Fix: Add tech-test branch to CI/CD triggers #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - tech-test | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| - tech-test | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # Job 1: Run tests and linting | |
| test: | |
| name: Test and Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install pytest pytest-cov flake8 black isort | |
| - name: Run black formatter check | |
| run: black --check . | |
| continue-on-error: true | |
| - name: Run isort check | |
| run: isort --check-only . | |
| continue-on-error: true | |
| - name: Run flake8 linter | |
| run: flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| continue-on-error: true | |
| - name: Run tests | |
| run: | | |
| # Add your test commands here | |
| # pytest tests/ --cov=. --cov-report=xml | |
| echo "Tests will run here" | |
| continue-on-error: true | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@v3 | |
| if: always() | |
| continue-on-error: true | |
| # Job 2: Build and push Docker image | |
| build: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.event_name == 'push' | |
| permissions: | |
| contents: read | |
| packages: write | |
| outputs: | |
| image-tag: ${{ steps.meta.outputs.tags }} | |
| image-digest: ${{ steps.build.outputs.digest }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} | |
| format: spdx-json | |
| output-file: sbom.spdx.json | |
| - name: Upload SBOM | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sbom | |
| path: sbom.spdx.json | |
| # Job 3: Security scanning | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.event_name == 'push' | |
| permissions: | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Upload Trivy results to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| # Job 4: Deploy to Kubernetes | |
| deploy: | |
| name: Deploy to Kubernetes | |
| runs-on: self-hosted # Use self-hosted runner for kubectl access | |
| needs: [build, security] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| environment: | |
| name: production | |
| url: https://medibot.yourdomain.com | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@v3 | |
| with: | |
| version: 'latest' | |
| - name: Configure kubectl context | |
| run: | | |
| # Configure your kubectl context here | |
| # This depends on your Kubernetes setup (EKS, GKE, AKS, etc.) | |
| echo "Configuring kubectl context..." | |
| # Example for kubeconfig file: | |
| # mkdir -p $HOME/.kube | |
| # echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > $HOME/.kube/config | |
| - name: Update Kubernetes deployment | |
| run: | | |
| # Update the image tag in deployment | |
| kubectl set image deployment/medibot-app \ | |
| medibot-app=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \ | |
| -n medibot | |
| - name: Verify deployment | |
| run: | | |
| kubectl rollout status deployment/medibot-app -n medibot --timeout=5m | |
| kubectl get pods -n medibot | |
| - name: Run smoke tests | |
| run: | | |
| # Wait for service to be ready | |
| sleep 30 | |
| # Add your smoke tests here | |
| echo "Running smoke tests..." | |
| # curl -f https://medibot.yourdomain.com/health || exit 1 | |
| # Job 5: Notification | |
| notify: | |
| name: Send Notifications | |
| runs-on: ubuntu-latest | |
| needs: [deploy] | |
| if: always() | |
| steps: | |
| - name: Notify on success | |
| if: needs.deploy.result == 'success' | |
| run: | | |
| echo "Deployment successful! 🚀" | |
| # Add Slack/Discord/Email notification here | |
| - name: Notify on failure | |
| if: needs.deploy.result == 'failure' | |
| run: | | |
| echo "Deployment failed! ❌" | |
| # Add Slack/Discord/Email notification here |