279a10d317
Chat functionality is now fully handled by the Go backend (since v0.502). Remove the deprecated Rust chat server and all its references from: - CI/CD workflows (ci.yml, cd.yml, rust-ci.yml, chat-ci.yml) - Monitoring & proxy config (prometheus, caddy, haproxy) - Incus deployment scripts and documentation - Monorepo config (package.json, dependabot, GH templates)
289 lines
7.7 KiB
YAML
289 lines
7.7 KiB
YAML
name: Veza CI/CD
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main", "remediation/*", "feature/mvp-complete" ]
|
|
pull_request:
|
|
branches: [ "main", "feature/mvp-complete" ]
|
|
workflow_dispatch: # Allow manual trigger
|
|
|
|
jobs:
|
|
backend-go:
|
|
name: Backend (Go)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.24'
|
|
cache: true
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Run govulncheck
|
|
run: |
|
|
cd veza-backend-api
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
govulncheck ./...
|
|
|
|
- name: Vet
|
|
run: |
|
|
cd veza-backend-api
|
|
go vet ./...
|
|
|
|
- name: Lint
|
|
run: npx turbo run lint --filter=veza-backend-api
|
|
|
|
- name: Test
|
|
run: npx turbo run test --filter=veza-backend-api
|
|
|
|
- name: Build
|
|
run: npx turbo run build --filter=veza-backend-api
|
|
|
|
rust-services:
|
|
name: Rust Services (Stream)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
|
|
- name: Set up Rust
|
|
uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
components: rustfmt, clippy
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Cache Cargo registry
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
target
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- name: Install cargo-audit
|
|
run: cargo install cargo-audit
|
|
|
|
- name: Auditing Stream Server
|
|
run: |
|
|
cd veza-stream-server
|
|
cargo audit
|
|
|
|
- name: Lint
|
|
run: npx turbo run lint --filter=veza-stream-server
|
|
|
|
- name: Build
|
|
run: npx turbo run build --filter=veza-stream-server
|
|
|
|
- name: Test
|
|
run: npx turbo run test --filter=veza-stream-server
|
|
|
|
frontend:
|
|
name: Frontend (Web)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Use Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Install Dependencies
|
|
run: npm ci
|
|
|
|
- name: Security audit (npm)
|
|
run: npm audit --audit-level=critical
|
|
|
|
- name: Cache Generated Types
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: apps/web/src/types/generated
|
|
key: ${{ runner.os }}-generated-types-${{ hashFiles('veza-backend-api/openapi.yaml') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-generated-types-
|
|
|
|
- name: Generate Types from OpenAPI
|
|
run: |
|
|
cd apps/web
|
|
chmod +x scripts/generate-types.sh
|
|
./scripts/generate-types.sh
|
|
continue-on-error: false
|
|
# This step ensures types are generated before typecheck
|
|
# If types don't match spec, CI will fail
|
|
# Cache keyed on openapi.yaml hash, so types regenerate when spec changes
|
|
|
|
- name: Lint
|
|
run: npx turbo run lint --filter=veza-frontend
|
|
|
|
- name: Format Check
|
|
run: |
|
|
cd apps/web
|
|
npm run format:check --if-present
|
|
|
|
- name: Type Check
|
|
run: |
|
|
cd apps/web
|
|
npm run typecheck
|
|
|
|
- name: Test
|
|
run: npx turbo run test --filter=veza-frontend -- --run
|
|
|
|
- name: Contrast Tests
|
|
run: |
|
|
cd apps/web
|
|
npm run test -- --run src/__tests__/contrast.test.ts
|
|
|
|
- name: Build
|
|
run: npx turbo run build --filter=veza-frontend
|
|
|
|
storybook:
|
|
name: Storybook Audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Build Storybook
|
|
run: npm run build-storybook
|
|
working-directory: apps/web
|
|
|
|
- name: Serve Storybook and run audit
|
|
run: |
|
|
npx serve -s storybook-static -l 6007 &
|
|
for i in $(seq 1 30); do
|
|
if curl -sf http://localhost:6007 >/dev/null; then
|
|
echo "Storybook ready"
|
|
break
|
|
fi
|
|
sleep 2
|
|
done
|
|
curl -sf http://localhost:6007 >/dev/null || (echo "Storybook failed to start"; exit 1)
|
|
npm run test:storybook
|
|
working-directory: apps/web
|
|
|
|
e2e:
|
|
name: E2E (Playwright)
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.24'
|
|
cache-dependency-path: veza-backend-api/go.sum
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Add veza.fr to hosts (for Vite proxy)
|
|
run: echo "127.0.0.1 veza.fr" | sudo tee -a /etc/hosts
|
|
|
|
- name: Start backend services (Postgres, Redis, RabbitMQ)
|
|
run: |
|
|
docker-compose up -d postgres redis rabbitmq
|
|
echo "Waiting for Postgres..."
|
|
for i in $(seq 1 30); do
|
|
if docker exec veza_postgres pg_isready -U veza 2>/dev/null; then
|
|
echo "Postgres ready"
|
|
break
|
|
fi
|
|
sleep 2
|
|
done
|
|
docker-compose ps
|
|
|
|
- name: Run database migrations
|
|
env:
|
|
DATABASE_URL: postgresql://veza:devpassword@localhost:15432/veza?sslmode=disable
|
|
run: |
|
|
cd veza-backend-api
|
|
go run cmd/migrate_tool/main.go
|
|
|
|
- name: Create E2E test user
|
|
env:
|
|
DATABASE_URL: postgresql://veza:${{ secrets.E2E_DB_PASSWORD || 'devpassword' }}@localhost:15432/veza?sslmode=disable
|
|
TEST_EMAIL: e2e@test.com
|
|
TEST_PASSWORD: ${{ secrets.E2E_TEST_PASSWORD }}
|
|
TEST_USERNAME: e2e
|
|
run: |
|
|
cd veza-backend-api
|
|
go run cmd/tools/create_test_user/main.go
|
|
|
|
- name: Start backend API
|
|
env:
|
|
APP_ENV: development
|
|
APP_PORT: "18080"
|
|
DATABASE_URL: postgresql://veza:${{ secrets.E2E_DB_PASSWORD || 'devpassword' }}@localhost:15432/veza?sslmode=disable
|
|
REDIS_URL: redis://localhost:16379
|
|
JWT_SECRET: ${{ secrets.E2E_JWT_SECRET }}
|
|
COOKIE_SECURE: "false"
|
|
CORS_ALLOWED_ORIGINS: http://veza.fr:5173,http://veza.fr:5174,http://localhost:5173,http://localhost:5174
|
|
RABBITMQ_URL: ${{ secrets.E2E_RABBITMQ_URL }}
|
|
DISABLE_RATE_LIMIT_FOR_TESTS: "true"
|
|
ACCOUNT_LOCKOUT_EXEMPT_EMAILS: "e2e@test.com"
|
|
run: |
|
|
cd veza-backend-api
|
|
go build -o veza-api ./cmd/api/main.go
|
|
./veza-api &
|
|
sleep 10
|
|
curl -f http://localhost:18080/api/v1/health || (echo "Backend health check failed"; exit 1)
|
|
|
|
- name: Install Playwright Browsers
|
|
run: npx playwright install --with-deps
|
|
working-directory: apps/web
|
|
|
|
- name: Run E2E tests
|
|
run: npx playwright test
|
|
working-directory: apps/web
|
|
env:
|
|
PORT: "5174"
|
|
VITE_API_URL: '/api/v1'
|
|
VITE_DOMAIN: veza.fr
|
|
VITE_BACKEND_PORT: "18080"
|
|
PLAYWRIGHT_BASE_URL: 'http://localhost:5174'
|
|
TEST_EMAIL: e2e@test.com
|
|
TEST_PASSWORD: ${{ secrets.E2E_TEST_PASSWORD }}
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
if: failure()
|
|
with:
|
|
name: playwright-report
|
|
path: apps/web/playwright-report/
|
|
retention-days: 7
|