Skip to content

Commit e1583ab

Browse files
gorkem-bwlgorkem-bwl
authored
Merge pull request #3204 from bluewave-labs/develop
Merge develop into master (Feb 3)
2 parents 956135f + f84fe54 commit e1583ab

File tree

778 files changed

+105643
-20405
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

778 files changed

+105643
-20405
lines changed

.github/dependabot.yml

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,98 @@
1+
version: 2
2+
updates:
3+
# Frontend (Clients) - npm dependencies
4+
- package-ecosystem: "npm"
5+
directory: "/Clients"
6+
schedule:
7+
interval: "weekly"
8+
day: "monday"
9+
open-pull-requests-limit: 10
10+
reviewers:
11+
- "bluewave-labs/verifywise-maintainers"
12+
labels:
13+
- "dependencies"
14+
- "security"
15+
commit-message:
16+
prefix: "deps(frontend):"
17+
groups:
18+
# Group minor and patch updates together
19+
frontend-minor-patch:
20+
patterns:
21+
- "*"
22+
update-types:
23+
- "minor"
24+
- "patch"
25+
26+
# Backend (Servers) - npm dependencies
27+
- package-ecosystem: "npm"
28+
directory: "/Servers"
29+
schedule:
30+
interval: "weekly"
31+
day: "monday"
32+
open-pull-requests-limit: 10
33+
reviewers:
34+
- "bluewave-labs/verifywise-maintainers"
35+
labels:
36+
- "dependencies"
37+
- "security"
38+
commit-message:
39+
prefix: "deps(backend):"
40+
groups:
41+
backend-minor-patch:
42+
patterns:
43+
- "*"
44+
update-types:
45+
- "minor"
46+
- "patch"
47+
48+
# EvaluationModule - Python dependencies
49+
- package-ecosystem: "pip"
50+
directory: "/EvaluationModule"
51+
schedule:
52+
interval: "weekly"
53+
day: "monday"
54+
open-pull-requests-limit: 5
55+
reviewers:
56+
- "bluewave-labs/verifywise-maintainers"
57+
labels:
58+
- "dependencies"
59+
- "security"
60+
- "python"
61+
commit-message:
62+
prefix: "deps(eval):"
63+
64+
# GitHub Actions
65+
- package-ecosystem: "github-actions"
66+
directory: "/"
67+
schedule:
68+
interval: "weekly"
69+
day: "monday"
70+
open-pull-requests-limit: 5
71+
reviewers:
72+
- "bluewave-labs/verifywise-maintainers"
73+
labels:
74+
- "dependencies"
75+
- "ci/cd"
76+
commit-message:
77+
prefix: "ci:"
78+
79+
# Docker dependencies
80+
- package-ecosystem: "docker"
81+
directory: "/Clients"
82+
schedule:
83+
interval: "weekly"
84+
labels:
85+
- "dependencies"
86+
- "docker"
87+
commit-message:
88+
prefix: "docker(frontend):"
89+
90+
- package-ecosystem: "docker"
91+
directory: "/Servers"
92+
schedule:
93+
interval: "weekly"
94+
labels:
95+
- "dependencies"
96+
- "docker"
97+
commit-message:
98+
prefix: "docker(backend):"

.github/workflows/backend-checks.yml

Lines changed: 58 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,29 @@
11
name: Backend Checks
2+
23
permissions:
34
contents: read
5+
security-events: write
46

57
on:
68
pull_request:
79
branches: ['master', 'develop']
810
paths:
911
- 'Servers/**'
12+
push:
13+
branches: ['master', 'develop']
14+
paths:
15+
- 'Servers/**'
16+
1017
jobs:
11-
build-check:
12-
name: Backend Checks / build-check
18+
security-audit:
19+
name: Security Audit
1320
runs-on: ubuntu-latest
1421
defaults:
1522
run:
1623
working-directory: Servers
1724

1825
steps:
19-
- uses: actions/checkout@v4
26+
- uses: actions/checkout@v6
2027

2128
- name: Set up Node
2229
uses: actions/setup-node@v4
@@ -26,8 +33,54 @@ jobs:
2633
- name: Install dependencies
2734
run: npm ci
2835

29-
- name: Build
36+
- name: Run npm audit
37+
run: npm audit --audit-level=high
38+
continue-on-error: true
39+
40+
- name: Run npm audit (JSON output for review)
41+
run: npm audit --json > ../audit-results.json || true
42+
43+
- name: Upload audit results
44+
uses: actions/upload-artifact@v6
45+
with:
46+
name: backend-npm-audit-results
47+
path: audit-results.json
48+
retention-days: 30
49+
50+
lint-and-build:
51+
name: Lint and Build
52+
runs-on: ubuntu-latest
53+
defaults:
54+
run:
55+
working-directory: Servers
56+
57+
steps:
58+
- uses: actions/checkout@v6
59+
60+
- name: Set up Node
61+
uses: actions/setup-node@v4
62+
with:
63+
node-version: '20'
64+
65+
- name: Install dependencies
66+
run: npm ci
67+
68+
- name: TypeScript type check
3069
run: npm run build
3170

32-
- name: Run Tests
71+
- name: Run tests
3372
run: npm test
73+
74+
dependency-review:
75+
name: Dependency Review
76+
runs-on: ubuntu-latest
77+
if: github.event_name == 'pull_request'
78+
steps:
79+
- uses: actions/checkout@v6
80+
81+
- name: Dependency Review
82+
uses: actions/dependency-review-action@v4
83+
continue-on-error: true
84+
with:
85+
fail-on-severity: high
86+
deny-licenses: GPL-3.0, AGPL-3.0

.github/workflows/deploy-to-production.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
name: Deploy to Production
2+
3+
on:
4+
workflow_run:
5+
workflows: ["Build and Push Images to GitHub Container Registry"]
6+
types:
7+
- completed
8+
9+
jobs:
10+
deploy:
11+
if: ${{ github.event.workflow_run.conclusion == 'success' }}
12+
runs-on: ubuntu-latest
13+
environment: Build
14+
15+
steps:
16+
- name: Deploy to Production
17+
uses: appleboy/ssh-action@v1.2.5
18+
with:
19+
host: ${{ secrets.PROD_HOST }}
20+
username: ${{ secrets.PROD_USER }}
21+
key: ${{ secrets.PROD_SSH_KEY }}
22+
script: |
23+
cd /root/verifywise/_saas_deployment
24+
docker-compose --env-file .env.prod down
25+
docker images --format "table {{.Repository}}:{{.Tag}}\t{{.ID}}" | grep -v -E "(redis|postgres|admin)" | awk 'NR>1 {print $2}' | xargs -r docker rmi -f || true
26+
./install.sh

.github/workflows/docker-image-saas.yml

Lines changed: 0 additions & 107 deletions
This file was deleted.

0 commit comments

Comments
 (0)