name: CI Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] env: NODE_VERSION: '18.x' REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: # Code Quality Checks lint-and-format: name: Lint and Format Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: Install dependencies run: npm ci - name: Run ESLint run: npm run lint - name: Check code formatting run: npm run format:check # Security Scanning security-scan: name: Security Vulnerability Scan runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run security audit run: npm audit --audit-level=moderate - name: Run Snyk security scan uses: snyk/actions/node@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: args: --severity-threshold=high # Unit Tests unit-tests: name: Unit Tests runs-on: ubuntu-latest strategy: matrix: service: [api-gateway, orchestrator, scheduler, analytics, workflow] steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: Install dependencies working-directory: ./services/${{ matrix.service }} run: npm ci - name: Run unit tests working-directory: ./services/${{ matrix.service }} run: npm test - name: Upload coverage reports uses: codecov/codecov-action@v3 with: file: ./services/${{ matrix.service }}/coverage/lcov.info flags: ${{ matrix.service }} name: ${{ matrix.service }}-coverage # Integration Tests integration-tests: name: Integration Tests runs-on: ubuntu-latest needs: [unit-tests] services: mongodb: image: mongo:6 ports: - 27017:27017 options: >- --health-cmd "mongosh --eval 'db.adminCommand({ping: 1})'" --health-interval 10s --health-timeout 5s --health-retries 5 redis: image: redis:7 ports: - 6379:6379 options: >- --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5 elasticsearch: image: elasticsearch:8.12.0 ports: - 9200:9200 env: discovery.type: single-node xpack.security.enabled: false options: >- --health-cmd "curl -f http://localhost:9200/_cluster/health" --health-interval 10s --health-timeout 5s --health-retries 10 steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: Install dependencies run: npm ci - name: Run integration tests env: MONGODB_URI: mongodb://localhost:27017/test REDIS_HOST: localhost ELASTICSEARCH_NODE: http://localhost:9200 run: npm run test:integration # Build Docker Images build-images: name: Build Docker Images runs-on: ubuntu-latest needs: [lint-and-format, security-scan, unit-tests] strategy: matrix: service: - api-gateway - orchestrator - claude-agent - gramjs-adapter - safety-guard - analytics - compliance-guard - ab-testing - workflow - webhook - template - i18n - user-management - scheduler - logging steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.service }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha,prefix={{branch}}- - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: ./services/${{ matrix.service }} push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max build-args: | BUILD_DATE=${{ github.event.head_commit.timestamp }} VCS_REF=${{ github.sha }} VERSION=${{ steps.meta.outputs.version }} # Build Frontend build-frontend: name: Build Frontend runs-on: ubuntu-latest needs: [lint-and-format, security-scan] steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: Install dependencies working-directory: ./frontend run: npm ci - name: Build frontend working-directory: ./frontend run: npm run build - name: Run Lighthouse CI uses: treosh/lighthouse-ci-action@v10 with: uploadArtifacts: true temporaryPublicStorage: true runs: 3 configPath: ./frontend/.lighthouserc.json - name: Upload build artifacts uses: actions/upload-artifact@v4 with: name: frontend-build path: ./frontend/dist retention-days: 7 # E2E Tests e2e-tests: name: End-to-End Tests runs-on: ubuntu-latest needs: [integration-tests, build-frontend] steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: Download frontend build uses: actions/download-artifact@v4 with: name: frontend-build path: ./frontend/dist - name: Start services with docker-compose run: | docker-compose -f docker-compose.test.yml up -d ./scripts/wait-for-services.sh - name: Run E2E tests run: npm run test:e2e - name: Upload test results if: always() uses: actions/upload-artifact@v4 with: name: e2e-test-results path: ./tests/e2e/results retention-days: 7 # Performance Tests performance-tests: name: Performance Tests runs-on: ubuntu-latest needs: [build-images, build-frontend] if: github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v4 - name: Setup k6 run: | sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C5AD17C747E3415A3642D57D77C6C491D6AC1D69 echo "deb https://dl.k6.io/deb stable main" | sudo tee /etc/apt/sources.list.d/k6.list sudo apt-get update sudo apt-get install k6 - name: Start services run: | docker-compose -f docker-compose.perf.yml up -d ./scripts/wait-for-services.sh - name: Run performance tests run: | k6 run ./tests/performance/load-test.js k6 run ./tests/performance/stress-test.js k6 run ./tests/performance/spike-test.js - name: Upload performance results uses: actions/upload-artifact@v4 with: name: performance-results path: ./tests/performance/results retention-days: 30 # Dependency Check dependency-check: name: Dependency License Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Check dependency licenses uses: fossa-contrib/fossa-action@v2 with: api-key: ${{ secrets.FOSSA_API_KEY }} # SonarQube Analysis sonarqube: name: SonarQube Analysis runs-on: ubuntu-latest needs: [unit-tests, integration-tests] steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} # Notify on failure notify-failure: name: Notify on Failure runs-on: ubuntu-latest needs: [lint-and-format, security-scan, unit-tests, integration-tests, build-images, build-frontend, e2e-tests] if: failure() steps: - name: Send Slack notification uses: 8398a7/action-slack@v3 with: status: ${{ job.status }} text: 'CI Pipeline Failed for ${{ github.repository }}' webhook_url: ${{ secrets.SLACK_WEBHOOK }} channel: '#ci-notifications' username: 'GitHub Actions' icon_emoji: ':warning:'