed by the pull command in deploy.sh
|
|
export DB_PASSWORD="${{ secrets.DB_PASSWORD }}"
|
|
./scripts/deploy.sh
|