senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/.github/workflows/ci.yml
senke 6acf3ae8a8
Some checks failed
Veza CI / Backend (Go) (push) Failing after 14m40s
Details
Veza CI / Frontend (Web) (push) Failing after 4m27s
Details
Veza CI / Rust (Stream Server) (push) Failing after 6m24s
Details
Security Scan / Secret Scanning (gitleaks) (push) Failing after 2m46s
Details
Stream Server CI / test (push) Failing after 3m9s
Details
Veza CI / Notify on failure (push) Successful in 5s
Details
ci: simplify workflows for Forgejo self-hosted runner 
- Rewrite ci.yml: replace TMT with direct go test/lint/build commands,
  remove E2E jobs (need docker compose infra, run locally instead)
- Replace third-party actions with CLI equivalents:
  gitleaks-action → gitleaks CLI, trivy-action → trivy CLI,
  actions-rust-lang/audit → cargo audit, CodeQL → disabled
- Disable 18 non-essential workflows (cloud services, DinD, staging):
  chromatic, cd, container-scan, zap-dast, visual-regression,
  mutation-testing, performance, load-test, etc.
- Keep 8 core workflows: ci, backend-ci, frontend-ci, rust-ci,
  stream-ci, security-scan, trivy-fs, go-fuzz

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 20:08:37 +02:00

154 lines
5.3 KiB
YAML
Raw Blame History

name: Veza CI
on:
push:
branches: ["main", "remediation/*", "feature/mvp-complete"]
pull_request:
branches: ["main", "feature/mvp-complete"]
workflow_dispatch:
env:
GIT_SSL_NO_VERIFY: "true"
NODE_TLS_REJECT_UNAUTHORIZED: "0"
jobs:
# ===========================================================================
# Backend (Go) — build, test, lint, security
# ===========================================================================
backend:
name: Backend (Go)
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.24"
cache: true
- name: Install Go tools
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
- name: Build
run: go build ./...
working-directory: veza-backend-api
- name: Test
run: go test ./... -count=1 -timeout 300s -coverprofile=coverage.out
working-directory: veza-backend-api
- name: Lint
run: golangci-lint run ./... --timeout 5m
working-directory: veza-backend-api
- name: Vet
run: go vet ./...
working-directory: veza-backend-api
- name: Vulnerability check
run: govulncheck ./...
working-directory: veza-backend-api
- name: Coverage summary
run: |
COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}')
echo "## Backend Coverage: $COVERAGE" >> $GITHUB_STEP_SUMMARY
working-directory: veza-backend-api
# ===========================================================================
# Frontend (Web) — lint, typecheck, build, unit tests
# ===========================================================================
frontend:
name: Frontend (Web)
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Use Node.js
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20"
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci
- name: Lint
run: npx eslint --max-warnings=0 .
working-directory: apps/web
- name: Typecheck
run: npx tsc --noEmit
working-directory: apps/web
- name: Build
run: npm run build
working-directory: apps/web
- name: Unit tests
run: npx vitest run --reporter=verbose
working-directory: apps/web
# ===========================================================================
# Rust (Stream Server) — build, test, lint, audit
# ===========================================================================
rust:
name: Rust (Stream Server)
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component rustfmt,clippy
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.cargo/registry
~/.cargo/git
veza-stream-server/target
key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }}
- name: Build
run: cargo build
working-directory: veza-stream-server
- name: Test
run: cargo test --workspace
working-directory: veza-stream-server
- name: Clippy
run: cargo clippy --all-targets -- -D warnings
working-directory: veza-stream-server
- name: Format check
run: cargo fmt -- --check
working-directory: veza-stream-server
- name: Security audit
run: |
cargo install cargo-audit 2>/dev/null || true
cargo audit
working-directory: veza-stream-server
# ===========================================================================
# Notify on failure
# ===========================================================================
notify-failure:
name: Notify on failure
needs: [backend, frontend, rust]
if: failure()
runs-on: ubuntu-latest
steps:
- name: Summary
run: echo "## ❌ CI Failed" >> $GITHUB_STEP_SUMMARY
Reference in a new issue View git blame Copy permalink