-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0a54ea4
commit 92f2b6f
Showing
1 changed file
with
130 additions
and
130 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,152 +1,152 @@ | ||
name: CI/CD Prod Pipeline | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
|
||
env: | ||
ENVIRONMENT: production | ||
DATABASE_URL: ${{ secrets.PROD_DATABASE_URL }} | ||
NEXTAUTH_SECRET: ${{ secrets.PROD_NEXTAUTH_SECRET }} | ||
NEXT_PUBLIC_SITE_URL: https://satsquare.ismail-mouyahada.com | ||
NEXT_PUBLIC_SOCKET_URL: wss://websocket.ismail-mouyahada.com | ||
jobs: | ||
deps-vulnerability: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
# name: CI/CD Prod Pipeline | ||
|
||
# on: | ||
# push: | ||
# branches: | ||
# - main | ||
# pull_request: | ||
# branches: | ||
# - main | ||
|
||
# env: | ||
# ENVIRONMENT: production | ||
# DATABASE_URL: ${{ secrets.PROD_DATABASE_URL }} | ||
# NEXTAUTH_SECRET: ${{ secrets.PROD_NEXTAUTH_SECRET }} | ||
# NEXT_PUBLIC_SITE_URL: https://satsquare.ismail-mouyahada.com | ||
# NEXT_PUBLIC_SOCKET_URL: wss://websocket.ismail-mouyahada.com | ||
# jobs: | ||
# deps-vulnerability: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: npm install | ||
# - name: Install dependencies | ||
# run: npm install | ||
|
||
- name: Run dependency vulnerability scan | ||
uses: advanced-security/npm-audit-action@v1 | ||
# - name: Run dependency vulnerability scan | ||
# uses: advanced-security/npm-audit-action@v1 | ||
|
||
lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
# lint: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: npm install | ||
# - name: Install dependencies | ||
# run: npm install | ||
|
||
- name: Run Linting | ||
run: npm run lint | ||
# - name: Run Linting | ||
# run: npm run lint | ||
|
||
unit-tests: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
# unit-tests: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: npm install | ||
# - name: Install dependencies | ||
# run: npm install | ||
|
||
- name: Run Jest Unit Tests | ||
run: npm run test:watch | ||
# - name: Run Jest Unit Tests | ||
# run: npm run test:watch | ||
|
||
codecov: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: npm install | ||
|
||
- name: Run tests and generate coverage report | ||
run: npm run test -- --coverage | ||
|
||
- name: Upload coverage to Codecov | ||
uses: codecov/codecov-action@v3 | ||
with: | ||
token: ${{ secrets.CODECOV_TOKEN }} | ||
|
||
security: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Run security analysis | ||
uses: github/codeql-action/analyze@v2 | ||
# codecov: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
# - name: Install dependencies | ||
# run: npm install | ||
|
||
# - name: Run tests and generate coverage report | ||
# run: npm run test -- --coverage | ||
|
||
# - name: Upload coverage to Codecov | ||
# uses: codecov/codecov-action@v3 | ||
# with: | ||
# token: ${{ secrets.CODECOV_TOKEN }} | ||
|
||
# security: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
# - name: Run security analysis | ||
# uses: github/codeql-action/analyze@v2 | ||
|
||
lighthouse: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
# lighthouse: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: npm install | ||
# - name: Install dependencies | ||
# run: npm install | ||
|
||
- name: Run Lighthouse CI | ||
run: npx lhci autorun | ||
# - name: Run Lighthouse CI | ||
# run: npx lhci autorun | ||
|
||
docker-build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
# docker-build: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
- name: Login to GitHub Container Registry | ||
run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | ||
# - name: Login to GitHub Container Registry | ||
# run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | ||
|
||
- name: Build Docker image | ||
run: docker build -t ghcr.io/ismail-mouyahada/sat-square:prod-${{ github.sha }} -f Dockerfile.prod . | ||
# - name: Build Docker image | ||
# run: docker build -t ghcr.io/ismail-mouyahada/sat-square:prod-${{ github.sha }} -f Dockerfile.prod . | ||
|
||
- name: Scan Docker image for vulnerabilities | ||
uses: aquasecurity/[email protected] | ||
with: | ||
image-ref: ghcr.io/ismail-mouyahada/sat-square:prod-${{ github.sha }} | ||
# - name: Scan Docker image for vulnerabilities | ||
# uses: aquasecurity/[email protected] | ||
# with: | ||
# image-ref: ghcr.io/ismail-mouyahada/sat-square:prod-${{ github.sha }} | ||
|
||
- name: Push Docker image to GitHub Container Registry | ||
run: docker push ghcr.io/ismail-mouyahada/sat-square:prod-${{ github.sha }} | ||
# - name: Push Docker image to GitHub Container Registry | ||
# run: docker push ghcr.io/ismail-mouyahada/sat-square:prod-${{ github.sha }} | ||
|
||
e2e-tests: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
# e2e-tests: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: npm install | ||
# - name: Install dependencies | ||
# run: npm install | ||
|
||
- name: Run end-to-end tests | ||
run: npm run test:e2e | ||
# - name: Run end-to-end tests | ||
# run: npm run test:e2e | ||
|
||
stress-test: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: npm install | ||
|
||
- name: Run stress tests | ||
run: npm run test:stress | ||
|
||
notify: | ||
runs-on: ubuntu-latest | ||
needs: [deps-vulnerability, lint, unit-tests, codecov, security, lighthouse, docker-build, e2e-tests, stress-test] | ||
steps: | ||
- name: Send Discord notification on success | ||
if: success() | ||
run: | | ||
curl -X POST -H "Content-Type: application/json" \ | ||
-d '{"content": "CI/CD Prod Pipeline succeeded!"}' \ | ||
${{ secrets.DISCORD_WEBHOOK_URL }} | ||
# stress-test: | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout code | ||
# uses: actions/checkout@v3 | ||
|
||
# - name: Install dependencies | ||
# run: npm install | ||
|
||
# - name: Run stress tests | ||
# run: npm run test:stress | ||
|
||
# notify: | ||
# runs-on: ubuntu-latest | ||
# needs: [deps-vulnerability, lint, unit-tests, codecov, security, lighthouse, docker-build, e2e-tests, stress-test] | ||
# steps: | ||
# - name: Send Discord notification on success | ||
# if: success() | ||
# run: | | ||
# curl -X POST -H "Content-Type: application/json" \ | ||
# -d '{"content": "CI/CD Prod Pipeline succeeded!"}' \ | ||
# ${{ secrets.DISCORD_WEBHOOK_URL }} | ||
|
||
- name: Send Discord notification on failure | ||
if: failure() | ||
run: | | ||
curl -X POST -H "Content-Type: application/json" \ | ||
-d '{"content": "CI/CD Prod Pipeline failed!"}' \ | ||
${{ secrets.DISCORD_WEBHOOK_URL }} | ||
# - name: Send Discord notification on failure | ||
# if: failure() | ||
# run: | | ||
# curl -X POST -H "Content-Type: application/json" \ | ||
# -d '{"content": "CI/CD Prod Pipeline failed!"}' \ | ||
# ${{ secrets.DISCORD_WEBHOOK_URL }} |