first commit #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| lint: | |
| name: Lint Code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run ESLint | |
| run: npx eslint . --ext .js | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| services: | |
| postgres: | |
| image: postgres:14 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_USER: postgres | |
| POSTGRES_DB: claim_db_test | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run tests | |
| run: npm test | |
| env: | |
| NODE_ENV: test | |
| DB_HOST: localhost | |
| DB_USER: postgres | |
| DB_PASSWORD: postgres | |
| DB_NAME: claim_db_test | |
| JWT_SECRET: test_secret_key | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run npm audit | |
| run: npm audit --audit-level=high | |
| build-and-publish: | |
| name: Build and Publish Docker Image | |
| runs-on: ubuntu-latest | |
| needs: [test, security-scan] | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: | | |
| yourusername/claim-api:latest | |
| yourusername/claim-api:${{ github.sha }} | |
| cache-from: type=registry,ref=yourusername/claim-api:latest | |
| cache-to: type=inline | |
| deploy: | |
| name: Deploy to Production | |
| runs-on: ubuntu-latest | |
| needs: build-and-publish | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Deploy to Production | |
| run: echo "Deploy to production - This step would use a deployment tool or script" | |
| # In a real setup, you would use a deployment tool like: | |
| # - AWS CLI for ECS/EKS | |
| # - kubectl for Kubernetes | |
| # - SSH into server and deploy with Docker Compose |