feat/comment: CRUD comment APIs #94
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend Development Pipeline | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - 'backend/**' | |
| pull_request: | |
| branches: [ main ] | |
| paths: | |
| - 'backend/**' | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: backend | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| actions: write | |
| steps: | |
| # 1. Checkout code | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| # 2. Setup Java (JVM) | |
| - name: Setup Java 18 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 18 | |
| # 3. Setup Scala + sbt | |
| - name: Setup Scala & sbt | |
| uses: coursier/setup-action@v1 | |
| with: | |
| apps: sbt | |
| # 4. Cache sbt dependencies | |
| - name: Cache sbt dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.ivy2/cache | |
| ~/.sbt | |
| ~/.coursier | |
| backend/target | |
| backend/project/target | |
| key: ${{ runner.os }}-sbt-${{ hashFiles('**/build.sbt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-sbt- | |
| # 5. Clean old caches (keep only 15 most recent) | |
| - name: Clean old caches | |
| # if: github.ref == 'refs/heads/main' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const caches = await github.rest.actions.getActionsCacheList({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| per_page: 100, | |
| sort: 'created_at', | |
| direction: 'desc' | |
| }); | |
| const cachesToDelete = caches.data.actions_caches.slice(15); | |
| if (cachesToDelete.length === 0) { | |
| console.log('No old caches to delete.'); | |
| return; | |
| } | |
| console.log(`Found ${cachesToDelete.length} cache(s) to delete.`); | |
| for (const cache of cachesToDelete) { | |
| console.log(`Deleting cache: ${cache.key} (ID: ${cache.id})`); | |
| await github.rest.actions.deleteActionsCacheById({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| cache_id: cache.id | |
| }); | |
| } | |
| # 6. Build (compile & stage) | |
| - name: Build Play Framework App | |
| run: sbt stage | |
| # 7. Run Scalastyle (Static Code Analysis) | |
| - name: Run Scalastyle | |
| run: sbt scalastyle | |
| # 8. Run tests with coverage | |
| - name: Run Scoverage Tests | |
| run: sbt clean coverage test coverageReport coverageAggregate | |
| # 8. Log in to ghcr.io | |
| - name: Log in to the Container registry | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # 9. Set up Docker Buildx | |
| - name: Set up Docker Buildx | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| uses: docker/setup-buildx-action@v3 | |
| # 10. Build and push Docker image (with cache) | |
| - name: Build and push Docker image | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./backend | |
| push: true | |
| tags: ghcr.io/nashtech-garage/smart-taskhub-be:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # 10. Scan docker image with Trivy | |
| - name: "Scan Docker Image with Trivy" | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/nashtech-garage/smart-taskhub-be:latest' | |
| format: 'sarif' | |
| scan-type: 'image' | |
| severity: 'CRITICAL,HIGH,WARNING' | |
| output: 'trivy-results.sarif' | |
| # 11. Upload Trivy scan results to GitHub Security tab | |
| - name: "Upload Trivy scan results to GitHub Security tab" | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| category: 'image' |