a3f4ac6b70
- Update E2E test credentials to match actual seed users (user@veza.music, artist@veza.music, admin@veza.music, mod@veza.music) - Fix hardcoded "Suggested Accounts" in SuggestionsWidget with i18n key - Replace hardcoded amelie_dubois references with CONFIG.users.creator - Refactor auth, player, upload E2E tests for reliability - Add tmt test plans and scripts for CI integration - Simplify CI workflow Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
270 lines
9.3 KiB
YAML
270 lines
9.3 KiB
YAML
name: Veza CI/CD
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main", "remediation/*", "feature/mvp-complete" ]
|
|
pull_request:
|
|
branches: [ "main", "feature/mvp-complete" ]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
# ===========================================================================
|
|
# TMT Vital — Backend (Go)
|
|
# ===========================================================================
|
|
vital-backend:
|
|
name: TMT Vital — Backend (Go)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Check VERSION matches git tag
|
|
run: |
|
|
current_tag=$(git describe --tags --exact-match 2>/dev/null || true)
|
|
if [ -n "$current_tag" ]; then
|
|
version_file=$(cat VERSION)
|
|
tag_version=${current_tag#v}
|
|
if [ "$version_file" != "$tag_version" ]; then
|
|
echo "VERSION mismatch: VERSION=$version_file, current tag=$current_tag"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version: '1.24'
|
|
cache: true
|
|
|
|
- name: Install Go tools
|
|
run: |
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
|
|
|
|
- name: Install TMT
|
|
run: pip install tmt
|
|
|
|
- name: Run TMT Vital Backend
|
|
run: tmt --root tmt run plan --name /vital-backend
|
|
|
|
# ===========================================================================
|
|
# TMT Vital — Rust Services (Stream)
|
|
# ===========================================================================
|
|
vital-services:
|
|
name: TMT Vital — Rust Services
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up Rust
|
|
uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
|
|
with:
|
|
components: rustfmt, clippy
|
|
|
|
- name: Cache Cargo registry
|
|
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
target
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- name: Install cargo-audit
|
|
run: cargo install cargo-audit
|
|
|
|
- name: Install TMT
|
|
run: pip install tmt
|
|
|
|
- name: Run TMT Vital Services
|
|
run: tmt --root tmt run plan --name /vital-services
|
|
|
|
# ===========================================================================
|
|
# TMT Vital — Frontend (Web)
|
|
# ===========================================================================
|
|
vital-frontend:
|
|
name: TMT Vital — Frontend (Web)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Use Node.js
|
|
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Install Dependencies
|
|
run: npm ci
|
|
|
|
- name: Cache Generated Types
|
|
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
|
|
with:
|
|
path: apps/web/src/types/generated
|
|
key: ${{ runner.os }}-generated-types-${{ hashFiles('veza-backend-api/openapi.yaml') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-generated-types-
|
|
|
|
- name: Install TMT
|
|
run: pip install tmt
|
|
|
|
- name: Run TMT Vital Frontend
|
|
run: tmt --root tmt run plan --name /vital-frontend
|
|
|
|
# ===========================================================================
|
|
# Storybook Audit (kept outside TMT — tier 3 candidate)
|
|
# ===========================================================================
|
|
storybook:
|
|
name: Storybook Audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Build Storybook
|
|
run: npm run build-storybook
|
|
working-directory: apps/web
|
|
|
|
- name: Serve Storybook and run audit
|
|
run: |
|
|
npx serve -s storybook-static -l 6007 &
|
|
for i in $(seq 1 30); do
|
|
if curl -sf http://localhost:6007 >/dev/null; then
|
|
echo "Storybook ready"
|
|
break
|
|
fi
|
|
sleep 2
|
|
done
|
|
curl -sf http://localhost:6007 >/dev/null || (echo "Storybook failed to start"; exit 1)
|
|
npm run test:storybook
|
|
working-directory: apps/web
|
|
|
|
# ===========================================================================
|
|
# E2E (Playwright) — kept outside TMT (complex infra setup)
|
|
# ===========================================================================
|
|
e2e:
|
|
name: E2E (Playwright)
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: package-lock.json
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version: '1.24'
|
|
cache-dependency-path: veza-backend-api/go.sum
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Add veza.fr to hosts (for Vite proxy)
|
|
run: echo "127.0.0.1 veza.fr" | sudo tee -a /etc/hosts
|
|
|
|
- name: Start backend services (Postgres, Redis, RabbitMQ)
|
|
run: |
|
|
docker-compose up -d postgres redis rabbitmq
|
|
echo "Waiting for Postgres..."
|
|
for i in $(seq 1 30); do
|
|
if docker exec veza_postgres pg_isready -U veza 2>/dev/null; then
|
|
echo "Postgres ready"
|
|
break
|
|
fi
|
|
sleep 2
|
|
done
|
|
docker-compose ps
|
|
|
|
- name: Run database migrations
|
|
env:
|
|
DATABASE_URL: postgresql://veza:devpassword@localhost:15432/veza?sslmode=disable
|
|
run: |
|
|
cd veza-backend-api
|
|
go run cmd/migrate_tool/main.go
|
|
|
|
- name: Create E2E test user
|
|
env:
|
|
DATABASE_URL: postgresql://veza:${{ secrets.E2E_DB_PASSWORD || 'devpassword' }}@localhost:15432/veza?sslmode=disable
|
|
TEST_EMAIL: e2e@test.com
|
|
TEST_PASSWORD: ${{ secrets.E2E_TEST_PASSWORD }}
|
|
TEST_USERNAME: e2e
|
|
run: |
|
|
cd veza-backend-api
|
|
go run cmd/tools/create_test_user/main.go
|
|
|
|
- name: Start backend API
|
|
env:
|
|
APP_ENV: development
|
|
APP_PORT: "18080"
|
|
DATABASE_URL: postgresql://veza:${{ secrets.E2E_DB_PASSWORD || 'devpassword' }}@localhost:15432/veza?sslmode=disable
|
|
REDIS_URL: redis://localhost:16379
|
|
JWT_SECRET: ${{ secrets.E2E_JWT_SECRET }}
|
|
COOKIE_SECURE: "false"
|
|
CORS_ALLOWED_ORIGINS: http://veza.fr:5173,http://veza.fr:5174,http://localhost:5173,http://localhost:5174
|
|
RABBITMQ_URL: ${{ secrets.E2E_RABBITMQ_URL }}
|
|
DISABLE_RATE_LIMIT_FOR_TESTS: "true"
|
|
ACCOUNT_LOCKOUT_EXEMPT_EMAILS: "e2e@test.com"
|
|
run: |
|
|
cd veza-backend-api
|
|
go build -o veza-api ./cmd/api/main.go
|
|
./veza-api &
|
|
sleep 10
|
|
curl -sf http://localhost:18080/api/v1/health > /tmp/health.json || (echo "Backend health check failed"; exit 1)
|
|
jq -e '.status == "ok"' /tmp/health.json || (echo "Health response invalid"; exit 1)
|
|
echo "Health check OK (status, DB/Redis connectivity verified)"
|
|
|
|
- name: Install Playwright Browsers
|
|
run: npx playwright install --with-deps
|
|
working-directory: apps/web
|
|
|
|
- name: Run E2E tests
|
|
run: npx playwright test
|
|
working-directory: apps/web
|
|
env:
|
|
PORT: "5174"
|
|
VITE_API_URL: '/api/v1'
|
|
VITE_DOMAIN: veza.fr
|
|
VITE_BACKEND_PORT: "18080"
|
|
PLAYWRIGHT_BASE_URL: 'http://localhost:5174'
|
|
TEST_EMAIL: e2e@test.com
|
|
TEST_PASSWORD: ${{ secrets.E2E_TEST_PASSWORD }}
|
|
|
|
- uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
if: failure()
|
|
with:
|
|
name: playwright-report
|
|
path: apps/web/playwright-report/
|
|
retention-days: 7
|
|
|
|
# ===========================================================================
|
|
# Notify on failure
|
|
# ===========================================================================
|
|
notify-failure:
|
|
name: Notify on failure
|
|
needs: [vital-backend, vital-services, vital-frontend, storybook, e2e]
|
|
if: failure()
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Slack notification
|
|
if: secrets.SLACK_WEBHOOK_URL != ''
|
|
run: |
|
|
curl -X POST -H 'Content-type: application/json' \
|
|
--data "{\"text\":\"CI failed on ${{ github.repository }}: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\"}" \
|
|
"${{ secrets.SLACK_WEBHOOK_URL }}"
|