Auto-commit #75
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| GO_VERSION: 1.21 | |
| NODE_VERSION: 18 | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| services: | |
| redis: | |
| image: redis:7-alpine | |
| ports: | |
| - 6379:6379 | |
| postgres: | |
| image: postgres:15-alpine | |
| env: | |
| POSTGRES_PASSWORD: test | |
| POSTGRES_DB: helixflow_test | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Run Go tests | |
| run: | | |
| go test ./... -v -coverprofile=coverage.out | |
| go tool cover -html=coverage.out -o coverage.html | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage.out | |
| security-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results | |
| uses: github/codeql-action/upload-sarif@v2 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| version: latest | |
| args: --timeout=5m | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [test, security-scan, lint] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Build all services | |
| run: | | |
| go build -o bin/api-gateway ./api-gateway/src | |
| go build -o bin/auth-service ./auth-service/src | |
| go build -o bin/monitoring ./monitoring/src | |
| go build -o bin/inference-pool ./inference-pool/src | |
| - name: Build Docker images | |
| run: | | |
| docker build -t helixflow/api-gateway ./api-gateway | |
| docker build -t helixflow/auth-service ./auth-service | |
| docker build -t helixflow/monitoring ./monitoring | |
| docker build -t helixflow/inference-pool ./inference-pool | |
| deploy-dev: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/develop' | |
| environment: development | |
| steps: | |
| - name: Deploy to development | |
| run: | | |
| echo "Deploying to development environment" | |
| # ArgoCD sync command would go here | |
| deploy-staging: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' | |
| environment: staging | |
| steps: | |
| - name: Deploy to staging | |
| run: | | |
| echo "Deploying to staging environment" | |
| # ArgoCD sync command would go here | |
| deploy-prod: | |
| runs-on: ubuntu-latest | |
| needs: [deploy-staging] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| environment: production | |
| steps: | |
| - name: Deploy to production | |
| run: | | |
| echo "Deploying to production environment" | |
| # ArgoCD sync command would go here |