|
| 1 | +# GitHub Actions Workflows |
| 2 | + |
| 3 | +This directory contains automated CI/CD workflows for the bharathkumar_resume_npx project. These workflows ensure code quality, security, and reliable deployments. |
| 4 | + |
| 5 | +## 📋 Workflow Overview |
| 6 | + |
| 7 | +### 🚀 [CI/CD Pipeline](./npm-publish.yml) |
| 8 | +**Triggers**: Push to main/master, Pull Requests, Releases |
| 9 | + |
| 10 | +**Features**: |
| 11 | +- **Multi-Node Testing**: Tests on Node.js 18, 20, and 21 |
| 12 | +- **Code Quality**: ESLint, Prettier formatting checks |
| 13 | +- **Testing Suite**: Unit tests, integration tests, coverage reporting |
| 14 | +- **Security**: npm audit, dependency vulnerability scanning |
| 15 | +- **Build Verification**: Ensures clean builds across environments |
| 16 | +- **Automated Publishing**: Publishes to npm on releases |
| 17 | + |
| 18 | +**Jobs**: |
| 19 | +- `test`: Comprehensive testing and quality checks |
| 20 | +- `security-audit`: Security vulnerability scanning |
| 21 | +- `publish`: Automated npm publishing (release only) |
| 22 | + |
| 23 | +### 🔍 [Pull Request Validation](./pr-validation.yml) |
| 24 | +**Triggers**: Pull Requests |
| 25 | + |
| 26 | +**Features**: |
| 27 | +- **Quick Validation**: Fast checks for immediate feedback |
| 28 | +- **Merge Conflict Detection**: Prevents problematic merges |
| 29 | +- **Code Quality Analysis**: TODO comments, file size checks |
| 30 | +- **Bundle Size Monitoring**: Tracks package size changes |
| 31 | +- **Automated PR Comments**: Provides detailed feedback |
| 32 | + |
| 33 | +**Jobs**: |
| 34 | +- `quick-checks`: Linting, type checking, unit tests |
| 35 | +- `code-quality`: File analysis and quality metrics |
| 36 | +- `pr-comment`: Automated feedback on pull requests |
| 37 | + |
| 38 | +### 🔄 [Dependency Management](./dependency-update.yml) |
| 39 | +**Triggers**: Weekly schedule, Manual dispatch, package.json changes |
| 40 | + |
| 41 | +**Features**: |
| 42 | +- **Automated Updates**: Patch and minor version updates |
| 43 | +- **Security Monitoring**: Vulnerability scanning and alerts |
| 44 | +- **Compatibility Testing**: Ensures updates don't break functionality |
| 45 | +- **Automated PRs**: Creates pull requests for safe updates |
| 46 | +- **Critical Alerts**: Immediate notifications for security issues |
| 47 | + |
| 48 | +**Jobs**: |
| 49 | +- `check-outdated`: Identifies outdated dependencies |
| 50 | +- `security-scan`: Scans for security vulnerabilities |
| 51 | +- `update-dependencies`: Safely updates compatible versions |
| 52 | +- `test-updates`: Validates updates don't break functionality |
| 53 | +- `create-pr`: Creates pull requests for updates |
| 54 | +- `notify-critical`: Alerts for critical security issues |
| 55 | + |
| 56 | +### ⚡ [Performance Monitoring](./performance.yml) |
| 57 | +**Triggers**: Push to main/master, Pull Requests, Weekly schedule |
| 58 | + |
| 59 | +**Features**: |
| 60 | +- **CLI Performance**: Startup time benchmarking |
| 61 | +- **Memory Analysis**: Memory usage profiling |
| 62 | +- **Bundle Size Tracking**: Package size monitoring |
| 63 | +- **Regression Detection**: Identifies performance degradation |
| 64 | +- **Historical Tracking**: Long-term performance trends |
| 65 | + |
| 66 | +**Jobs**: |
| 67 | +- `cli-performance`: Benchmarks CLI startup and execution |
| 68 | +- `bundle-analysis`: Analyzes package size and composition |
| 69 | +- `regression-check`: Detects performance regressions in PRs |
| 70 | + |
| 71 | +## 🔧 Configuration |
| 72 | + |
| 73 | +### Required Secrets |
| 74 | + |
| 75 | +Add these secrets to your GitHub repository settings: |
| 76 | + |
| 77 | +``` |
| 78 | +NPM_TOKEN # npm authentication token for publishing |
| 79 | +SLACK_WEBHOOK_URL # Slack webhook for critical notifications (optional) |
| 80 | +``` |
| 81 | + |
| 82 | +### Environment Variables |
| 83 | + |
| 84 | +The workflows use these environment variables: |
| 85 | + |
| 86 | +```yaml |
| 87 | +NODE_VERSION: 20 # Primary Node.js version |
| 88 | +NODE_VERSIONS: [18,20,21] # Test matrix versions |
| 89 | +COVERAGE_THRESHOLD: 80 # Minimum test coverage |
| 90 | +MAX_BUNDLE_SIZE: 5120 # Maximum bundle size (KB) |
| 91 | +MAX_STARTUP_TIME: 2000 # Maximum CLI startup time (ms) |
| 92 | +``` |
| 93 | +
|
| 94 | +## 📊 Workflow Status |
| 95 | +
|
| 96 | +### Badges |
| 97 | +
|
| 98 | +Add these badges to your main README.md: |
| 99 | +
|
| 100 | +```markdown |
| 101 | +[](https://github.com/YOUR_USERNAME/bharathkumar_resume_npx/actions/workflows/npm-publish.yml) |
| 102 | +[](https://github.com/YOUR_USERNAME/bharathkumar_resume_npx/actions/workflows/pr-validation.yml) |
| 103 | +[](https://github.com/YOUR_USERNAME/bharathkumar_resume_npx/actions/workflows/dependency-update.yml) |
| 104 | +[](https://github.com/YOUR_USERNAME/bharathkumar_resume_npx/actions/workflows/performance.yml) |
| 105 | +``` |
| 106 | + |
| 107 | +### Monitoring |
| 108 | + |
| 109 | +- **Action Runs**: Monitor workflow executions in the Actions tab |
| 110 | +- **Artifacts**: Performance reports and test results are stored as artifacts |
| 111 | +- **Notifications**: Critical issues trigger Slack notifications (if configured) |
| 112 | +- **PR Comments**: Automated feedback on pull requests |
| 113 | + |
| 114 | +## 🛠️ Customization |
| 115 | + |
| 116 | +### Modifying Thresholds |
| 117 | + |
| 118 | +Adjust performance and quality thresholds in the workflow files: |
| 119 | + |
| 120 | +```yaml |
| 121 | +# Performance thresholds |
| 122 | +MAX_STARTUP_TIME: 2000 # CLI startup time limit (ms) |
| 123 | +MAX_BUNDLE_SIZE: 5120 # Bundle size limit (KB) |
| 124 | +COVERAGE_THRESHOLD: 80 # Test coverage minimum (%) |
| 125 | + |
| 126 | +# Quality thresholds |
| 127 | +MAX_FILE_SIZE: 1048576 # Individual file size limit (bytes) |
| 128 | +MAX_TODO_COUNT: 10 # Maximum TODO comments |
| 129 | +``` |
| 130 | +
|
| 131 | +### Adding New Checks |
| 132 | +
|
| 133 | +To add new quality checks: |
| 134 | +
|
| 135 | +1. **Linting Rules**: Update `.eslintrc.js` configuration |
| 136 | +2. **Test Coverage**: Modify coverage thresholds in `package.json` |
| 137 | +3. **Security Rules**: Add custom security checks to dependency-update.yml |
| 138 | +4. **Performance Metrics**: Extend performance.yml with new benchmarks |
| 139 | + |
| 140 | +### Notification Setup |
| 141 | + |
| 142 | +To enable Slack notifications: |
| 143 | + |
| 144 | +1. Create a Slack webhook URL |
| 145 | +2. Add `SLACK_WEBHOOK_URL` to repository secrets |
| 146 | +3. Customize notification messages in dependency-update.yml |
| 147 | + |
| 148 | +## 🚨 Troubleshooting |
| 149 | + |
| 150 | +### Common Issues |
| 151 | + |
| 152 | +**Build Failures**: |
| 153 | +- Check Node.js version compatibility |
| 154 | +- Verify all dependencies are properly installed |
| 155 | +- Review ESLint and TypeScript errors |
| 156 | + |
| 157 | +**Test Failures**: |
| 158 | +- Ensure test environment matches CI environment |
| 159 | +- Check for race conditions in integration tests |
| 160 | +- Verify test data and fixtures are available |
| 161 | + |
| 162 | +**Publishing Issues**: |
| 163 | +- Verify NPM_TOKEN is valid and has publish permissions |
| 164 | +- Check package.json version is properly incremented |
| 165 | +- Ensure no duplicate versions exist on npm |
| 166 | + |
| 167 | +**Performance Regressions**: |
| 168 | +- Review recent code changes for performance impact |
| 169 | +- Check if new dependencies increased bundle size |
| 170 | +- Analyze memory usage patterns in failing tests |
| 171 | + |
| 172 | +### Debug Mode |
| 173 | + |
| 174 | +Enable debug logging by adding this to workflow files: |
| 175 | + |
| 176 | +```yaml |
| 177 | +env: |
| 178 | + ACTIONS_STEP_DEBUG: true |
| 179 | + ACTIONS_RUNNER_DEBUG: true |
| 180 | +``` |
| 181 | + |
| 182 | +## 📈 Metrics and Reports |
| 183 | + |
| 184 | +### Generated Artifacts |
| 185 | + |
| 186 | +- **Test Coverage Reports**: HTML coverage reports |
| 187 | +- **Performance Reports**: JSON files with benchmark data |
| 188 | +- **Bundle Analysis**: Package size breakdown |
| 189 | +- **Security Reports**: Vulnerability scan results |
| 190 | +- **Lint Reports**: Code quality analysis |
| 191 | + |
| 192 | +### Retention Policy |
| 193 | + |
| 194 | +- **Test Reports**: 30 days |
| 195 | +- **Performance Data**: 90 days |
| 196 | +- **Security Scans**: 90 days |
| 197 | +- **Build Artifacts**: 7 days |
| 198 | + |
| 199 | +## 🔄 Maintenance |
| 200 | + |
| 201 | +### Regular Tasks |
| 202 | + |
| 203 | +- **Monthly**: Review and update Node.js versions |
| 204 | +- **Quarterly**: Update GitHub Actions to latest versions |
| 205 | +- **As Needed**: Adjust performance thresholds based on project growth |
| 206 | +- **Security**: Monitor for new security best practices |
| 207 | + |
| 208 | +### Workflow Updates |
| 209 | + |
| 210 | +When updating workflows: |
| 211 | + |
| 212 | +1. Test changes in a feature branch first |
| 213 | +2. Monitor initial runs for any issues |
| 214 | +3. Update documentation if behavior changes |
| 215 | +4. Communicate changes to team members |
| 216 | + |
| 217 | +## 📚 Additional Resources |
| 218 | + |
| 219 | +- [GitHub Actions Documentation](https://docs.github.com/en/actions) |
| 220 | +- [npm Publishing Guide](https://docs.npmjs.com/packages-and-modules/contributing-packages-to-the-registry) |
| 221 | +- [Node.js Testing Best Practices](https://github.com/goldbergyoni/nodebestpractices#-6-testing-and-overall-quality-practices) |
| 222 | +- [Security Best Practices](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions) |
| 223 | + |
| 224 | +--- |
| 225 | + |
| 226 | +*This documentation is automatically maintained. Last updated: $(date)* |
0 commit comments