feat: complete project setup with frontend and backend components #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [18.x] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Install Dependencies | |
| run: | | |
| npm ci | |
| cd dropship-frontend && npm ci | |
| cd ../dropship-backend && npm ci | |
| cd .. | |
| - name: Run Tests | |
| run: | | |
| npm test | |
| cd dropship-frontend && npm test | |
| cd ../dropship-backend && npm test | |
| cd .. | |
| - name: Run Linting | |
| run: | | |
| cd dropship-frontend && npm run lint | |
| cd ../dropship-backend && npm run lint | |
| cd .. | |
| build: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Build and push Frontend | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./dropship-frontend | |
| push: true | |
| tags: ${{ secrets.DOCKER_HUB_USERNAME }}/dropship-frontend:latest | |
| cache-from: type=registry,ref=${{ secrets.DOCKER_HUB_USERNAME }}/dropship-frontend:buildcache | |
| cache-to: type=registry,ref=${{ secrets.DOCKER_HUB_USERNAME }}/dropship-frontend:buildcache,mode=max | |
| - name: Build and push Backend | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./dropship-backend | |
| push: true | |
| tags: ${{ secrets.DOCKER_HUB_USERNAME }}/dropship-backend:latest | |
| cache-from: type=registry,ref=${{ secrets.DOCKER_HUB_USERNAME }}/dropship-backend:buildcache | |
| cache-to: type=registry,ref=${{ secrets.DOCKER_HUB_USERNAME }}/dropship-backend:buildcache,mode=max | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Deploy to Production | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.DEPLOY_HOST }} | |
| username: ${{ secrets.DEPLOY_USER }} | |
| key: ${{ secrets.DEPLOY_KEY }} | |
| script: | | |
| cd /opt/dropship | |
| docker-compose pull | |
| docker-compose up -d | |
| docker system prune -f | |
| security: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Run Security Scan | |
| uses: snyk/actions/node@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| command: monitor | |
| - name: Run OWASP Dependency Check | |
| uses: dependency-check/Dependency-Check_Action@main | |
| with: | |
| project: 'Dropship Platform' | |
| path: '.' | |
| format: 'HTML' | |
| args: > | |
| --suppression ./.dependency-check-suppression.xml | |
| --failOnCVSS 7 | |
| --enableRetired | |
| - name: Upload Security Report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Security Reports | |
| path: | | |
| dependency-check-report.html | |
| snyk-report.json | |
| notify: | |
| needs: [deploy, security] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Notify Slack | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| if: always() |