a7b5cdc55f
- cd.yml: remove || echo soft failures on Docker builds for chat-server and stream-server. Build must fail if Dockerfile is missing in CD. - vulnerability-scan.yml: remove || true from govulncheck command. The step-level continue-on-error: true already handles failure gracefully for the report-only govulncheck step. Addresses audit findings D3, A08: 3 residual || true / || echo patterns. Co-authored-by: Cursor <cursoragent@cursor.com>
69 lines
2.5 KiB
YAML
69 lines
2.5 KiB
YAML
name: Veza CD
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
workflow_dispatch:
|
|
inputs:
|
|
environment:
|
|
description: 'Deployment environment'
|
|
required: true
|
|
default: 'staging'
|
|
type: choice
|
|
options:
|
|
- staging
|
|
- production
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Deploy to ${{ github.event.inputs.environment || 'staging' }}
|
|
runs-on: ubuntu-latest
|
|
if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
|
|
environment: ${{ github.event.inputs.environment || 'staging' }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build Backend Docker Image
|
|
run: |
|
|
cd veza-backend-api
|
|
docker build -t veza-backend-api:${{ github.sha }} .
|
|
# Tag for registry (configure registry URL in secrets)
|
|
# docker tag veza-backend-api:${{ github.sha }} ${{ secrets.DOCKER_REGISTRY }}/veza-backend-api:${{ github.sha }}
|
|
|
|
- name: Build Frontend Docker Image
|
|
run: |
|
|
cd apps/web
|
|
docker build -t veza-frontend:${{ github.sha }} .
|
|
# Tag for registry (configure registry URL in secrets)
|
|
# docker tag veza-frontend:${{ github.sha }} ${{ secrets.DOCKER_REGISTRY }}/veza-frontend:${{ github.sha }}
|
|
|
|
- name: Build Rust Services Docker Images
|
|
run: |
|
|
cd veza-chat-server
|
|
docker build -t veza-chat-server:${{ github.sha }} .
|
|
|
|
cd ../veza-stream-server
|
|
docker build -t veza-stream-server:${{ github.sha }} .
|
|
|
|
# Deployment steps would go here
|
|
# - name: Deploy to Kubernetes
|
|
# run: |
|
|
# kubectl set image deployment/veza-backend-api veza-backend-api=${{ secrets.DOCKER_REGISTRY }}/veza-backend-api:${{ github.sha }}
|
|
|
|
# - name: Deploy Frontend
|
|
# run: |
|
|
# # Deploy frontend to CDN or static hosting
|
|
|
|
- name: Deployment Summary
|
|
run: |
|
|
echo "## Deployment Summary" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Backend: veza-backend-api:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Frontend: veza-frontend:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Chat Server: veza-chat-server:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Stream Server: veza-stream-server:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Environment: ${{ github.event.inputs.environment || 'staging' }}" >> $GITHUB_STEP_SUMMARY
|
|
|