name: CI Pipeline on: push: branches: [main, develop] pull_request: branches: [main, develop] env: NODE_VERSION: '18.x' jobs: # Job 1: Lint and Type Check lint-and-type-check: name: Lint & Type Check runs-on: ubuntu-latest steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ”ง Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: ๐Ÿ“ฆ Install dependencies run: npm ci - name: ๐Ÿ” Run ESLint run: npm run lint continue-on-error: false - name: ๐Ÿ“ Run TypeScript check run: npm run typecheck continue-on-error: false # Job 2: Run Tests test: name: Test runs-on: ubuntu-latest needs: lint-and-type-check strategy: matrix: node-version: [18.x, 20.x] steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ”ง Setup Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: 'npm' - name: ๐Ÿ“ฆ Install dependencies run: npm ci - name: ๐Ÿงช Run tests run: npm test -- --coverage --watchAll=false env: CI: true - name: ๐Ÿ“Š Upload coverage to Codecov if: matrix.node-version == '18.x' uses: codecov/codecov-action@v3 with: fail_ci_if_error: false verbose: true # Job 3: Build build: name: Build runs-on: ubuntu-latest needs: lint-and-type-check steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ”ง Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: ๐Ÿ“ฆ Install dependencies run: npm ci - name: ๐Ÿ—๏ธ Build application run: npm run build env: NEXT_PUBLIC_APP_ENV: production - name: ๐Ÿ“ Upload build artifacts uses: actions/upload-artifact@v3 with: name: build-files path: | .next/ out/ dist/ retention-days: 7 # Job 4: Security Scan security: name: Security Scan runs-on: ubuntu-latest steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ”ง Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: ๐Ÿ”’ Run npm audit run: npm audit --audit-level=moderate continue-on-error: true - name: ๐Ÿ›ก๏ธ Run security scan uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: ๐Ÿ“ค Upload security results uses: github/codeql-action/upload-sarif@v2 if: always() with: sarif_file: 'trivy-results.sarif' # Job 5: E2E Tests (optional, runs on main only) e2e: name: E2E Tests runs-on: ubuntu-latest needs: [build, test] if: github.ref == 'refs/heads/main' steps: - name: ๐Ÿ“ฅ Checkout code uses: actions/checkout@v4 - name: ๐Ÿ”ง Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: ๐Ÿ“ฆ Install dependencies run: npm ci - name: ๐ŸŽญ Install Playwright run: npx playwright install --with-deps - name: ๐Ÿงช Run E2E tests run: npm run test:e2e env: CI: true - name: ๐Ÿ“Š Upload test results if: always() uses: actions/upload-artifact@v3 with: name: playwright-report path: playwright-report/ retention-days: 30 # Final Job: All checks passed all-checks: name: All Checks Passed runs-on: ubuntu-latest needs: [lint-and-type-check, test, build, security] if: always() steps: - name: โœ… All checks completed run: | echo "๐ŸŽ‰ All CI checks have completed!" echo "Lint: ${{ needs.lint-and-type-check.result }}" echo "Test: ${{ needs.test.result }}" echo "Build: ${{ needs.build.result }}" echo "Security: ${{ needs.security.result }}" - name: ๐Ÿšซ Fail if any job failed if: contains(needs.*.result, 'failure') run: exit 1