File changes #341
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| # Trigger on push to main/develop and all pull requests | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| # Cancel in-progress runs for same branch | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # Code quality checks | |
| quality: | |
| name: Code Quality & Linting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run ESLint | |
| run: npm run lint | |
| - name: Check for unused imports | |
| run: npx eslint . --ext .js,.jsx --quiet | |
| continue-on-error: true | |
| # TypeScript type checking | |
| typecheck: | |
| name: TypeScript Type Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Type check | |
| run: npm run typecheck || echo "Type checking skipped (migration in progress)" | |
| continue-on-error: true | |
| # Run tests | |
| test: | |
| name: Unit & Integration Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run tests | |
| run: npm run test:run | |
| - name: Generate coverage report | |
| run: npm run test:coverage | |
| continue-on-error: true | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: ./coverage/lcov.info | |
| flags: unittests | |
| name: codecov-interact | |
| fail_ci_if_error: false | |
| continue-on-error: true | |
| # Security scanning | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run npm audit | |
| run: npm audit --audit-level=high | |
| continue-on-error: true | |
| - name: Check for secrets | |
| uses: trufflesecurity/trufflehog@main | |
| with: | |
| path: ./ | |
| base: ${{ github.event.repository.default_branch }} | |
| head: HEAD | |
| continue-on-error: true | |
| # Build application | |
| build: | |
| name: Build Application | |
| needs: [quality, typecheck, test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build for production | |
| run: npm run build | |
| env: | |
| NODE_ENV: production | |
| - name: Check build size | |
| run: | | |
| echo "Build size:" | |
| du -sh dist/ | |
| echo "Detailed breakdown:" | |
| du -h dist/* | sort -hr | head -20 | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist-${{ github.sha }} | |
| path: dist/ | |
| retention-days: 7 | |
| # Deploy to staging (develop branch only) | |
| deploy-staging: | |
| name: Deploy to Staging | |
| needs: [build, security] | |
| if: github.ref == 'refs/heads/develop' && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: staging | |
| url: https://staging-interact.vercel.app | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-${{ github.sha }} | |
| path: dist/ | |
| - name: Deploy to Vercel (Staging) | |
| uses: amondnet/vercel-action@v25 | |
| id: vercel-deploy | |
| with: | |
| vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
| vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
| vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }} | |
| scope: ${{ secrets.VERCEL_ORG_ID }} | |
| working-directory: ./ | |
| continue-on-error: true | |
| - name: Comment on PR with deployment URL | |
| if: github.event_name == 'pull_request' | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: '✅ Staging deployment complete!\n\nURL: ${{ steps.vercel-deploy.outputs.preview-url }}' | |
| }) | |
| continue-on-error: true | |
| # Deploy to production (main branch only, manual approval required) | |
| deploy-production: | |
| name: Deploy to Production | |
| needs: [build, security] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: production | |
| url: https://interact.vercel.app | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-${{ github.sha }} | |
| path: dist/ | |
| - name: Deploy to Vercel (Production) | |
| uses: amondnet/vercel-action@v25 | |
| with: | |
| vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
| vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
| vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }} | |
| vercel-args: '--prod' | |
| scope: ${{ secrets.VERCEL_ORG_ID }} | |
| working-directory: ./ | |
| continue-on-error: true | |
| - name: Create deployment notification | |
| run: | | |
| echo "🚀 Production deployment completed!" | |
| echo "Commit: ${{ github.sha }}" | |
| echo "Deployed by: ${{ github.actor }}" | |
| continue-on-error: true |