name: Veza CI/CD on: push: branches: [ "main", "remediation/*", "feature/mvp-complete" ] pull_request: branches: [ "main", "feature/mvp-complete" ] workflow_dispatch: # Allow manual trigger jobs: backend-go: name: Backend (Go) runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: '1.23' cache: true - name: Install dependencies run: | cd veza-backend-api go mod download - name: Run govulncheck run: | cd veza-backend-api go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... - name: Vet run: | cd veza-backend-api go vet ./... - name: Lint run: | cd veza-backend-api test -z "$(gofmt -l .)" || (echo "gofmt needed on:"; gofmt -l .; exit 1) - name: Test run: | cd veza-backend-api # Running tests excluding those that require DB connection for now go test -v ./internal/handlers/... ./internal/services/... -short - name: Build run: | cd veza-backend-api go build -v ./... rust-services: name: Rust Services (Chat & Stream) runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Rust uses: dtolnay/rust-toolchain@stable with: components: rustfmt, clippy - name: Cache Cargo registry uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - name: Check Formatting run: cargo fmt --all -- --check - name: Install cargo-audit run: cargo install cargo-audit - name: Auditing Chat Server run: | cd veza-chat-server cargo audit - name: Auditing Stream Server run: | cd veza-stream-server cargo audit - name: Build Chat Server run: | cd veza-chat-server cargo check cargo build --verbose - name: Build Stream Server # TODO(C7): fix stream-server compilation if this fails run: | cd veza-stream-server cargo check - name: Test Chat Server run: | cd veza-chat-server cargo test --verbose frontend: name: Frontend (Web) runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'npm' cache-dependency-path: package-lock.json - name: Install Dependencies run: npm ci - name: Security audit (npm) run: npm audit --audit-level=critical - name: Cache Generated Types uses: actions/cache@v4 with: path: apps/web/src/types/generated key: ${{ runner.os }}-generated-types-${{ hashFiles('veza-backend-api/openapi.yaml') }} restore-keys: | ${{ runner.os }}-generated-types- - name: Generate Types from OpenAPI run: | cd apps/web chmod +x scripts/generate-types.sh ./scripts/generate-types.sh continue-on-error: false # This step ensures types are generated before typecheck # If types don't match spec, CI will fail # Cache keyed on openapi.yaml hash, so types regenerate when spec changes - name: Lint run: | cd apps/web npm run lint --if-present - name: Format Check run: | cd apps/web npm run format:check --if-present - name: Type Check run: | cd apps/web npm run typecheck - name: Unit Tests run: | cd apps/web npm run test -- --run - name: Contrast Tests run: | cd apps/web npm run test -- --run src/__tests__/contrast.test.ts - name: Build run: | cd apps/web npm run build e2e: name: E2E (Playwright) runs-on: ubuntu-latest timeout-minutes: 45 defaults: run: working-directory: apps/web steps: - uses: actions/checkout@v4 - name: Set up Node uses: actions/setup-node@v4 with: node-version: '20' cache: 'npm' cache-dependency-path: package-lock.json - name: Install dependencies run: npm ci working-directory: . - name: Install Playwright Browsers run: npx playwright install --with-deps - name: Run E2E tests run: npx playwright test - uses: actions/upload-artifact@v4 if: failure() with: name: playwright-report path: apps/web/playwright-report/ retention-days: 7