This repository was archived by the owner on Jul 6, 2025. It is now read-only.
.github/workflows/ci.yml #326
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | ||
| on: | ||
| push: | ||
| branches: [ main, develop ] | ||
| pull_request: | ||
| branches: [ main, develop ] | ||
| schedule: | ||
| - cron: '0 0 * * *' # Daily security scans | ||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| RUST_BACKTRACE: 1 | ||
| NODE_ENV: production | ||
| jobs: | ||
| security: | ||
| name: Security Checks | ||
| uses: ./.github/workflows/security-scan.yml | ||
|
Check failure on line 19 in .github/workflows/ci.yml
|
||
| dependency-review: | ||
| name: Dependency Review | ||
| needs: [security] | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest, windows-latest, macos-latest] | ||
| runs-on: ${{ matrix.os }} | ||
| if: github.event_name == 'pull_request' | ||
| timeout-minutes: 10 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/dependency-review-action@v4 | ||
| # Snyk Security Scan | ||
| - name: Run Snyk to check for vulnerabilities | ||
| uses: snyk/actions/node@master | ||
| env: | ||
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | ||
| # OWASP Dependency Check | ||
| - name: OWASP Dependency Check | ||
| uses: dependency-check/Dependency-Check_Action@main | ||
| with: | ||
| project: 'Anya' | ||
| path: '.' | ||
| format: 'HTML' | ||
| lint-test: | ||
| name: Lint and Test | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest, windows-latest, macos-latest] | ||
| runs-on: ${{ matrix.os }} | ||
| timeout-minutes: 20 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| # Rust Setup | ||
| - name: Install Rust toolchain | ||
| uses: actions-rs/toolchain@v1 | ||
| with: | ||
| profile: minimal | ||
| toolchain: stable | ||
| components: rustfmt, clippy | ||
| # Caching | ||
| - name: Cache dependencies | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: | | ||
| ~/.cargo/registry | ||
| ~/.cargo/git | ||
| target | ||
| node_modules | ||
| ${{ runner.os == 'Windows' && '\AppData\Local\pip\Cache' || '~/.cache/pip' }} | ||
| key: ${{ runner.os }}-deps-${{ hashFiles('**/Cargo.lock', '**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-deps- | ||
| # Code Quality Checks | ||
| - name: Check formatting | ||
| shell: bash | ||
| run: cargo fmt -- --check | ||
| - name: Run clippy | ||
| shell: bash | ||
| run: cargo clippy -- -D warnings | ||
| - name: Run tests with coverage | ||
| shell: bash | ||
| run: | | ||
| cargo install cargo-tarpaulin | ||
| cargo tarpaulin --out Xml --coverage-threshold 80 | ||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v5 | ||
| with: | ||
| fail_ci_if_error: true | ||
| deploy-staging: | ||
| name: Deploy to Staging | ||
| needs: [lint-test, security] | ||
| if: github.ref == 'refs/heads/develop' | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest] # Usually deploy from a single OS | ||
| runs-on: ${{ matrix.os }} | ||
| environment: staging | ||
| timeout-minutes: 30 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Deploy to staging | ||
| shell: bash | ||
| run: | | ||
| echo "Deploying to staging environment" | ||
| # Add deployment commands here | ||
| - name: Run smoke tests | ||
| shell: bash | ||
| run: | | ||
| echo "Running smoke tests" | ||
| # Add smoke test commands here | ||
| - name: Monitor deployment | ||
| shell: bash | ||
| run: | | ||
| echo "Monitoring deployment health" | ||
| # Add health check commands here | ||
| deploy-production: | ||
| name: Deploy to Production | ||
| needs: [deploy-staging] | ||
| if: github.ref == 'refs/heads/main' | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest] # Usually deploy from a single OS | ||
| runs-on: ${{ matrix.os }} | ||
| environment: production | ||
| timeout-minutes: 30 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Deploy to production | ||
| shell: bash | ||
| run: | | ||
| echo "Deploying to production environment" | ||
| # Add deployment commands here | ||
| - name: Run smoke tests | ||
| shell: bash | ||
| run: | | ||
| echo "Running production smoke tests" | ||
| # Add smoke test commands here | ||
| - name: Monitor deployment | ||
| shell: bash | ||
| run: | | ||
| echo "Monitoring production health" | ||
| # Add health check commands here | ||
| - name: Prepare rollback | ||
| shell: bash | ||
| run: | | ||
| echo "Preparing rollback snapshot" | ||
| # Add rollback preparation commands here | ||
| notify: | ||
| name: Notification | ||
| needs: [deploy-production] | ||
| if: always() | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest] # Notifications can run from any OS | ||
| runs-on: ${{ matrix.os }} | ||
| steps: | ||
| - name: Notify on success | ||
| if: success() | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const message = " CI/CD pipeline completed successfully!"; | ||
| github.rest.issues.createComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: context.issue.number, | ||
| body: message | ||
| }); | ||
| - name: Notify on failure | ||
| if: failure() | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const message = " CI/CD pipeline failed. Please check the logs for details."; | ||
| github.rest.issues.createComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: context.issue.number, | ||
| body: message | ||
| }); | ||
