ae586f6134
Bloc A - Code mort: - Suppression Studio (components, views, features) - Suppression gamification + services mock (projectService, storageService, gamificationService) - Mise à jour Sidebar, Navbar, locales Bloc B - Frontend: - Suppression modal.tsx deprecated, Modal.stories (doublon Dialog) - Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true - Suppression 19 tests orphelins, retrait exclusions vitest.config Bloc C - Backend: - Extraction routes_auth.go depuis router.go Bloc D - Rust: - Suppression security_legacy.rs (code mort, patterns déjà dans security/)
112 lines
4.2 KiB
YAML
112 lines
4.2 KiB
YAML
name: Veza CD
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
workflow_dispatch:
|
|
inputs:
|
|
environment:
|
|
description: 'Deployment environment'
|
|
required: true
|
|
default: 'staging'
|
|
type: choice
|
|
options:
|
|
- staging
|
|
- production
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Deploy to ${{ github.event.inputs.environment || 'staging' }}
|
|
runs-on: ubuntu-latest
|
|
if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
|
|
environment: ${{ github.event.inputs.environment || 'staging' }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
# Push to registry: set repo secrets DOCKER_REGISTRY, DOCKER_REGISTRY_USERNAME, DOCKER_REGISTRY_PASSWORD
|
|
# Example: DOCKER_REGISTRY=ghcr.io/org/repo or registry.example.com/veza
|
|
- name: Build Backend Docker Image
|
|
run: |
|
|
cd veza-backend-api
|
|
docker build -t veza-backend-api:${{ github.sha }} .
|
|
|
|
- name: Build Frontend Docker Image
|
|
run: |
|
|
cd apps/web
|
|
docker build -t veza-frontend:${{ github.sha }} .
|
|
|
|
- name: Build Rust Services Docker Images
|
|
run: |
|
|
cd veza-chat-server
|
|
docker build -t veza-chat-server:${{ github.sha }} .
|
|
|
|
cd ../veza-stream-server
|
|
docker build -t veza-stream-server:${{ github.sha }} .
|
|
|
|
- name: Trivy vulnerability scan
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: 'veza-backend-api:${{ github.sha }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
- name: Trivy scan frontend
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: 'veza-frontend:${{ github.sha }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
- name: Trivy scan chat server
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: 'veza-chat-server:${{ github.sha }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
- name: Trivy scan stream server
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: 'veza-stream-server:${{ github.sha }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
- name: Push Images to Registry
|
|
if: ${{ secrets.DOCKER_REGISTRY != '' }}
|
|
run: |
|
|
echo "${{ secrets.DOCKER_REGISTRY_PASSWORD }}" | docker login "${{ secrets.DOCKER_REGISTRY }}" -u "${{ secrets.DOCKER_REGISTRY_USERNAME }}" --password-stdin
|
|
for svc in veza-backend-api veza-frontend veza-chat-server veza-stream-server; do
|
|
docker tag "${svc}:${{ github.sha }}" "${{ secrets.DOCKER_REGISTRY }}/${svc}:${{ github.sha }}"
|
|
docker tag "${svc}:${{ github.sha }}" "${{ secrets.DOCKER_REGISTRY }}/${svc}:latest"
|
|
docker push "${{ secrets.DOCKER_REGISTRY }}/${svc}:${{ github.sha }}"
|
|
docker push "${{ secrets.DOCKER_REGISTRY }}/${svc}:latest"
|
|
done
|
|
|
|
- name: Deploy to Kubernetes
|
|
if: ${{ secrets.KUBE_CONFIG != '' }}
|
|
run: |
|
|
mkdir -p ~/.kube
|
|
echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > ~/.kube/config
|
|
for svc in veza-backend-api veza-chat-server veza-stream-server; do
|
|
kubectl set image "deployment/${svc}" "${svc}=${{ secrets.DOCKER_REGISTRY }}/${svc}:${{ github.sha }}" \
|
|
-n veza --record || echo "Skipping ${svc} (deployment not found)"
|
|
done
|
|
kubectl rollout status deployment/veza-backend-api -n veza --timeout=300s || true
|
|
|
|
- name: Deployment Summary
|
|
run: |
|
|
echo "## Deployment Summary" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Backend: veza-backend-api:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Frontend: veza-frontend:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Chat Server: veza-chat-server:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Stream Server: veza-stream-server:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- Environment: ${{ github.event.inputs.environment || 'staging' }}" >> $GITHUB_STEP_SUMMARY
|
|
|