security features #13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| # Backend CI Pipeline | |
| backend-ci: | |
| name: Backend CI | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [18.x, 20.x] | |
| defaults: | |
| run: | |
| working-directory: ./backend | |
| services: | |
| mongodb: | |
| image: mongo:latest | |
| ports: | |
| - 27017:27017 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| cache-dependency-path: backend/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Create .env file for testing | |
| run: | | |
| echo "NODE_ENV=test" >> .env | |
| echo "MONGODB_URI=mongodb://localhost:27017/collab-code-review-test" >> .env | |
| echo "JWT_SECRET=test-jwt-secret-key-for-ci" >> .env | |
| echo "PORT=4000" >> .env | |
| - name: Lint code | |
| run: npm run lint:check | |
| continue-on-error: true # Don't fail CI for linting issues initially | |
| - name: Run tests | |
| run: npm test | |
| env: | |
| NODE_ENV: test | |
| MONGODB_URI: mongodb://localhost:27017/collab-code-review-test | |
| JWT_SECRET: test-jwt-secret-key-for-ci | |
| - name: Run tests with coverage | |
| run: npm run test:coverage | |
| env: | |
| NODE_ENV: test | |
| MONGODB_URI: mongodb://localhost:27017/collab-code-review-test | |
| JWT_SECRET: test-jwt-secret-key-for-ci | |
| - name: Build application | |
| run: npm run build | |
| continue-on-error: true # Allow TypeScript warnings for now | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./backend/coverage/lcov.info | |
| flags: backend | |
| name: backend-coverage | |
| # Frontend CI Pipeline | |
| frontend-ci: | |
| name: Frontend CI | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20.x] | |
| defaults: | |
| run: | |
| working-directory: ./frontend/frontend | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| cache-dependency-path: frontend/frontend/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Lint code | |
| run: npm run lint:check | |
| continue-on-error: true # Don't fail CI for linting issues initially | |
| - name: Run tests | |
| run: npm test | |
| - name: Build application | |
| run: npm run build || echo "Build completed with warnings" | |
| continue-on-error: true | |
| # - name: Upload build artifacts | |
| # uses: actions/upload-artifact@v3 | |
| # with: | |
| # name: frontend-build-${{ matrix.node-version }} | |
| # path: frontend/frontend/dist/ | |
| # Integration Tests (End-to-End) | |
| integration-tests: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: [backend-ci, frontend-ci] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| cache-dependency-path: | | |
| backend/package-lock.json | |
| frontend/frontend/package-lock.json | |
| - name: Install backend dependencies | |
| run: npm ci | |
| working-directory: ./backend | |
| - name: Install frontend dependencies | |
| run: npm ci | |
| working-directory: ./frontend/frontend | |
| - name: Create backend .env file for tests | |
| run: | | |
| touch .env | |
| echo NODE_ENV=test >> .env | |
| echo JWT_SECRET=test-jwt-secret-for-ci >> .env | |
| working-directory: ./backend | |
| - name: Build frontend (for completeness) | |
| run: npm run build | |
| working-directory: ./frontend/frontend | |
| - name: Run integration tests | |
| run: npm test | |
| working-directory: ./backend | |
| env: | |
| NODE_ENV: test | |
| JWT_SECRET: test-jwt-secret-for-ci | |
| # Security Audit | |
| security-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| - name: Audit backend dependencies | |
| run: npm audit --audit-level=moderate | |
| working-directory: ./backend | |
| continue-on-error: true | |
| - name: Audit frontend dependencies | |
| run: npm audit --audit-level=moderate | |
| working-directory: ./frontend/frontend | |
| continue-on-error: true | |
| # Quality Gate | |
| quality-gate: | |
| name: Quality Gate | |
| runs-on: ubuntu-latest | |
| needs: [backend-ci, frontend-ci, integration-tests, security-audit] | |
| if: always() | |
| steps: | |
| - name: Check CI results | |
| run: | | |
| if [[ "${{ needs.backend-ci.result }}" != "success" ]]; then | |
| echo "Backend CI failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.frontend-ci.result }}" != "success" ]]; then | |
| echo "Frontend CI failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.integration-tests.result }}" != "success" ]]; then | |
| echo "Integration tests failed" | |
| exit 1 | |
| fi | |
| echo "All quality gates passed!" |