feat: Setup CI/CD pipeline with GitHub Actions #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) Core. All Rights Reserved. | |
| # Licensed under the MIT License. See LICENSE in the project root for license information. | |
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| env: | |
| DOTNET_VERSION: '9.0.x' | |
| NODE_VERSION: '18' | |
| DOCKER_BUILDKIT: 1 | |
| COMPOSE_DOCKER_CLI_BUILD: 1 | |
| jobs: | |
| # Backend Build and Test | |
| backend: | |
| name: Backend - Build & Test | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: CoreDb_Test | |
| ports: | |
| - 5433:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:7-alpine | |
| ports: | |
| - 6380:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Restore dependencies | |
| run: | | |
| dotnet restore src/backend/Core.API/Core.API.csproj | |
| dotnet restore src/backend/Core.Domain/Core.Domain.csproj | |
| dotnet restore src/backend/Core.Application/Core.Application.csproj | |
| dotnet restore src/backend/Core.Infrastructure/Core.Infrastructure.csproj | |
| dotnet restore tests/Core.UnitTests/Core.UnitTests.csproj | |
| dotnet restore tests/Core.IntegrationTests/Core.IntegrationTests.csproj | |
| - name: Build backend | |
| run: dotnet build src/backend/Core.API/Core.API.csproj --configuration Release --no-restore | |
| - name: Run unit tests | |
| run: dotnet test tests/Core.UnitTests/Core.UnitTests.csproj --configuration Release --no-build --verbosity normal --logger "trx;LogFileName=unit-test-results.trx" | |
| - name: Run integration tests | |
| run: dotnet test tests/Core.IntegrationTests/Core.IntegrationTests.csproj --configuration Release --verbosity normal --logger "trx;LogFileName=integration-test-results.trx" | |
| env: | |
| ConnectionStrings__DefaultConnection: "Host=localhost;Port=5433;Database=CoreDb_Test;Username=postgres;Password=postgres" | |
| Redis__Configuration: "localhost:6380" | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: backend-test-results | |
| path: | | |
| tests/Core.UnitTests/TestResults/*.trx | |
| tests/Core.IntegrationTests/TestResults/*.trx | |
| # Frontend Build and Test | |
| frontend: | |
| name: Frontend - Build & Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: src/frontend/package-lock.json | |
| - name: Install dependencies | |
| working-directory: src/frontend | |
| run: npm ci | |
| - name: Lint frontend code | |
| working-directory: src/frontend | |
| run: npm run lint | |
| - name: Check formatting | |
| working-directory: src/frontend | |
| run: npm run format:check | |
| - name: Type check | |
| working-directory: src/frontend | |
| run: npm run type-check | |
| - name: Build frontend | |
| working-directory: src/frontend | |
| run: npm run build | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frontend-build | |
| path: src/frontend/dist | |
| # E2E Tests | |
| e2e: | |
| name: E2E Tests | |
| runs-on: ubuntu-latest | |
| needs: [backend, frontend] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Start Docker services | |
| run: docker-compose up -d | |
| - name: Wait for services to be healthy | |
| run: | | |
| echo "Waiting for frontend..." | |
| npx wait-on http://localhost:3001 --timeout 120000 | |
| echo "Waiting for backend..." | |
| npx wait-on http://localhost:5111/health --timeout 120000 | |
| echo "Services are ready!" | |
| - name: Install E2E test dependencies | |
| working-directory: tests/Core.E2ETests | |
| run: | | |
| npm ci | |
| npx playwright install chromium --with-deps | |
| - name: Run E2E tests | |
| working-directory: tests/Core.E2ETests | |
| run: npm test | |
| env: | |
| CI: true | |
| BASE_URL: http://localhost:3001 | |
| - name: Upload Playwright report | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: playwright-report | |
| path: tests/Core.E2ETests/playwright-report/ | |
| retention-days: 30 | |
| - name: Upload test results | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-test-results | |
| path: tests/Core.E2ETests/test-results/ | |
| retention-days: 7 | |
| - name: Stop Docker services | |
| if: always() | |
| run: docker-compose down -v | |
| # Code Quality Analysis | |
| code-quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for better analysis | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Restore dependencies | |
| run: dotnet restore src/backend/Core.API/Core.API.csproj | |
| - name: Build for analysis | |
| run: dotnet build src/backend/Core.API/Core.API.csproj --configuration Release --no-restore | |
| # Optional: Add SonarCloud or similar analysis here | |
| # - name: SonarCloud Scan | |
| # uses: SonarSource/sonarcloud-github-action@master | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| # Docker Build | |
| docker-build: | |
| name: Docker Build | |
| runs-on: ubuntu-latest | |
| needs: [backend, frontend] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build backend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: src/backend/Dockerfile | |
| push: false | |
| tags: core-backend:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build frontend image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: src/frontend | |
| file: src/frontend/Dockerfile | |
| push: false | |
| tags: core-frontend:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Security Scanning | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy results to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| - name: Check for .NET vulnerabilities | |
| run: | | |
| dotnet list src/backend/Core.API/Core.API.csproj package --vulnerable --include-transitive | |
| - name: Check for npm vulnerabilities | |
| working-directory: src/frontend | |
| run: npm audit --audit-level=moderate | |
| # Deployment Status | |
| deployment-status: | |
| name: Deployment Status | |
| runs-on: ubuntu-latest | |
| needs: [backend, frontend, e2e, code-quality, docker-build, security] | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Report deployment readiness | |
| run: | | |
| echo "✅ All checks passed!" | |
| echo "🚀 Ready for deployment to staging/production" | |
| echo "📊 Test Results: All tests passed" | |
| echo "🔒 Security: No critical vulnerabilities found" | |
| echo "🐳 Docker: Images built successfully" | |