Skip to content

Commit 7fb42bf

Browse files
decebaldecebal
committed
ci: implement world-class CI/CD pipeline with comprehensive quality gates
- Add unified CI workflow with quality gates for all services: - Rust: fmt, clippy, cargo-sort, tests, MSRV check - Go: gofmt, vet, staticcheck, golangci-lint, tests - TypeScript: Biome lint, type-check, build - Elixir: format, compile warnings, Credo, tests - Optimize Docker build workflow: - Require quality gates to pass before building - Smart change detection for selective builds - Multi-platform support (amd64/arm64) - Build attestations and SBOM generation - Efficient caching with GitHub Actions cache - Add comprehensive security scanning: - Dependency audits (cargo-audit, govulncheck, npm audit) - CodeQL static analysis for Go and TypeScript - Container scanning with Trivy - Secret scanning with TruffleHog and Gitleaks - License compliance checking - Create release workflow: - Semantic versioning support - Multi-platform binary builds (Rust + Go) - Automated GitHub releases with artifacts - Image attestations for supply chain security - Update Dockerfiles with best practices: - Multi-stage builds for minimal images - Non-root users for security - Proper signal handling with tini - OCI-compliant labels - Build args for version embedding - Add supporting configurations: - Dependabot for automated updates - golangci-lint config for Go - cargo-deny config for Rust - PR template for consistent reviews
1 parent 2b430ab commit 7fb42bf

File tree

14 files changed

+1832
-277
lines changed

14 files changed

+1832
-277
lines changed

.github/dependabot.yml

Lines changed: 148 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,148 @@
1+
# Dependabot configuration for automated dependency updates
2+
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates
3+
4+
version: 2
5+
updates:
6+
# GitHub Actions
7+
- package-ecosystem: "github-actions"
8+
directory: "/"
9+
schedule:
10+
interval: "weekly"
11+
day: "monday"
12+
commit-message:
13+
prefix: "ci(deps)"
14+
labels:
15+
- "dependencies"
16+
- "ci"
17+
reviewers:
18+
- "all-source-os/maintainers"
19+
20+
# Rust (Core)
21+
- package-ecosystem: "cargo"
22+
directory: "/apps/core"
23+
schedule:
24+
interval: "weekly"
25+
day: "monday"
26+
commit-message:
27+
prefix: "deps(rust)"
28+
labels:
29+
- "dependencies"
30+
- "rust"
31+
ignore:
32+
# Arrow/Parquet pinned to ~57.1 due to edition2024 requirements
33+
- dependency-name: "arrow"
34+
versions: [">=58.0.0"]
35+
- dependency-name: "parquet"
36+
versions: [">=58.0.0"]
37+
- dependency-name: "datafusion"
38+
versions: [">=52.0.0"]
39+
groups:
40+
rust-minor:
41+
patterns:
42+
- "*"
43+
update-types:
44+
- "minor"
45+
- "patch"
46+
47+
# Go (Control Plane)
48+
- package-ecosystem: "gomod"
49+
directory: "/apps/control-plane"
50+
schedule:
51+
interval: "weekly"
52+
day: "monday"
53+
commit-message:
54+
prefix: "deps(go)"
55+
labels:
56+
- "dependencies"
57+
- "go"
58+
groups:
59+
go-minor:
60+
patterns:
61+
- "*"
62+
update-types:
63+
- "minor"
64+
- "patch"
65+
66+
# NPM/Bun (Web, packages)
67+
- package-ecosystem: "npm"
68+
directory: "/"
69+
schedule:
70+
interval: "weekly"
71+
day: "monday"
72+
commit-message:
73+
prefix: "deps(npm)"
74+
labels:
75+
- "dependencies"
76+
- "javascript"
77+
groups:
78+
npm-minor:
79+
patterns:
80+
- "*"
81+
update-types:
82+
- "minor"
83+
- "patch"
84+
85+
# Mix (Query Service)
86+
- package-ecosystem: "mix"
87+
directory: "/apps/query-service"
88+
schedule:
89+
interval: "weekly"
90+
day: "monday"
91+
commit-message:
92+
prefix: "deps(elixir)"
93+
labels:
94+
- "dependencies"
95+
- "elixir"
96+
97+
# Mix (MCP Server)
98+
- package-ecosystem: "mix"
99+
directory: "/apps/mcp-server-elixir"
100+
schedule:
101+
interval: "weekly"
102+
day: "monday"
103+
commit-message:
104+
prefix: "deps(elixir)"
105+
labels:
106+
- "dependencies"
107+
- "elixir"
108+
109+
# Docker
110+
- package-ecosystem: "docker"
111+
directory: "/apps/core"
112+
schedule:
113+
interval: "weekly"
114+
commit-message:
115+
prefix: "deps(docker)"
116+
labels:
117+
- "dependencies"
118+
- "docker"
119+
120+
- package-ecosystem: "docker"
121+
directory: "/apps/control-plane"
122+
schedule:
123+
interval: "weekly"
124+
commit-message:
125+
prefix: "deps(docker)"
126+
labels:
127+
- "dependencies"
128+
- "docker"
129+
130+
- package-ecosystem: "docker"
131+
directory: "/apps/web"
132+
schedule:
133+
interval: "weekly"
134+
commit-message:
135+
prefix: "deps(docker)"
136+
labels:
137+
- "dependencies"
138+
- "docker"
139+
140+
- package-ecosystem: "docker"
141+
directory: "/apps/query-service"
142+
schedule:
143+
interval: "weekly"
144+
commit-message:
145+
prefix: "deps(docker)"
146+
labels:
147+
- "dependencies"
148+
- "docker"

.github/pull_request_template.md

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
## Description
2+
3+
<!-- Describe your changes in detail -->
4+
5+
## Type of Change
6+
7+
- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
8+
- [ ] ✨ New feature (non-breaking change which adds functionality)
9+
- [ ] 💥 Breaking change (fix or feature that would cause existing functionality to change)
10+
- [ ] 📚 Documentation update
11+
- [ ] 🔧 Configuration change
12+
- [ ] ♻️ Refactoring (no functional changes)
13+
- [ ] 🧪 Test improvements
14+
15+
## Services Affected
16+
17+
- [ ] `core` (Rust event store)
18+
- [ ] `control-plane` (Go orchestration)
19+
- [ ] `web` (Next.js dashboard)
20+
- [ ] `query-service` (Elixir query layer)
21+
- [ ] `mcp-server` (Elixir MCP integration)
22+
- [ ] CI/CD / Infrastructure
23+
24+
## Checklist
25+
26+
### Code Quality
27+
- [ ] My code follows the project's style guidelines
28+
- [ ] I have performed a self-review of my code
29+
- [ ] I have commented my code where necessary
30+
- [ ] My changes generate no new warnings
31+
32+
### Testing
33+
- [ ] I have added tests that prove my fix/feature works
34+
- [ ] New and existing unit tests pass locally
35+
- [ ] I have tested my changes on both x86 and ARM (if applicable)
36+
37+
### Documentation
38+
- [ ] I have updated the README if needed
39+
- [ ] I have updated relevant documentation
40+
- [ ] I have added JSDoc/rustdoc/godoc comments for public APIs
41+
42+
### CI/CD
43+
- [ ] All quality gates pass (check GitHub Actions)
44+
- [ ] Docker images build successfully
45+
- [ ] Security scans show no critical issues
46+
47+
## Screenshots (if applicable)
48+
49+
<!-- Add screenshots for UI changes -->
50+
51+
## Additional Notes
52+
53+
<!-- Any additional context or notes for reviewers -->

0 commit comments

Comments
 (0)