Skip to content

refactore the structure of the backend services - dto - routes - models #10

refactore the structure of the backend services - dto - routes - models

refactore the structure of the backend services - dto - routes - models #10

Workflow file for this run

name: CI
on:
push:
branches: [ main, master, develop, feature/** ]
pull_request:
branches: [ main, master, develop ]
workflow_dispatch:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
secrets:
name: Secrets Scan (Gitleaks)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Scan for secrets
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
backend:
name: Backend (Python)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Detect backend presence
id: detect_backend
shell: bash
run: |
if ls -1 backend/*.py backend/**/*.py requirements.txt >/dev/null 2>&1; then
echo "present=true" >> "$GITHUB_OUTPUT"
else
echo "present=false" >> "$GITHUB_OUTPUT"
fi
- name: Setup Python
if: ${{ steps.detect_backend.outputs.present == 'true' }}
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Cache pip
if: ${{ steps.detect_backend.outputs.present == 'true' }}
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install deps
if: ${{ steps.detect_backend.outputs.present == 'true' }}
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install ruff pytest pip-audit
- name: Lint (ruff)
if: ${{ steps.detect_backend.outputs.present == 'true' }}
working-directory: backend
run: ruff check .
- name: Syntax check
if: ${{ steps.detect_backend.outputs.present == 'true' }}
run: python -m py_compile $(git ls-files 'backend/**/*.py' 'backend/*.py' || true)
- name: Unit tests (if any)
if: ${{ steps.detect_backend.outputs.present == 'true' }}
run: |
if [ -d "tests" ] || ls -1 backend | grep -qi "test"; then
pytest -q
else
echo "No tests found — skipping."
fi
- name: Dependency vulnerabilities (pip-audit)
if: ${{ steps.detect_backend.outputs.present == 'true' }}
run: pip-audit --requirement requirements.txt || true
frontend:
name: Frontend (Node)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Detect frontend presence
id: detect_frontend
shell: bash
run: |
if [ -f "frontend/package.json" ]; then
echo "present=true" >> "$GITHUB_OUTPUT"
else
echo "present=false" >> "$GITHUB_OUTPUT"
fi
- name: Setup Node
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: frontend/package-lock.json
- name: Install deps
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
working-directory: frontend
run: npm ci
- name: Lint (if script exists)
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
working-directory: frontend
run: npm run -s lint || echo "No lint script — skipping."
- name: Tests (if script exists)
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
working-directory: frontend
run: npm test --if-present || echo "No tests — skipping."
- name: Build (ensures it compiles)
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
working-directory: frontend
run: npm run -s build || echo "No build step — skipping."
iac:
name: IaC Scan (Checkov)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Detect IaC presence
id: detect_iac
shell: bash
run: |
if ls -1 **/*.tf **/*.tfvars **/kubernetes/*.y*ml **/helm/** >/dev/null 2>&1; then
echo "present=true" >> "$GITHUB_OUTPUT"
else
echo "present=false" >> "$GITHUB_OUTPUT"
fi
- name: Checkov
if: ${{ steps.detect_iac.outputs.present == 'true' }}
uses: bridgecrewio/checkov-action@v12
with:
quiet: true
soft_fail: true
status:
name: Status Gate
needs: [secrets, backend, frontend]
runs-on: ubuntu-latest
steps:
- run: echo "All core checks finished."