name: CI Pipeline on: push: branches: [main, develop] pull_request: branches: [main, develop] jobs: lint-and-type-check: name: Lint and Type Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'pnpm' - name: Install pnpm uses: pnpm/action-setup@v2 with: version: 8 - name: Install dependencies run: pnpm install --frozen-lockfile - name: Lint frontend run: pnpm lint - name: Type check frontend run: pnpm type-check - name: Lint API working-directory: ./api run: npm run type-check || pnpm type-check - name: Lint Portal working-directory: ./portal run: npm run type-check || pnpm type-check test-backend: name: Test Backend runs-on: ubuntu-latest services: postgres: image: postgres:14-alpine env: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: sankofa_test options: >- --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 ports: - 5432:5432 steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'pnpm' - name: Install pnpm uses: pnpm/action-setup@v2 with: version: 8 - name: Install dependencies working-directory: ./api run: npm install --frozen-lockfile || pnpm install --frozen-lockfile - name: Run database migrations working-directory: ./api env: DB_HOST: localhost DB_PORT: 5432 DB_NAME: sankofa_test DB_USER: postgres DB_PASSWORD: postgres run: pnpm db:migrate:up - name: Run tests working-directory: ./api env: DB_HOST: localhost DB_PORT: 5432 DB_NAME: sankofa_test DB_USER: postgres DB_PASSWORD: postgres run: npm test || pnpm test - name: Generate coverage report working-directory: ./api run: npm run test:coverage || pnpm test:coverage - name: Upload coverage uses: codecov/codecov-action@v3 with: files: ./api/coverage/coverage-final.json flags: backend test-frontend: name: Test Frontend runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'pnpm' - name: Install pnpm uses: pnpm/action-setup@v2 with: version: 8 - name: Install dependencies run: pnpm install --frozen-lockfile - name: Run tests run: pnpm test - name: Generate coverage report run: pnpm test:coverage - name: Upload coverage uses: codecov/codecov-action@v3 with: files: ./coverage/coverage-final.json flags: frontend build: name: Build runs-on: ubuntu-latest needs: [lint-and-type-check] steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'pnpm' - name: Install pnpm uses: pnpm/action-setup@v2 with: version: 8 - name: Install dependencies run: pnpm install --frozen-lockfile - name: Build API working-directory: ./api run: pnpm build - name: Build Frontend run: pnpm build - name: Build Portal working-directory: ./portal run: pnpm build - name: Upload build artifacts uses: actions/upload-artifact@v3 with: name: build-artifacts path: | api/dist .next portal/.next security-scan: name: Security Scan runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy results uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif'