Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
371 changes: 371 additions & 0 deletions .github/workflows/ci-cd.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,371 @@
name: CI/CD Pipeline

on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
# Linting and Code Quality
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'

- name: Install Python dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install flake8 black isort mypy pytest pytest-cov

- name: Run linting
run: |
flake8 backend/app/ --max-line-length=88 --extend-ignore=E203,W503
black --check backend/app/
isort --check-only backend/app/
mypy backend/app/

- name: Run security checks
run: |
pip install bandit safety
bandit -r backend/app/ -f json -o bandit-report.json
safety check

# Backend Testing
test-backend:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15
env:
POSTGRES_PASSWORD: password
POSTGRES_DB: test_db
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432

redis:
image: redis:7
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 6379:6379

steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt

- name: Run database migrations
run: |
cd backend
alembic upgrade head
env:
DATABASE_URL: postgresql://postgres:password@localhost:5432/test_db

- name: Run tests with coverage
run: |
cd backend
pytest tests/ -v --cov=app --cov-report=xml --cov-report=html
env:
DATABASE_URL: postgresql://postgres:password@localhost:5432/test_db
REDIS_URL: redis://localhost:6379/0
SECRET_KEY: test-secret-key
OPENAI_API_KEY: test-key

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./backend/coverage.xml
flags: backend
name: backend-coverage

# Frontend Testing
test-frontend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'npm'
cache-dependency-path: frontend/package-lock.json

- name: Install dependencies
run: |
cd frontend
npm ci

- name: Run linting
run: |
cd frontend
npm run lint

- name: Run type checking
run: |
cd frontend
npm run type-check

- name: Run tests
run: |
cd frontend
npm test -- --coverage --watchAll=false

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./frontend/coverage/lcov.info
flags: frontend
name: frontend-coverage

# Integration Testing
integration-test:
runs-on: ubuntu-latest
needs: [test-backend, test-frontend]
services:
postgres:
image: postgres:15
env:
POSTGRES_PASSWORD: password
POSTGRES_DB: test_db
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432

redis:
image: redis:7
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 6379:6379

steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install locust

- name: Start backend server
run: |
cd backend
python -m uvicorn app.main:app --host 0.0.0.0 --port 8000 &
sleep 10
env:
DATABASE_URL: postgresql://postgres:password@localhost:5432/test_db
REDIS_URL: redis://localhost:6379/0
SECRET_KEY: test-secret-key
OPENAI_API_KEY: test-key

- name: Run integration tests
run: |
cd backend
pytest tests/integration/ -v

- name: Run load tests
run: |
cd backend
locust -f tests/load/locustfile.py --headless --users 10 --spawn-rate 2 --run-time 60s

# Build Docker Images
build:
runs-on: ubuntu-latest
needs: [lint, test-backend, test-frontend, integration-test]
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha

- name: Build and push backend image
uses: docker/build-push-action@v5
with:
context: ./backend
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Build and push frontend image
uses: docker/build-push-action@v5
with:
context: ./frontend
push: true
tags: ${{ steps.meta.outputs.tags }}-frontend
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

# Deploy to Staging
deploy-staging:
runs-on: ubuntu-latest
needs: [build]
if: github.ref == 'refs/heads/develop'
environment: staging
steps:
- uses: actions/checkout@v4

- name: Deploy to staging
run: |
echo "Deploying to staging environment"
# Add your staging deployment logic here
# Example: kubectl apply -f k8s/ -n staging

# Deploy to Production
deploy-production:
runs-on: ubuntu-latest
needs: [build]
if: github.ref == 'refs/heads/main'
environment: production
steps:
- uses: actions/checkout@v4

- name: Deploy to production
run: |
echo "Deploying to production environment"
# Add your production deployment logic here
# Example: kubectl apply -f k8s/ -n production

# Security Scanning
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: 'sarif'
output: 'trivy-results.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'

# Performance Testing
performance-test:
runs-on: ubuntu-latest
needs: [build]
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install locust

- name: Run performance tests
run: |
cd backend
locust -f tests/performance/locustfile.py --headless --users 100 --spawn-rate 10 --run-time 300s

# Documentation Generation
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install sphinx sphinx-rtd-theme

- name: Generate API documentation
run: |
cd backend
python -m uvicorn app.main:app --host 0.0.0.0 --port 8000 &
sleep 10
curl http://localhost:8000/openapi.json > docs/api-spec.json

- name: Build documentation
run: |
cd docs
make html

- name: Deploy documentation
uses: peaceiris/actions-gh-pages@v3
if: github.ref == 'refs/heads/main'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs/_build/html
Loading
Loading