Skip to content

Eliminate technical debt and achieve production readiness #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
clduab11 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Eliminate technical debt and achieve production readiness #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8fad0a5
feat: production readiness improvements and technical debt elimination
claude Nov 16, 2025
4bcd931
feat: production excellence - observability, security, and deployment…
claude Nov 17, 2025
19edce0
feat: add monitoring configuration (Grafana dashboard + alerting rules)
claude Nov 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
357 changes: 357 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,357 @@
name: CI/CD Pipeline

on:
push:
branches: [main, develop, "feature/**", "fix/**", "claude/**"]
pull_request:
branches: [main, develop]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
lint:
name: Lint Code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "npm"

- name: Install dependencies
run: npm ci

- name: Run ESLint
run: npm run lint

- name: Check formatting
run: npm run format -- --check || true

build:
name: Build Project
runs-on: ubuntu-latest
needs: lint
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "npm"

- name: Install dependencies
run: npm ci

- name: Build TypeScript
run: npm run build

- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
retention-days: 7

test:
name: Run Tests
runs-on: ubuntu-latest
needs: build
strategy:
matrix:
node-version: ["18", "20"]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: "npm"

- name: Install dependencies
run: npm ci

- name: Run tests
run: npm test -- --coverage

- name: Upload coverage reports
uses: codecov/codecov-action@v4
with:
files: ./coverage/coverage-final.json
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false

security-scan:
name: Security Scan
runs-on: ubuntu-latest
needs: lint
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for SonarQube

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "npm"

- name: Install dependencies
run: npm ci

- name: Run npm audit
id: npm-audit
run: |
npm audit --audit-level=high --json > npm-audit-results.json || true
echo "## NPM Audit Results" >> $GITHUB_STEP_SUMMARY
npm audit --audit-level=high || echo "✅ No high/critical vulnerabilities found" >> $GITHUB_STEP_SUMMARY
continue-on-error: true

- name: Run Snyk security scan
uses: snyk/actions/node@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high --all-projects

- name: Run Snyk Code SAST
uses: snyk/actions/node@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: code test
args: --severity-threshold=high

- name: Upload Snyk results to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: snyk.sarif
continue-on-error: true

- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
args: >
-Dsonar.projectKey=codex-synaptic
-Dsonar.sources=src
-Dsonar.tests=tests
-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
-Dsonar.exclusions=**/*.test.ts,**/*.spec.ts,dist/**,node_modules/**
continue-on-error: true

- name: SonarQube Quality Gate
uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 5
if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
continue-on-error: true

- name: Upload security scan results
uses: actions/upload-artifact@v4
if: always()
with:
name: security-scan-results
path: |
npm-audit-results.json
snyk.sarif
retention-days: 30

e2e-tests:
name: E2E Tests
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "npm"

- name: Install dependencies
run: npm ci

- name: Build project
run: npm run build

- name: Run E2E tests
run: npm test -- --run e2e
continue-on-error: true
env:
NODE_ENV: test

performance-tests:
name: Performance Tests
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "npm"

- name: Install dependencies
run: npm ci

- name: Build project
run: npm run build

- name: Run performance benchmarks
run: npm test -- --run benchmark || echo "No benchmark tests found"
continue-on-error: true

release:
name: Create Release
runs-on: ubuntu-latest
needs: [test, security-scan]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
permissions:
contents: write
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "npm"
registry-url: "https://registry.npmjs.org"

- name: Install dependencies
run: npm ci

- name: Build project
run: npm run build

- name: Configure Git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"

- name: Determine version bump
id: version
run: |
# Check commit messages for version bump type
if git log -1 --pretty=%B | grep -qE "^BREAKING CHANGE:|^feat!:|^fix!:"; then
echo "bump=major" >> $GITHUB_OUTPUT
elif git log -1 --pretty=%B | grep -qE "^feat:"; then
echo "bump=minor" >> $GITHUB_OUTPUT
else
echo "bump=patch" >> $GITHUB_OUTPUT
fi

- name: Bump version
run: npm version ${{ steps.version.outputs.bump }} --no-git-tag-version

- name: Get new version
id: new_version
run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT

- name: Create changelog
run: |
VERSION=${{ steps.new_version.outputs.version }}
DATE=$(date +%Y-%m-%d)
echo "## [$VERSION] - $DATE" > CHANGELOG_NEW.md
echo "" >> CHANGELOG_NEW.md
git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 2>/dev/null || git rev-list --max-parents=0 HEAD)..HEAD >> CHANGELOG_NEW.md || echo "- Initial release" >> CHANGELOG_NEW.md
echo "" >> CHANGELOG_NEW.md
cat CHANGELOG.md >> CHANGELOG_NEW.md 2>/dev/null || true
mv CHANGELOG_NEW.md CHANGELOG.md

- name: Commit version bump
run: |
git add package.json package-lock.json CHANGELOG.md
git commit -m "chore(release): v${{ steps.new_version.outputs.version }}"
git tag "v${{ steps.new_version.outputs.version }}"
git push origin main --tags

- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: v${{ steps.new_version.outputs.version }}
name: Release v${{ steps.new_version.outputs.version }}
body_path: CHANGELOG.md
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Publish to NPM
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
continue-on-error: true

docker-build:
name: Build Docker Image
runs-on: ubuntu-latest
needs: [test]
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha

- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
4 changes: 4 additions & 0 deletions .husky/pre-commit
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"

npx lint-staged
Loading
Loading