83a9a3537c
- Add turbo devDependency and packageManager to root - Create turbo.json with build, test, lint pipeline - Add package.json to veza-backend-api, veza-chat-server, veza-stream-server - Extend workspaces to include Go and Rust services - Migrate CI to use turbo run for build, test, lint
196 lines
4.6 KiB
YAML
196 lines
4.6 KiB
YAML
name: Veza CI/CD
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main", "remediation/*", "feature/mvp-complete" ]
|
|
pull_request:
|
|
branches: [ "main", "feature/mvp-complete" ]
|
|
workflow_dispatch: # Allow manual trigger
|
|
|
|
jobs:
|
|
backend-go:
|
|
name: Backend (Go)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.23'
|
|
cache: true
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Run govulncheck
|
|
run: |
|
|
cd veza-backend-api
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
govulncheck ./...
|
|
|
|
- name: Vet
|
|
run: |
|
|
cd veza-backend-api
|
|
go vet ./...
|
|
|
|
- name: Lint
|
|
run: npx turbo run lint --filter=veza-backend-api
|
|
|
|
- name: Test
|
|
run: npx turbo run test --filter=veza-backend-api
|
|
|
|
- name: Build
|
|
run: npx turbo run build --filter=veza-backend-api
|
|
|
|
rust-services:
|
|
name: Rust Services (Chat & Stream)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
|
|
- name: Set up Rust
|
|
uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
components: rustfmt, clippy
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Cache Cargo registry
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
target
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- name: Install cargo-audit
|
|
run: cargo install cargo-audit
|
|
|
|
- name: Auditing Chat Server
|
|
run: |
|
|
cd veza-chat-server
|
|
cargo audit
|
|
|
|
- name: Auditing Stream Server
|
|
run: |
|
|
cd veza-stream-server
|
|
cargo audit
|
|
|
|
- name: Lint
|
|
run: npx turbo run lint --filter=veza-chat-server --filter=veza-stream-server
|
|
|
|
- name: Build
|
|
run: npx turbo run build --filter=veza-chat-server --filter=veza-stream-server
|
|
|
|
- name: Test
|
|
run: npx turbo run test --filter=veza-chat-server --filter=veza-stream-server
|
|
|
|
frontend:
|
|
name: Frontend (Web)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Use Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Install Dependencies
|
|
run: npm ci
|
|
|
|
- name: Security audit (npm)
|
|
run: npm audit --audit-level=critical
|
|
|
|
- name: Cache Generated Types
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: apps/web/src/types/generated
|
|
key: ${{ runner.os }}-generated-types-${{ hashFiles('veza-backend-api/openapi.yaml') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-generated-types-
|
|
|
|
- name: Generate Types from OpenAPI
|
|
run: |
|
|
cd apps/web
|
|
chmod +x scripts/generate-types.sh
|
|
./scripts/generate-types.sh
|
|
continue-on-error: false
|
|
# This step ensures types are generated before typecheck
|
|
# If types don't match spec, CI will fail
|
|
# Cache keyed on openapi.yaml hash, so types regenerate when spec changes
|
|
|
|
- name: Lint
|
|
run: npx turbo run lint --filter=veza-frontend
|
|
|
|
- name: Format Check
|
|
run: |
|
|
cd apps/web
|
|
npm run format:check --if-present
|
|
|
|
- name: Type Check
|
|
run: |
|
|
cd apps/web
|
|
npm run typecheck
|
|
|
|
- name: Test
|
|
run: npx turbo run test --filter=veza-frontend -- --run
|
|
|
|
- name: Contrast Tests
|
|
run: |
|
|
cd apps/web
|
|
npm run test -- --run src/__tests__/contrast.test.ts
|
|
|
|
- name: Build
|
|
run: npx turbo run build --filter=veza-frontend
|
|
|
|
e2e:
|
|
name: E2E (Playwright)
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
defaults:
|
|
run:
|
|
working-directory: apps/web
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
working-directory: .
|
|
|
|
- name: Install Playwright Browsers
|
|
run: npx playwright install --with-deps
|
|
|
|
- name: Run E2E tests
|
|
run: npx playwright test
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
if: failure()
|
|
with:
|
|
name: playwright-report
|
|
path: apps/web/playwright-report/
|
|
retention-days: 7
|