[Notif] Email/SMS Alerts for Loan Status #882
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: RemitLend CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| supply-chain-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Block compromised packages | |
| run: | | |
| echo "Scanning lockfiles for known malicious packages..." | |
| BLOCKED="plain-crypto-js" | |
| for lockfile in backend/package-lock.json frontend/package-lock.json scripts/package-lock.json; do | |
| if [ -f "$lockfile" ] && grep -q "$BLOCKED" "$lockfile"; then | |
| echo "::error::SUPPLY CHAIN ALERT: $lockfile contains $BLOCKED (confirmed malware)" | |
| exit 1 | |
| fi | |
| done | |
| if grep -r '"axios": "1\.14\.' --include="package-lock.json" .; then | |
| echo "::error::SUPPLY CHAIN ALERT: axios 1.14.x detected (compromised version)" | |
| exit 1 | |
| fi | |
| echo "No known malicious packages found." | |
| backend: | |
| needs: supply-chain-audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: "npm" | |
| cache-dependency-path: backend/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| working-directory: backend | |
| - name: Type check | |
| run: npm run typecheck | |
| working-directory: backend | |
| - name: Run tests | |
| run: npm test | |
| working-directory: backend | |
| env: | |
| NODE_ENV: test | |
| DATABASE_URL: postgres://user:pass@localhost:5432/test | |
| REDIS_URL: redis://localhost:6379 | |
| JWT_SECRET: test_jwt_secret | |
| STELLAR_RPC_URL: https://rpc.test.invalid | |
| STELLAR_NETWORK_PASSPHRASE: Test SDF Network ; September 2015 | |
| LOAN_MANAGER_CONTRACT_ID: CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | |
| LENDING_POOL_CONTRACT_ID: CBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB | |
| POOL_TOKEN_ADDRESS: CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC | |
| LOAN_MANAGER_ADMIN_SECRET: test_admin_secret | |
| INTERNAL_API_KEY: test_internal_api_key | |
| FRONTEND_URL: https://frontend.example.com | |
| frontend: | |
| needs: supply-chain-audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: "npm" | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| working-directory: frontend | |
| - name: Lint | |
| run: npm run lint | |
| working-directory: frontend | |
| - name: Build | |
| run: npm run build | |
| working-directory: frontend | |
| contracts: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| components: rustfmt, clippy | |
| - name: Cache dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: contracts | |
| - name: Format check | |
| run: cargo fmt --all -- --check | |
| working-directory: contracts | |
| - name: Clippy | |
| run: cargo clippy --all-targets --all-features -- -D warnings | |
| working-directory: contracts | |
| - name: Run tests | |
| run: cargo test -- --test-threads=1 | |
| working-directory: contracts | |
| - name: Install tarpaulin | |
| run: cargo install cargo-tarpaulin | |
| - name: Run coverage | |
| run: cargo tarpaulin --out Xml | |
| working-directory: contracts |